Configure as below
------------------------------------------------------------------
R1interface Loopback1
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
interface Serial0/0
ip address 10.1.12.1 255.255.255.0
clock rate 64000
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
R2
interface Loopback2
ip address 10.1.2.1 255.255.255.0
ip ospf network point-to-point
interface Serial0/0
ip address 10.1.12.2 255.255.255.0
clock rate 64000
interface Serial0/1
ip address 10.1.23.2 255.255.255.0
clock rate 64000
router ospf 1
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 23
R3
interface Loopback3
ip address 10.1.3.1 255.255.255.0
ip ospf network point-to-point
interface Serial0/0
ip address 10.1.23.3 255.255.255.0
clock rate 2000000
router ospf 1
log-adjacency-changes
network 10.1.3.0 0.0.0.255 area 23
network 10.1.23.0 0.0.0.255 area 23
-------------------------------------------------------------------------
make sure you can ping all the loopback from R1, R2 and R3, except loopback 20, we'll configure this later
In this configuration, there are 2 area, area 0 and area 23.
loopback 1, 2 and subnet 10.1.12.x are in area 0
loopback 3 and subnet 10.1.23.x are in area 23
in this case, R2 is the ABR
run command show ip route on R1, you notice there's 'IA' for route to R3 subnet and loopback. This is because it is in inter-area route, same result is shown on R3. R2 routing table don't have this because it is in both area.
O IA 10.1.3.0 [110/129] via 10.1.12.2, 01:33:18, Serial0/0
O 10.1.2.0 [110/65] via 10.1.12.2, 01:34:18, Serial0/0
C 10.1.1.0 is directly connected, Loopback1
O IA 10.1.23.0 [110/128] via 10.1.12.2, 01:34:18, Serial0/0
-------------------
Stub Area
make Area 23 to be the stub area, Does not accept information about routes external to the autonomous system, such as routes from non-OSPF sources. all route to outside will use default route. Configure on R2 and R3.
R2(config)# router ospf 1
R2(config-router)# area 23 stub
R3(config)# router ospf 1
R3(config-router)# area 23 stub
run show ip route, you'll notice there are default route added on the routing table that pointing to R2
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback20
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.1.12.0 [110/128] via 10.1.23.2, 00:00:07, Serial0/0
C 10.1.3.0 is directly connected, Loopback3
O IA 10.1.2.0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0
O IA 10.1.1.0 [110/129] via 10.1.23.2, 00:00:07, Serial0/0
C 10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0
to check the area type, run show ip ospf
...
Area 23
Number of interfaces in this area is 2
It is a stub area
Area has no authentication
SPF algorithm last executed 00:04:17.300 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 6. Checksum Sum 0x032310
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA
....
-----------------------------
totally stubby area
this area only allow in a single default route from the backbone, external and summary route are blocked. Configuration are done on ABR router, R2.
R2(config)# router ospf 1
R2(config-router)# area 23 stub no-summary
show ip route on router in area 23(R3) to see effect. from below can see the only route to outside is only thru default route. all other route are gone already
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback20
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.3.0 is directly connected, Loopback3
C 10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:03, Serial0/0
Stub Area
make Area 23 to be the stub area, Does not accept information about routes external to the autonomous system, such as routes from non-OSPF sources. all route to outside will use default route. Configure on R2 and R3.
R2(config)# router ospf 1
R2(config-router)# area 23 stub
R3(config)# router ospf 1
R3(config-router)# area 23 stub
run show ip route, you'll notice there are default route added on the routing table that pointing to R2
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback20
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.1.12.0 [110/128] via 10.1.23.2, 00:00:07, Serial0/0
C 10.1.3.0 is directly connected, Loopback3
O IA 10.1.2.0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0
O IA 10.1.1.0 [110/129] via 10.1.23.2, 00:00:07, Serial0/0
C 10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0
to check the area type, run show ip ospf
...
Area 23
Number of interfaces in this area is 2
It is a stub area
Area has no authentication
SPF algorithm last executed 00:04:17.300 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 6. Checksum Sum 0x032310
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA
....
-----------------------------
totally stubby area
this area only allow in a single default route from the backbone, external and summary route are blocked. Configuration are done on ABR router, R2.
R2(config)# router ospf 1
R2(config-router)# area 23 stub no-summary
show ip route on router in area 23(R3) to see effect. from below can see the only route to outside is only thru default route. all other route are gone already
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback20
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.3.0 is directly connected, Loopback3
C 10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:03, Serial0/0
--------------------------------------------------
not so stubby area (NSSA)
allow redistribution from ASBR into that area then converted to normal external route at ABR. In this lab we'll change area 23 into NSSA, R3 will act as ASBR where loopback 20 are the outside route, R2 will be ABR.
first issue the no area 23 stub command. to generate an outside/external route into NSSA, use redistribute connected subnet
R2(config)# router ospf 1
R2(config-router)# no area 23 stub
R2(config-router)# area 23 nssa
R3(config)# router ospf 1
R3(config-router)# no area 23 stub
R3(config-router)# area 23 nssa
R3(config-router)# redistribute connected subnets
issue sh ip ospf on R2 to see the conversion take effect, where external route converted to normal external route (type 7 to type 5 translation)
..
Area 23
Number of interfaces in this area is 1
It is a NSSA area
Perform type-7/type-5 LSA translation
Area has no authentication
SPF algorithm last executed 00:04:14.260 ago
SPF algorithm executed 15 times
Area ranges are
...
show ip route on R2, the route type is N2 = OSPF NSSA external type 2
172.20.0.0/24 is subnetted, 1 subnets
O N2 172.20.200.0 [110/20] via 10.1.23.3, 00:06:11, Serial0/1
10.0.0.0/24 is subnetted, 5 subnets
C 10.1.12.0 is directly ...
show ip route on R1 show type E2 = OSPF external type 2, because it's converted by ABR, R2 already
172.20.0.0/24 is subnetted, 1 subnets
O E2 172.20.200.0 [110/20] via 10.1.12.2, 00:09:12, Serial0/0
show ip route on R3 show no more default route, but if you still want to make use of default route, issue area 23 nssa no-summary
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback20
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.1.12.0 [110/128] via 10.1.23.2, 00:11:57, Serial0/0
C 10.1.3.0 is directly connected, Loopback3
O IA 10.1.2.0 [110/65] via 10.1.23.2, 00:11:57, Serial0/0
O IA 10.1.1.0 [110/129] via 10.1.23.2, 00:11:57, Serial0/0
C 10.1.23.0 is directly connected, Serial0/0
after issue command on R2
R2(config)# router ospf 1
R2(config-router)# area 23 nssa no-summary
show ip route again on R3
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.3.0 is directly connected, Loopback3
C 10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:22, Serial0/0
--------------------------------------
Interface authentication
we'll configure plain text auth on link between R2-R3, MD5 between R1-R2
R2(config)# interface serial 0/1
R2(config-if)# ip ospf authentication
R2(config-if)# ip ospf authentication-key cisco
R3(config)# interface serial 0/0
R3(config-if)# ip ospf authentication
R3(config-if)# ip ospf authentication-key cisco
run show ip ospf interface [interface type] on any router
R3#sh ip os int ser 0/0
Serial0/0 is up, line protocol is up
...
..
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
move to MD5, this will provide more security with encrypted password
R1(config)# interface serial 0/0
R1(config-if)# ip ospf authentication message-digest
R1(config-if)# ip ospf message-digest-key 1 md5 cisco
R2(config)# interface serial 0/0
R2(config-if)# ip ospf authentication message-digest
R2(config-if)# ip ospf message-digest-key 1 md5 cisco
R1#sh ip os int ser 0/0
Serial0/0 is up, line protocol is up
...
..
Message digest authentication enabled
Youngest key id is 1
No comments:
Post a Comment