Pages

Friday, January 15, 2010

Route-map and Tags

Network Diagram



In this lab, we'll learn how to control redistribution base on the tag. Setup your network as topology, addressing and routing protocol above. Make sure everything working correctly.

Create route-map and set tag using ACL.

filter the traffic we want to control using ACL, in this case we gonna create an ACL group of classless network coming from router C, done on router B

ip access-list standard CLASSLESS
 permit 10.1.1.4 0.0.0.3
 permit 6.0.0.0 0.15.255.255
 permit 146.6.0.0 0.0.15.255
 permit 206.6.6.0 0.0.0.15

create a route-map and set the specific tags

route-map SET_TAGS permit 10
 match ip address CLASSLESS
 set tag 1
!
route-map SET_TAGS permit 20
 set tag 2 //we didn't set ant match, anything don't match ant from above will fall under this group

now apply this route-map to be redistribute into OSPF 1


router ospf 1
 log-adjacency-changes
 redistribute eigrp 1 subnets route-map SET_TAGS
 network 10.1.1.2 0.0.0.0 area 0

show ip route from router A should now show all the network coming from router C

A>sh ip rou
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
O E2 205.5.5.0/24 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
     206.6.6.0/28 is subnetted, 1 subnets
O E2    206.6.6.0 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
O E2 5.0.0.0/8 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
     6.0.0.0/12 is subnetted, 1 subnets
O E2    6.0.0.0 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
O E2 145.5.0.0/16 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
     10.0.0.0/30 is subnetted, 3 subnets
C       10.1.1.8 is directly connected, Serial0/0
C       10.1.1.0 is directly connected, Serial0/1
O E2    10.1.1.4 [110/20] via 10.1.1.2, 00:30:59, Serial0/1
     146.6.0.0/20 is subnetted, 1 subnets
O E2    146.6.0.0 [110/20] via 10.1.1.2, 00:30:59, Serial0/1

now apply redistribution into RIP from OSPF on Router A

router rip
 version 2
 redistribute ospf 1 metric 1
 passive-interface Serial0/1
 network 10.0.0.0
 no auto-summary


D>sh ip rou
R    205.5.5.0/24 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
     206.6.6.0/28 is subnetted, 1 subnets
R       206.6.6.0 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
R    5.0.0.0/8 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
     6.0.0.0/12 is subnetted, 1 subnets
R       6.0.0.0 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
R    145.5.0.0/16 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
     10.0.0.0/30 is subnetted, 3 subnets
C       10.1.1.8 is directly connected, Serial0/1
R       10.1.1.0 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
R       10.1.1.4 [120/1] via 10.1.1.9, 00:00:15, Serial0/1
     146.6.0.0/20 is subnetted, 1 subnets
R       146.6.0.0 [120/1] via 10.1.1.9, 00:00:15, Serial0/1


we already set on router B to tag all the classless network into tag 1, and the rest to tag 2 and allow both of the tag to be redistribute from EIGRP 1 to OSPF 1 and from OSPF 1 to RIP. Now we want tag 1 only to be redistribute from OSPF to RIP.

create a route-map to match tag 1 only on router A

route-map CHECK_TAG permit 10
 match tag 1

apply on the RIP

router rip
 version 2
 redistribute ospf 1 metric 1 route-map CHECK_TAG
 passive-interface Serial0/1
 network 10.0.0.0
 no auto-summary


D>sh ip rou
     206.6.6.0/28 is subnetted, 1 subnets
R       206.6.6.0 [120/1] via 10.1.1.9, 00:00:10, Serial0/1
     6.0.0.0/12 is subnetted, 1 subnets
R       6.0.0.0 [120/1] via 10.1.1.9, 00:00:10, Serial0/1
     10.0.0.0/30 is subnetted, 3 subnets
C       10.1.1.8 is directly connected, Serial0/1
R       10.1.1.0 [120/1] via 10.1.1.9, 00:00:10, Serial0/1
R       10.1.1.4 [120/1] via 10.1.1.9, 00:00:10, Serial0/1
     146.6.0.0/20 is subnetted, 1 subnets
R       146.6.0.0 [120/1] via 10.1.1.9, 00:00:10, Serial0/1

notice, only tag 1, which is classless network only on the routing table

Below is the final configuration for all the routers

Router A conf
Router B conf
Router C conf
Router D conf

Wednesday, January 13, 2010

route-map EIGRP to OSPF

Network Diagram



Redistribute network from EIGRP to OSPF using route-map.
we have 9 network, 10.11.1.x - 10.11.9.x to redistribute from EIGRP to OSPF
we'll divided or filter this into 3 group using access-list.


ip access-list standard NET1to3
 permit 10.11.1.0 0.0.0.255
 permit 10.11.2.0 0.0.0.255
 permit 10.11.3.0 0.0.0.255


ip access-list standard NET4to6
 permit 10.11.4.0 0.0.0.255
 permit 10.11.5.0 0.0.0.255
 permit 10.11.6.0 0.0.0.255


ip access-list standard NET7
 permit 10.11.7.0 0.0.0.255

once we done with the grouping, now let's define the route-map, their match group and the specific charataristic.
We'll assume that acl group NET4to6 more important than NET1to3, so we'll set this group with lower metric, both also will be converted into different type of OSPF external network.
Third route-map will deny ip address matches the ACL NET7 from being redistribute.

route-map RM1 permit 10
 match ip address NET1to3
 set metric 1000
 set metric-type type-1      //type = metric increase along the way
!
route-map RM1 permit 20
 match ip address NET4to6
 set metric 500              //lower the metric higher the prior
set metric-type type-2       //type 2 = metric stay
!
route-map RM1 deny 30
 match ip address NET7
!
route-map RM1 permit 40
 set metric 200
 set metric-type type-1

if you notice there's no match ip address inside route-map RM1 permit 40, this gonna act as default or in other words match any. now we'll apply this route-map to be injected into OSPF

router ospf 1
 log-adjacency-changes
 redistribute eigrp 1 subnets route-map RM1
 network 10.1.23.1 0.0.0.0 area 0

on R3, show ip route ospf

O E1    10.11.1.0/24 [110/1128] via 10.1.34.1, 00:35:11, Serial0/0 //this match NET1to3, check the metric,
O E1    10.11.3.0/24 [110/1128] via 10.1.34.1, 00:35:11, Serial0/0 //it's increasing, type-1. 
O E1    10.11.2.0/24 [110/1128] via 10.1.34.1, 00:35:11, Serial0/0
O E2    10.11.5.0/24 [110/500] via 10.1.34.1, 00:27:01, Serial0/0   // this match NET4to6, metric is same
O E2    10.11.4.0/24 [110/500] via 10.1.34.1, 00:27:01, Serial0/0   // as we configure, type2 = no change
O E2    10.11.6.0/24 [110/500] via 10.1.34.1, 00:27:01, Serial0/0
O E1    10.1.12.0/30 [110/328] via 10.1.34.1, 00:27:01, Serial0/0   //all the network didn't match any ACL
O E1    10.11.9.0/24 [110/328] via 10.1.34.1, 00:27:01, Serial0/0   //will fall under our default route-map, as 
O E1    10.11.8.0/24 [110/328] via 10.1.34.1, 00:27:01, Serial0/0   //we set for this group, original metric
O       10.1.23.0/30 [110/128] via 10.1.34.1, 00:35:11, Serial0/0   //200 with type-1

network 10.11.7.x are being denied from distributed into OSPF, so we are not gonna see it here

Distribution-list

for this lab, we gonna use same topology and setup from previous lab Redistribution RIP Ver2 - OSPF

1. First we gonna stop route to 172.16.2.x and 172.16.3.x to be advertised into R2

on R1 create access-list to match the two address

ip access-list standard ROUTE_FILTER
 deny   172.16.3.0 0.0.0.255
 deny   172.16.4.0 0.0.0.255
 permit any //don't forget this, by default access-list deny all

then apply inside the routing protocol on specific interface, in this case, go to RIP and apply on the R1 interface serial 0/0


router rip
 version 2
 network 10.0.0.0
 network 172.16.0.0
 distribute-list ROUTE_FILTER out Serial0/0
 no auto-summary

now check on R2, R3 and R4, you should see no route to this two network


2. Now we gonna apply distribution list where the filter is applied between routing protocol, here we gonna filter network 172.16.1.x coming from RIP from being advertised into OSPF

 on R2, create access-list for this network


ip access-list standard ROUTE_FILTER
 deny   172.16.1.0 0.0.0.255
 permit any

because OSPF don't want specific network to advertise to him, we gonna configure this inside the OSPF process and specific from what routing protocol and network he don't want any update

router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute rip subnets
 network 10.0.0.0 0.255.255.255 area 0
 distribute-list ROUTE_FILTER2 out rip

check on the R3, R4. there should be no route path to 172.16.1.x


Tuesday, January 12, 2010

Redistribution RIP Ver2 - OSPF

Network Diagram




--------------------------------------

 R1#sh run
Building configuration...

Current configuration : 1294 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.0
!
interface Loopback4
 ip address 192.168.4.1 255.255.255.0
!
interface Loopback11
 ip address 172.16.1.1 255.255.255.0
!
interface Loopback12
 ip address 172.16.2.1 255.255.255.0
!
interface Loopback13
 ip address 172.16.3.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.12.1 255.255.255.252
 clock rate 64000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
!
router rip
 version 2
 network 10.0.0.0
 network 172.16.0.0 //didn't work for RIP
 network 192.168.0.0
 network 192.168.1.0
 network 192.168.4.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


--------------------------------------

R2#sh run
Building configuration...

Current configuration : 986 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.12.2 255.255.255.252
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.1.23.1 255.255.255.252
 clock rate 64000
!
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute rip subnets //redistribute INTO OSPF, conf inside OSPF process
 network 10.0.0.0 0.255.255.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 4 //redistribute INTO rip, conf inside RIP process
 passive-interface Serial0/1 //RIP is classfull, gonna advertise 10.0.0.0/8, so need exception for like this
 network 10.0.0.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


--------------------------------------

R2#sh run
Building configuration...

Current configuration : 986 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.12.2 255.255.255.252
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.1.23.1 255.255.255.252
 clock rate 64000
!
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute rip subnets
 network 10.0.0.0 0.255.255.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 4
 passive-interface Serial0/1
 network 10.0.0.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


--------------------------------------

R2#sh run
Building configuration...

Current configuration : 986 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.12.2 255.255.255.252
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.1.23.1 255.255.255.252
 clock rate 64000
!
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute rip subnets
 network 10.0.0.0 0.255.255.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 4
 passive-interface Serial0/1
 network 10.0.0.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


--------------------------------------

Monday, January 11, 2010

ISIS

Network Diagram



R1 = L1
R2 = L1/L2
R3 = L2
R4 = L1/L2


R1#sh run
Building configuration...


Current configuration : 1186 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.0
 ip router isis
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.0
 ip router isis
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.0
 ip router isis
!
interface Loopback4
 ip address 192.168.4.1 255.255.255.0
 ip router isis
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.4.12.1 255.255.255.0
 ip router isis
 clock rate 64000
 isis circuit-type level-1
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
!
router isis
 net 49.0001.1111.1111.1111.00
 is-type level-1
 summary-address 192.168.0.0 255.255.0.0
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


------------------------------------


R2#sh run
Building configuration...


Current configuration : 880 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.4.12.2 255.255.255.0
 ip router isis
 clock rate 2000000
 isis circuit-type level-1
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.4.23.2 255.255.255.0
 ip router isis
 clock rate 64000
 isis circuit-type level-2-only
!
!
router isis
 net 49.0001.2222.2222.2222.00
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


------------------------------------


R3#sh run
Building configuration...


Current configuration : 887 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.4.34.3 255.255.255.0
 ip router isis
 clock rate 64000
 isis circuit-type level-2-only
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.4.23.3 255.255.255.0
 ip router isis
 clock rate 2000000
 isis circuit-type level-2-only
!
!
router isis
 net 49.0020.3333.3333.3333.00
 is-type level-2-only
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end


------------------------------------


R4#sh run
Building configuration...


Current configuration : 1186 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.3.1.1 255.255.255.0
 ip router isis
 isis circuit-type level-1
!
interface Loopback2
 ip address 10.3.2.1 255.255.255.0
 ip router isis
!
interface Loopback3
 ip address 10.3.3.1 255.255.255.0
 ip router isis
!
interface Loopback4
 ip address 10.3.4.1 255.255.255.0
 ip router isis
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.4.34.4 255.255.255.0
 ip router isis
 clock rate 2000000
 isis circuit-type level-2-only
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
!
router isis
 net 49.0002.4444.4444.4444.00
 summary-address 10.0.0.0 255.0.0.0
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Thursday, January 7, 2010

OSPF and frame relay network

Network Diagram

Configure as below


HQ


interface Loopback1
 ip address 10.1.1.1 255.255.255.0
 ip ospf network point-to-point


interface Serial0/0
 ip address 10.1.123.1 255.255.255.0
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 10.1.123.1 102
 frame-relay map ip 10.1.123.2 102 broadcast
 frame-relay map ip 10.1.123.3 103 broadcast
 no frame-relay inverse-arp






router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 10.1.123.0 0.0.0.255 area 0
neighbor 10.1.123.2
neighbor 10.1.123.3




EB


interface Loopback2
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point


interface FastEthernet0/0
 ip address 10.1.23.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.123.2 255.255.255.0
 encapsulation frame-relay
 ip ospf priority 0
 clock rate 2000000
 frame-relay map ip 10.1.123.1 201 broadcast
 frame-relay map ip 10.1.123.2 201
 frame-relay map ip 10.1.123.3 201 broadcast
 no frame-relay inverse-arp


router ospf 1
 log-adjacency-changes
 network 10.1.2.0 0.0.0.255 area 0
 network 10.1.123.0 0.0.0.255 area 0

WB

interface Loopback3
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 ip address 10.1.23.3 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.123.3 255.255.255.0
 encapsulation frame-relay
 ip ospf priority 0
 clock rate 2000000
 frame-relay map ip 10.1.123.1 301 broadcast
 frame-relay map ip 10.1.123.2 301 broadcast
 frame-relay map ip 10.1.123.3 301
 no frame-relay inverse-arp


router ospf 1
 log-adjacency-changes
 network 10.1.3.0 0.0.0.255 area 0
 network 10.1.123.0 0.0.0.255 area 0

Wednesday, January 6, 2010

OSPF multi-area and stub authentication

Network Diagram



Configure as below
------------------------------------------------------------------
R1
interface Loopback1

 ip address 10.1.1.1 255.255.255.0
 ip ospf network point-to-point

interface Serial0/0
 ip address 10.1.12.1 255.255.255.0
 clock rate 64000

router ospf 1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 10.1.12.0 0.0.0.255 area 0

R2
interface Loopback2
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point

interface Serial0/0
 ip address 10.1.12.2 255.255.255.0
 clock rate 64000

interface Serial0/1
 ip address 10.1.23.2 255.255.255.0
 clock rate 64000

router ospf 1
 log-adjacency-changes
 network 10.1.2.0 0.0.0.255 area 0
 network 10.1.12.0 0.0.0.255 area 0
 network 10.1.23.0 0.0.0.255 area 23

R3
interface Loopback3
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point

interface Serial0/0
 ip address 10.1.23.3 255.255.255.0
 clock rate 2000000

router ospf 1
 log-adjacency-changes
 network 10.1.3.0 0.0.0.255 area 23
 network 10.1.23.0 0.0.0.255 area 23
-------------------------------------------------------------------------

make sure you can ping all the loopback from R1, R2 and R3, except loopback 20, we'll configure this later
In this configuration, there are 2 area, area 0 and area 23.
loopback 1, 2 and subnet 10.1.12.x are in area 0
loopback 3 and subnet 10.1.23.x are in area 23
in this case, R2 is the ABR

run command show ip route on R1, you notice there's 'IA' for route to R3 subnet and loopback. This is because it is in inter-area route, same result is shown on R3. R2 routing table don't have this because it is in both area.
O IA    10.1.3.0 [110/129] via 10.1.12.2, 01:33:18, Serial0/0
O       10.1.2.0 [110/65] via 10.1.12.2, 01:34:18, Serial0/0
C       10.1.1.0 is directly connected, Loopback1
O IA    10.1.23.0 [110/128] via 10.1.12.2, 01:34:18, Serial0/0


-------------------
Stub Area

make Area 23 to be the stub area, Does not accept information about routes external to the autonomous system, such as routes from non-OSPF sources. all route to outside will use default route. Configure on R2 and R3.


R2(config)# router ospf 1
R2(config-router)# area 23 stub


R3(config)# router ospf 1
R3(config-router)# area 23 stub


run show ip route, you'll notice there are default route added on the routing table that pointing to R2


     172.20.0.0/24 is subnetted, 1 subnets
C       172.20.200.0 is directly connected, Loopback20
     10.0.0.0/24 is subnetted, 5 subnets
O IA    10.1.12.0 [110/128] via 10.1.23.2, 00:00:07, Serial0/0
C       10.1.3.0 is directly connected, Loopback3
O IA    10.1.2.0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0
O IA    10.1.1.0 [110/129] via 10.1.23.2, 00:00:07, Serial0/0
C       10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:07, Serial0/0


to check the area type, run show ip ospf



...
  Area 23
        Number of interfaces in this area is 2
        It is a stub area
        Area has no authentication
        SPF algorithm last executed 00:04:17.300 ago
        SPF algorithm executed 6 times
        Area ranges are
        Number of LSA 6. Checksum Sum 0x032310
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA
....

-----------------------------
totally stubby area


this area only allow in a single default route from the backbone, external and summary route are blocked. Configuration are done on ABR router, R2.



R2(config)# router ospf 1
R2(config-router)# area 23 stub no-summary


show ip route on router in area 23(R3) to see effect. from below can see the only route to outside is only thru default route. all other route are gone already



     172.20.0.0/24 is subnetted, 1 subnets
C       172.20.200.0 is directly connected, Loopback20
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.3.0 is directly connected, Loopback3
C       10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:03, Serial0/0




--------------------------------------------------
not so stubby area (NSSA)

allow redistribution from ASBR into that area then converted to normal external route at ABR. In this lab we'll change area 23 into NSSA, R3 will act as ASBR where loopback 20 are the outside route, R2 will be ABR.

first issue the no area 23 stub command. to generate an outside/external route into NSSA, use redistribute connected subnet





R2(config)# router ospf 1
R2(config-router)# no area 23 stub
R2(config-router)# area 23 nssa

R3(config)# router ospf 1
R3(config-router)# no area 23 stub
R3(config-router)# area 23 nssa
R3(config-router)# redistribute connected subnets


issue sh ip ospf on R2 to see the conversion take effect, where external route converted to normal external route (type 7 to type 5 translation)


..



  Area 23
        Number of interfaces in this area is 1
        It is a NSSA area
        Perform type-7/type-5 LSA translation
        Area has no authentication
        SPF algorithm last executed 00:04:14.260 ago
        SPF algorithm executed 15 times
        Area ranges are
...


show ip route on R2, the route type is N2 = OSPF NSSA external type 2





    172.20.0.0/24 is subnetted, 1 subnets
O N2    172.20.200.0 [110/20] via 10.1.23.3, 00:06:11, Serial0/1
     10.0.0.0/24 is subnetted, 5 subnets
C       10.1.12.0 is directly ...

show ip route on R1 show type E2 = OSPF external type 2, because it's converted by ABR, R2 already





    172.20.0.0/24 is subnetted, 1 subnets
O E2    172.20.200.0 [110/20] via 10.1.12.2, 00:09:12, Serial0/0

show ip route on R3 show no more default route, but if you still want to make use of default route, issue area 23 nssa no-summary





     172.20.0.0/24 is subnetted, 1 subnets
C       172.20.200.0 is directly connected, Loopback20
     10.0.0.0/24 is subnetted, 5 subnets
O IA    10.1.12.0 [110/128] via 10.1.23.2, 00:11:57, Serial0/0
C       10.1.3.0 is directly connected, Loopback3
O IA    10.1.2.0 [110/65] via 10.1.23.2, 00:11:57, Serial0/0
O IA    10.1.1.0 [110/129] via 10.1.23.2, 00:11:57, Serial0/0
C       10.1.23.0 is directly connected, Serial0/0

after issue command on R2





R2(config)# router ospf 1
R2(config-router)# area 23 nssa no-summary


show ip route again on R3

     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.3.0 is directly connected, Loopback3
C       10.1.23.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:22, Serial0/0

--------------------------------------
Interface authentication

we'll configure plain text auth on link between R2-R3, MD5 between R1-R2

R2(config)# interface serial 0/1
R2(config-if)# ip ospf authentication
R2(config-if)# ip ospf authentication-key cisco


R3(config)# interface serial 0/0
R3(config-if)# ip ospf authentication
R3(config-if)# ip ospf authentication-key cisco

run show ip ospf interface [interface type] on any router

R3#sh ip os int ser 0/0
Serial0/0 is up, line protocol is up
...
..
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled


move to MD5, this will provide more security with encrypted password

R1(config)# interface serial 0/0
R1(config-if)# ip ospf authentication message-digest
R1(config-if)# ip ospf message-digest-key 1 md5 cisco


R2(config)# interface serial 0/0
R2(config-if)# ip ospf authentication message-digest
R2(config-if)# ip ospf message-digest-key 1 md5 cisco


R1#sh ip os int ser 0/0
Serial0/0 is up, line protocol is up
...
..
  Message digest authentication enabled
    Youngest key id is 1