Pages

Showing posts with label lab gns3 cisco ccna ccnp. Show all posts
Showing posts with label lab gns3 cisco ccna ccnp. Show all posts

Thursday, September 23, 2010

EIGRP filtering route - GNS3

R1

router eigrp 1
 network 10.0.0.0
 network 30.0.0.0
 no auto-summary

R2
router eigrp 1
 network 30.30.12.2 0.0.0.0
 network 172.16.0.0
 no auto-summary

R3
router eigrp 1
 network 30.30.13.2 0.0.0.0
 network 192.168.0.0 0.0.255.255
 no auto-summary

*we didn't advertise direct link between R2 and R3, just let it be that way for now

make sure show ip route on R1, R2 and R3 can show all the network advertised by all the 3 routers.

Distribute List + Access list

we'll start with filtering certain route that EIGRP receive on particular interface 
let's stop 192.168.1.0 - 192.168.5.0 from being learned on Serial 0/1 on R1, R2 also should not see this since R2 learn it via R1

show current IP route
R1#sh ip rou
...
D    192.168.4.0/24 [90/2297856] via 30.30.13.2, 00:12:16, Serial0/1
D    192.168.5.0/24 [90/2297856] via 30.30.13.2, 00:12:16, Serial0/1
..
D    192.168.1.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1
D    192.168.2.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1
D    192.168.3.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1
...

R2#sh ip rou
D    192.168.4.0/24 [90/2809856] via 30.30.12.1, 00:12:57, Serial0/0 notice that R2 learned via R1 interface
D    192.168.5.0/24 [90/2809856] via 30.30.12.1, 00:12:57, Serial0/0
..
D    192.168.1.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0
D    192.168.2.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0
D    192.168.3.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0
..

first we need to create access list to define the what IP to be filtered on R1 Ser 0/1 (another way to define it is by using ip prefix-list, will show you below )

access-list 10 deny   192.168.0.0 0.0.255.255
access-list 10 permit any

then apply it on EIGRP 1, in mean 'incoming'

router eigrp 1
 network 10.0.0.0
 network 30.0.0.0
 distribute-list 10 in Serial0/1 
 no auto-summary

now try again show ip route on R1 and R2, all the route above should be gone :)

now let's try filter on out interface, mean stop the route from go out on particular interface

let's filter 172.16.0.0 on R2 from received by R3, will stop this route at R1 ser 0/1

first, make sure show ip route on R3 have this IPs
R3>sh ip rou
..

     172.16.0.0/24 is subnetted, 5 subnets
D       172.16.4.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0
D       172.16.5.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0
D       172.16.1.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0
D       172.16.2.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0
D       172.16.3.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0
..

create an access-list (another way to define it is by using ip prefix-list, will show you below )

access-list 20 deny   172.16.0.0 0.0.255.255
access-list 20 permit any

apply it on EIGRP 1 

..
 distribute-list 20 out Serial0/1
..

now show ip route on R3 see 172.16.0.0 anymore, but R1 still can see it because it only stop it from going out on ser0/1, but it still learn it from Ser0/0 :)


distribute-list + prefix-list + gateway 

by right R2 and R3 should be able to see route to 10.1.x.x on R1

R2#sh ip rou
..
D       10.1.3.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:02:15, Serial0/0
D       10.1.5.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.4.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
..

R3#sh ip rou
..
D       10.1.3.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:02:15, Serial0/0
D       10.1.5.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
D       10.1.4.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0
..

what we'll do is, to make R2 only can see 10.1.1.0 and 10.1.2.0, and R3 only can see 10.1.3.0 and 10.1.4.0 on his routing table

create the prefix list for the interesting traffic

ip prefix-list PREFIX2 seq 5 permit 10.1.1.0/24 le 32
ip prefix-list PREFIX2 seq 10 permit 10.1.2.0/24 le 32
ip prefix-list PREFIX2 seq 15 deny 0.0.0.0/8 le 32

create prefix list to allow only specific gateway to advertise route to this router

ip prefix-list NEG2 seq 5 permit 30.30.12.1/32
ip prefix-list NEG2 seq 10 deny 0.0.0.0/0 le 32

apply it on EIGRP 1

 distribute-list prefix PREFIX2 gateway NEG2 in

now show route, you should only see the allowed prefixes 

R2#sh ip rou
..
     10.0.0.0/24 is subnetted, 2 subnets
D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:20:06, Serial0/0
D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:20:36, Serial0/0
..

now, do the same on R3 to allow only specific route from R1 into his routing table :)


No comments:
Labels: , , , ,

Tuesday, September 21, 2010

EIGRP metric


prepare the config as below 
R1



interface Loopback0
 ip address 10.10.10.1 255.255.255.255
!
interface Loopback1
 ip address 10.239.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.239.2.1 255.255.255.0
!
interface Loopback3
 ip address 10.239.3.1 255.255.255.0
!
interface Loopback4
 ip address 10.239.4.1 255.255.255.0
!
interface Loopback5
 ip address 10.239.5.1 255.255.255.0
!
interface Loopback6
 ip address 10.239.6.1 255.255.255.0
!
interface Loopback7
 ip address 10.239.7.1 255.255.255.0
!
interface Loopback8
 ip address 10.239.8.1 255.255.255.0
!
interface Loopback9
 ip address 10.239.9.1 255.255.255.0
!
interface Serial0/0
 bandwidth 128
 ip address 10.1.12.1 255.255.255.252
 clock rate 128000
!
interface Serial0/1
 bandwidth 128
 ip address 10.1.13.1 255.255.255.252
 clock rate 128000
!
router eigrp 1
 network 10.1.0.0 0.0.255.255
 network 10.10.10.1 0.0.0.0
 network 10.239.0.0 0.0.255.255
 no auto-summary
R2



interface Loopback0
 ip address 10.10.10.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.151.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 128
 ip address 10.1.12.2 255.255.255.252
!
router eigrp 1
 network 10.1.12.2 0.0.0.0
 network 10.10.10.2 0.0.0.0
 network 10.151.1.0 0.0.0.255
 no auto-summary
R3



interface Loopback0
 ip address 10.10.10.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.151.1.3 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 128
 ip address 10.1.13.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.232.1.3 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 network 10.1.13.2 0.0.0.0
 network 10.10.10.3 0.0.0.0
 network 10.151.1.0 0.0.0.255
 network 10.232.1.0 0.0.0.255
 no auto-summary
----------------------------------------------------------------------

let's get started.. ROUTING TABLE !!
start with 'sh ip route' on R1 make sure you can see all route below
     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C       10.1.13.0/30 is directly connected, Serial0/1
D       10.1.13.0/24 [90/21026560] via 10.1.12.2, 07:02:08, Serial0/0
C       10.1.12.0/30 is directly connected, Serial0/0
D       10.10.10.2/32 [90/20640000] via 10.1.12.2, 00:00:52, Serial0/0
D       10.10.10.3/32 [90/20640000] via 10.1.13.2, 00:00:52, Serial0/1
C       10.10.10.1/32 is directly connected, Loopback0
D       10.151.1.0/24 [90/20514560] via 10.1.12.2, 00:00:52, Serial0/0
                      [90/20514560] via 10.1.13.2, 00:00:52, Serial0/1
C       10.239.5.0/24 is directly connected, Loopback5
C       10.239.4.0/24 is directly connected, Loopback4
C       10.239.7.0/24 is directly connected, Loopback7
C       10.239.6.0/24 is directly connected, Loopback6
D       10.232.1.0/24 [90/20514560] via 10.1.13.2, 00:00:53, Serial0/1
C       10.239.1.0/24 is directly connected, Loopback1
C       10.239.3.0/24 is directly connected, Loopback3
C       10.239.2.0/24 is directly connected, Loopback2
C       10.239.9.0/24 is directly connected, Loopback9
C       10.239.8.0/24 is directly connected, Loopback8
basically, from the diagram, you can see that from R1 there are two routes to all the network that connected to R2 and R3, but from the routing table.. only network 10.151.1.0 have two routes
actually only one and the best route installed into Routing Table, that explain why there's only one route for every network 
..EXCEPT 10.151.1.0.. ok, that's is because this network has a same metric value, so routing table install both.. so, which route R1 will pick to go to that network.. well.. (I haven't figured it out yet, ha2. why don't u figured it out)
EIGRP TOPOLOGY TABLE
there's another table storing the routing information.. SHOW IP EIGRP TOPO, remember. Only EIGRP has this !! EIGRP store all the available routing path inside this table

....
P 10.1.12.0/30, 1 successors, FD is 20512000
        via Connected, Serial0/0
P 10.10.10.2/32, 1 successors, FD is 20640000
        via 10.1.12.2 (20640000/128256), Serial0/0
        via 10.1.13.2 (20642560/156160), Serial0/1
P 10.10.10.3/32, 1 successors, FD is 20640000, U
        via 10.1.13.2 (20640000/128256), Serial0/1
        via 10.1.12.2 (20642560/156160), Serial0/0
P 10.10.10.1/32, 1 successors, FD is 128256
        via Connected, Loopback0
P 10.151.1.0/24, 2 successors, FD is 20514560, U
        via 10.1.13.2 (20514560/28160), Serial0/1
        via 10.1.12.2 (20514560/28160), Serial0/0
P 10.239.5.0/24, 1 successors, FD is ...
notice that if a network have two routes(blue), only the smallest metric(or cost) make it to the routing table(green).. unless all the route has the same value. there's a term for this
  • successor - the best route that goes into the routing table (red)
  • feasible successor - all the backup route only reside inside the EIGRP topology table (lite red)
  • feasible distance (FD) - overall cost ; cost between R1 and network 10.151.1.0 (orange)
  • advertise distance (AD) - cost from neighbor to destination network ; cost between R2 and 10.151.1.0 (lite orange)
let's adjust some the metric, there's a few method to do this

let's start with OFFSET-LIST to modify metric of routes that learned thru particular interface, what we gonna do is, add metric value of 10000 on R1 for every route learned via serial 0/1



R1(config)#router ei 1
R1(config-router)#offset-list 22 in 10000 serial 0/1

by right, now only one route to 10.151.1.0 installed into ROUTING TABLE because one of the interface configured to have additional metric 10000, SHOW IP ROUTE



C       10.10.10.1/32 is directly connected, Loopback0
D       10.151.1.0/24 [90/20514560] via 10.1.12.2, 00:00:35, Serial0/0
C       10.239.5.0/24 is directly connected, Loopback5

SHOW IP TOPO to confirm the value now is different, compare the metric value for every route learn via serial 0/1 (compare with previous EIGRP topology table on top of the page) all have extra 10000

P 10.10.10.2/32, 1 successors, FD is 20640000
        via 10.1.12.2 (20640000/128256), Serial0/0
        via 10.1.13.2 (20652560/166160), Serial0/1
P 10.10.10.3/32, 1 successors, FD is 20640000
        via 10.1.12.2 (20642560/156160), Serial0/0
        via 10.1.13.2 (20650000/138256), Serial0/1
P 10.10.10.1/32, 1 successors, FD is 128256
        via Connected, Loopback0
P 10.151.1.0/24, 1 successors, FD is 20514560
        via 10.1.12.2 (20514560/28160), Serial0/0
        via 10.1.13.2 (20524560/38160), Serial0/1

but remember, this only apply one way only, for example in this config, only R1 see the different.. there's no affect on route learned by R2 and R3. but you still can modify the outgoing traffic just replace IN with OUT in the command




No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)