To recover the password on your 30xx/5012 switch, follow the steps below:
1. Connect to the switch console port and manually reboot the switch.
2. Hold down the Esc key as soon as power is applied to the switch.
3. At the prompt type: EmergencyPasswordReset
4. At the confirm (Y/N) prompt, type X
5. You will get a message stating that the password has been disabled.
6. Type G and hit enter to reboot the switch
At this point, the password will be ignored. You can then reset the password to whatever you would prefer.
GOOGLE Search
Monday, July 30, 2007
Network Tip No. 1: Recover password for PowerEdge 860
Tuesday, July 24, 2007
II. OSPF Topic
OSPF Topic
Overview
- open standard
Link-State Routing Protocols
Characteristics
- respond quickly to network changes
- send triggered updates when a network changes occur
- send periodic updates (link-state refresh) , every 30 minutes
- generate routing updates only when a change occurs in the network topology
- when a link change state, the device that detects the change creates a LSA concerning that link
- LSA propagates to all neighboring devices using a multicast address
- each routing devices takes a copy of the LSA and updates its LSDB and forward the LSA to all neighboring devices within the area
- LSDB is used to calculate the best paths
- Link-state routers find the best paths to a destination by applying Dijkstra’s algorithm also known as SPF against the LSDB to build the SPF tree
- The best path are then selected from the SPF tree and placed in the routing table
- Examples: OSPF and IS-IS
- Each router has full view of the network topology
- All routers must keep a copy of the LSDB, the more OSPF routers, the larger LSDB
Link-State Data Structures
a. Neighbor Table
- also known as the adjacency database
- contains list of recognized neighbors
b. Topology Table
- referred to as LSDB, identical LSDB for all routers w/in an area
- contains all routers and their attached links in the area
c. Routing Table
- also known as forwarding database
- contains all the list of best paths to destinations
Drawback of Link-state protocol
- memory resources
OSPF Area Structure
- link-state routing requires a hierarchical network structure, meaning that all area must connect directly to area 0
- this 2 level hierarchy consists of
a. transit area (backbone or area 0)
- primary function is fast and efficient movement of packets
- interconnect other area types
- end users are not found within a transit area
b. regular areas (nonbackbone areas)
- primary function is to connect end users and resources
- by default, does not allow traffic from another area
- subtypes include standard area, stub area, totally stubby area, and not-so-stubby area (NSSA)
- minimizes routing table entries
- localizes impact of a topology change within an area
- detailed LSA stops at the area boundary
- when a router or link fails, that information is flooded along adjacencies only to the routers in the local area
- routers outside the area do not receive this information
- all interarea traffic must pass through the backbone area, area 0
Area Terminology
-
- routers that make up area0 are known as backbone routers
- all other areas connect directly to backbone area 0
- an area border router (ABR) connects area 0 to the nonbackbone areas
Characteristic of Area Border Router
- it separates LSA flooding zone
- becomes primary point for area address summarization, only ABR and ASBR can do summarization
- functions regularly as the source for default routes
- maintains the LSDB for each area with which it is connected
OSPF Adjacency Database
- router running link-state protocol must first establish neighbor adjacencies with its neighboring routers, this is done by exchanging hello packets
- router sends/receives hello packets to/from its neighboring routers, the format of the destination address is typically multicast
- routers exchange hello packets subject to protocol-specific parameters, such as wether the neighbor is in the same AS and area.
- routers declare the neighbor up when the exchange is complete
- after adjacency using helo packets, they synchronize their LSDB’s by echanging LSA’s and confirming the receipt of LSAs from the adjacent router
Forming OSPF Adjacencies
P2P WAN Links
- both neighbors become fully adjacent
LAN Links
- neighbors form a full adjacency with DR and BDR
- DR forwards the updates from one neighbor on the LAN to all other neighbors on that LAN
- main function of a DR is to ensure that all of the routers on the same LAN have identical database
- the DR passes its database to any new routers that come up
- routers on the LAN also maintain a partial-neighbor relationship, a two-way adjacency state, with the other routes on the LAN that are not DR or BDR called DROTHERS
LSA
- LSAs report the state of the routers and the links between routers
- Link-state information must be synchronized between routers
- LSAs are reliable, there is a method of acknowledging the delivery of LSA
- LSAs are flooded throughout the area
- LSAs have a sequence number and a set lifetime so that each router recognizes that it is the most up-to-date version of the LSA
- LSAs are periodically refreshed to confirm topology information before it ages out of the link-state-database, link-state age of 30 minutes by default
- Only by reliably flooding the link-state info can every router in the area or domain ensure that it has the latest, most accurate view of the network
When router receives LSU, it does the following:
- if LSA does not exist, the router adds the entry to its LSDB, sends a links state acknowledgement (LSAck) back, floods the info to other routers, runs SPF and updates its routing table
- if the entry already exist and the received LSA has the same sequence number, the router ignores the LSA entry
- if the entry already exists but the LSA includes newer info(has a higher sequence number), the router adds it on LSDB, sends LSAck back , floods the info, runs SPF and update its routing table
- if entry already exist but the LSA includes older info, it sends an LSU to the sender with newer information
Calculating the OSPF Metric
- uses Dijkstra (Edgar Dijkstra) algorithm to calculate the best paths
- every router in an area has the identical link-state database
- each router in the area places itself into the root of the tree that is built
- the best path is calculated with respect to the lowest total cost of links to a specific destination
- best routes are put into the forwarding database (routing database)
- by default, the interface cost is calculated based on the its configured bandwidth
- ospf cost can also be manually defined for each interface, which overrides the default cost value
II. OSPF Packet Types
5 Packet Types
Type 1: Hello
- discovers neighbors and builds adjacencies between them
Type 2: DBD Database description
- checks for database synchronization between routers
Type 3: LSR Link-State Request
- request specific link state records from router to router
Type 4: LSU Link-state Update
- sends specifically requested link-state records
Type 5: LSAck Link-state Acknowledgement
- acknowledges the other packet types
OSPF Packet Header Format
- all 5 OSPF packet types are encapsulated directly into an IP payload
- the OSPF packet does not use TCP or UDP
- it has defined its own acknowledgement routine using an acknowledgment packet (OSPF packet type 5)
- in the IP Header, a protocol identifier of 89 defines all OSPF packets
- each OSPF packet types begins with the same header format, it has these ff fields:
a. Version Number: For OSPF version 2
b. Type: Differentiates 5 OSPF Packet Types
c. Packet Length: Length of OSPF packet in bytes
d. Router ID: defines which router is the source of the packet
e. Area ID: defines the area where the packet originated
f. Checksum: used for packet header error detection to ensure all OSPF packet was not corrupted during transmission
g. Authentication Type: formats for authentication, clear-text or md5
h. Authentication: used in authentication scheme
i. Data (for hello packet) : includes list of all neighbors
j. Data (for DBD packet) : contains summary of the LSDB, which includes all known router ID and their last sequence number
k. Data (for LSR pacekt): contains the type of LSU needed and the router ID that the needed LSU
l. Data (for LSU packet): contains full link-state advertisement LSA entries
m. Data (for LSAck packet): empty
Establishing OSPF Neighbor Adjacencies
- hello protocol establishes and maintains neighbor relationship
- each interface participating in OSPF uses IP multicast address 224.0.0.5 to send hello packets periodically
Hello Packet
- Router ID
- 32-bit number that uniquely identifies the router
- the highest IP address on an active interface is chosen by default, unless the loopback interface or its manually configured
- breaks ties during DR and BDR selection process
- Hello and Dead Interval – must be the same on neighboring routers
- hello interval specifies the frequency at which a router sends hello packets
every 10 secs default on multiaccess/P2P/broadcast network
every 30 secs on NBMA
- dead interval is the time in secs that a router waits to hear from a neighbor before declaring the neighboring router out of service
4 times the hello by default
- Neighbors
- the neighbor field lists the adjacent routers
- Area ID – must be the same
- to communicate, routers interfaces must belong to the same OSPF area
- Router Priority
- 8-bit number that indicates the priority of a router
- used for selecting DR and BDR
- DR and BDR IP Addresses
- ip address of DR and BDR for the specific network
- Authentication Password – must be the same if enabled
- if its enabled the routers must exchange the same password
- Stub Area Flag
- special area, designating a stub area is a technique that reduces routing updates by replacing them with a default route
Note: After DR and BDR are selected, newly added router will establish adjacencies with the DR and BDR only.
Exchanging and Synchronizing LSDBs
- once adjacency is formed, OSPF must exchange and synchronized the LSDBs between routers
Neighbor Relationship Process
- when routers running OSPF initialize, an exchange process of hello protocol is the first procedure
- if let say RouterA is enabled on a LAN and is in
- it begins sending hello packet through each of its interfaces participating OSPF, the helo packet is sent out using the multicast address 224.0.0.5
- all directly connected routers running OSPF receive the hello packet from RouterA and add RouterA to their list of neighbors. This state is the
- all routers that received the hello packet send a unicast reply hello packet to RouterA with the corresponding information
- the neighbor field in the hello packet includes all neighboring routers and RouterA
- when RouterA receives these hello packets, it add all the routers that had its routerID in their hello packets to its own neighbor relationship database, this state is referred to as the TWO-WAY STATE
- at this point all routers that have each other in their lists of neighbors have established bidirectional communication
- if the link type is broadcast, generally LAN like Ethernet, then a DR and BDR must be first selected.
- the DR forms bidirectional adjacencies with all other routers on the LAN link, this process must occur before the routers can begin exchanging link-state info
- periodically every 10 secs by default on broadcast networks the routers within a network exchange hello packets to ensure that communication is still working
- the hello updates include the DR, BDR and the list of routers whose hello packets have been received by the router
- after the DR and BDR have been selected, the routers are considered to be in the EXSTART STATE and they are ready to discover the link-state information about the internetwork and create their LSDBs
- the process used to discover the network routes is the exchange protocol and get the routers to FULL STATE of communication
- the first step in this process(
- when adjacent routers are in a
Exchange Protocol
- in the
- during these process master-slave relationship is created between each router and its adjacent DR and BDR
- the router with the higher router ID acts as the master during the exchange process
- the master and slave routers exchange one or more DBD packets, the routers are in the
- a DBD includes information about the LSA entry header that appears in the LSDB of the router
- each LSA entry header includes info about the link-state type, address of the advertising router, cost of the link and the sequence number
- the router uses these sequence number to determine the “newness” of the received link-state information
- when the router receives the DBD, it acknowledges the receipt of the DBD using LSAck packet
- it compares the info it receives with the info it has
- if the DBD has a more up-to-date link-state entry, then the router sends an LSR to the other router
- the process of sending LSRs is called the
- the router responds with the complete information about the requested entry in an LSU packet
- when the router receives an LSU, it sends an LSAck
- the router adds the new link-state entries to its LSDB
- when all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a
- the routers must be in a
- at this point all the routers in the area should have identical LSDBs
Note: Only the DR exchanges and synchronizes link-state information with the routers to which it has established adjacencies
Maintaining Network Routes
- in a link-state environment it is very important for the LSDBs (Topology Table) of all routers to stay synchronized
- when there is a change in a link-state, the routers use a flooding process to notify the other routers in the network of the change
- LSUs provide the mechanism for flooding LSAs
Flooding Process Steps
- a router notices a change in a link state and multicast an LSU packet to all OSPF DRs and BDRs at 224.0.0.6. an LSU packet may contain several distinct LSAs
- the DR acknowledges the receipt of the change and floods the LSU to other on the network using the OSPF multicast address 224.0.0.5
- after receiving the LSU, each router responds to the the DR with an LSAck, each LSA must be acknowledge separately
- if a router is connected to other networks, it floods the LSU to those other networks by forwarding the LSU to the DR of the multicaccess network
- the DR in turn multicast the LSU to the other routers on the network
- the router updates its LSDB using the LSU that includes the changed LSA
- it the recomputes the SPF algorithm against the updated database after a short delay and updates the routing table as necessary
- summaries of individual link-state entries, not the complete link-state entries are sent every 30 minutes to ensure LSDB synchronization
- each link-state entry has a timer to determine when the LSA refresh update must be sent
- each link-state entry also has a max age of 60 minutes
- if a link-state entry has not been refreshed within 60 minutes, it is removed from the LSDB
III. Configuring OSPF Routing
Enables OSPF routing process
Router(config)# router ospf
Defines the interfaces that OSPF will runon
Router(config-router)# network
Optional method to enable OSPF explicitly on an interface
Router(config-if)# ip ospf
Parameters
process-id :
- number to identify the OSPF routing process
- does not need to match process IDs on other routers
wildcard-mask:
- specifying the interface address use 0.0.0.0
- matches all interface address use a combination of 0.0.0.0 255.255.255.255
area-id:
- specifiy ospf area to be associated with the address
- can be a decimal number or dotted decimal notaion similar to an IP address
Single Area
Multiple Area
Configuring a Router ID
- for an ospf routing process to start successfully, it must able to determine an OSPF router ID
- the router is known OSPF by the OSPF router ID number
- LSDBs use the OSPF router ID to differentiate one router from the nex
- by default, the router ID si the highest IP address on an active interface at the moment of OSPF process startup
- the interface does not have to be part of the OSPF process, but it has to be up
- a loopback interface can override the OSPF router ID
- if a loopback interface exist, the router ID is the highest IP address on any active loopback interface
- the OSPF router-id command can be used to override the OSPF router ID
- once the OSPF router ID is set, it does not change even if the interface that the router is using for the router ID goes down
- the router ID changes only if the router reloads of if the OSPF routing process restarts
Configuring the Loopback interface
Configuring the router-id
Verifying ospf router id
Verifying OSPF Operation
show ip protocols
- displays ip routing protocol parameters about timers, filters, metrics, networks
show ip route ospf
- displays OSPF routes known to the router
0 – code represents OSPF routes
IA – interarea
[110/782] – AD and total cost of the route to subnet 10.2.1.0/24
show ip ospf interface
- displays OSPF process ID, routerID, OSPF network type, DR/BDR timers, neighbor adjacency
- verifies that the interface is configured in the intended areas
show ip ospf neighbor
- displays all list of neighbors, OSPF router ID, OSPF priority and their neighbor adjacency state and the dead timer
IV. OSPF NETWORK TYPES
3 Types of defined by OSPF
1. Point-to-point
- a network that joins a single pair of routers
2. Broadcast
- muliaccess broadcast network, such as Ethernet
3. Nonbroadcast multiaccess (NBMA)
- a network that interconnects more than two routes but that has no broadcast capability, examples are FR, ATM and X.25
Adjacency on Point-to-Point Link
- usually a serial interface running either PPP or HDLC
- may also be a point-to-point subinterface running Frame Relay or ATM
- No DR or BDR election required
- OSPF autodetects this interface type
- OSPF packets are sent using multicast 224.0.0.5
- default OSPF hello and dead intervals on point-to-point links are 10 secs and 40 secs repectively
Adjacency for Broadcast Network Link
- generally these are LAN technologies like Ethernet and Token Ring
- DR and BDR selection are required
- all neighbor routers form full adjacencies with the DR and BDR only
- packets to the DR and BDR use 224.0.0.6
- packets from DR to all other routers use 224.0.0.5
Selecting DR and BDR
- the router with the highest priority value is the DR
- the router with the second-highest priority value is the BDR
- the default for the interface OSPF priority is 1, in case of a tie, the router ID is used
- the router with the highest router ID becomes the DR
- the router with the second-highest router ID becomes the DR
- a router with a priority set to 0 (zero) cannot become a DR or BDR
- a router that is not the DR or BDR is called a DROTHER
- if a router with the higher priority value gets added to then network, it does not preempt(substitute) the DR and BDR, the only time that a DR or BDR changes is when one of them is out of service
- if the DR is out of service, the BDR becomes the DR and a new BDR is selected, if the BDR is out of service, a new BDR is elected
- to determine whether the DR is out of service, the BDR uses the wait timer
- the BDR does not confirm that the DR is forwarding LSAs before the timer expires, then the BDR assumes that the DR is out of service
Note:
The highest IP address on an active interface is normally used as the router ID. However, you can override this selection by configuring an IP address on a loopback interface or using the router-id configuration command.
In a multicaccess environment, each network segment has its own DR and BDR. A router also can be a DR on one segment and a regular router on another segment.
Setting priority for DR election
Adjacency for an NBMA network
- to implement broadcasting or multicasting on an NBMA network, the router replicates the packets to be broadcast or multicast and sends them individually on each permanent virtual circuit (PVC), this process is CPU and bandwidth intensive
- default hello and dead intervals on NBMA interface are 30 secs and 120 secs
- DR and BDR need to have fully meshed connectivity with all other routers
- OSPF neighbors are not automatically discovered by the router
OSPF over Frame Relay Configuration
Types of FR topologies
1. Star Topology
- the most common FR network topology
- the central router provides multiple connection because it typically uses a single interface to interconnect multiple PVCs
2. Full-mesh Topology
- most costly
- all routers have virtual circuits to all other destinations, n(n-1)2 where n is the number of nodes
3. Partial-mesh Topology
- not all sites have direct access to a central site
RFC 2328 OSPF over NBMA Topology Modes of Operation
a. NBMA
- neighbors must be manually configured, DR and BDR election is required
b. Point-to-multipoint
- this mode treats the nonbroadcast network as a collection of point-to-point links
- routers automatically identify their neighboring routers but do not elect a DR and BDR
Note: The main advantage of point-to-multipoint mode is that it requires less manual configuration and the main advantage of the nonbroadcast mode is that there is less overhead traffic.
Cisco has identified the ff additional modes:
- Point-to-multipoint nonbroadcsat
- Broadcast
- Point-to-point
Selecting the OSPF Network Type for NBMA Netoworks
OSPF over Frame Relay NBMA Configuration
- emulates operation over a broadcast network
- DR and BDR are elected on the NBMA network
- Routers are usually fully meshed, if not fully meshed DR and BDR are selected
- Neighboring routers are statically defined to start the DR and BDR election
- For flooding, the LSU packet must be replicated for each PVC
- Frame Relay, ATM and X.25 networks default to OSPF nonbroadcast mode
- priority set to 0 for routersB and C because its not a full-meshed topology
- this ensures RouterA to become the DR, no BDR
OSPF over Frame Relay Point-to-Multipoint Configuration
- are designed to work with partial-mesh or star topologies
- in RFC 2328, OSPF treats all router-to-router connection as if they were point-to-point
- DR are not used and type2 LSA is not flooded
Point-to-Multipoint mode has the ff properties
- does not require a fully meshed network
- does not require a static neighbor configuration: because point-to-multipoint mode treats the network as a collection of point-to-point links
- uses one IP subnet: all routers are on one IP subnet
- duplicates LSA packets: when flooding the router must replicate the LSU
- 30 sec hello is used
- This mode is RFC 2328 compliant
Point-to-Multipoint Nonbroadcast
- Cisco extension to RFC-compliant point-to-multipoint mode
- must statically define neighbors, like nonbroadcast
- like point-to-multipoint mode, DR and BDR are not elected
Using Subinterface in OSPF over Frame Relay
- is used when only two nodes exist
V. Link-State Advertisement
4 OSPF Router Types
1. Internal routers
- routers that have all their interface in the same area and have identical LSDBs
2. Backbone router
- routers that sit in the perimeter of the backbone area and have at least one interface connected to area0
3. ABR
- routers that have interface attached to multiple areas
- maintain separate LSDBs for each area to which they connect
- exit points for the area
4. ASBR
- routers that have at least one interface attached to an external internetwork(another AS) such as non-OSPF network
Note:
A router can exist as more than one router type.
A router has a separate LSDB for each area to which it connects.
Two routers belonging to the same area maintain identical LSDBs for that area.
OSPF Virtual Links
- a virtual link is a link that allows discontiguous area0s to be connected
- or that allows a disconnected area to be connected to area 0
- area not connected to area 0
- recommended for backup or temporary connection
Configuring Virutal Links
OSPF LSA Types
1. Type 1 : Router LSA (same area)
- most common type, includes list of directly attached links
- flooding on one/same area only, does not cross ABR
- the link-state ID is the originating router ID
- describes a router if it an ABR or ASBR
LSA Type 1 Link Types
Link Type 1:
- p2p to another rouer, lsa-id is neighboring router ID
Link Type 2:
- connection to transit network, lsa-id is ip add of the DR
Link Type 3:
- connection to a stub network, lsa-id is ip network number
Link Type 4:
- virtual link, lsa-id neighboring router ID
2. Type 2 : Network LSA (same area only for DR)
- DR generate network lsa for every transit broadcast or NBMA network
- flooded in its area only, does not cross ABR
- the link-state ID is the IP interface address of the DR
- contains list of attached routers that make up the transit network, DR itself and the subnet mask used on the link
-
3. Type 3 : Summary LSA (different area)
- ABR generate summary lsa
- advertising any networks owned by an area to the rest of the areas in the OSPF AS
- link-stated id is set to the network number, mask is also advertised
- summary lsa are flooded throughout a singe area only but are generated by ABRs to flood into other areas
- summary LSA do not by default contained summary routes
4. Type 4 : Summary LSA (IP Address ASBR)
- generated by an ABR only when an ASBR exists within an area
- link-state id is set to the ASBR router ID
-
5. Type 5 : External LSA (summary from ASBR)
- describes routes to networks outside the OSPF AS
- generated by ASBR and are flooded to the entire AS
- link-stated ID is the external network number
6. Type 6 :
- used in multicast OSPF applications
7. Type 7:
- used in NSSAs
8. Type 8:
- used in internetworking OSPF and BGP
9. Types 9, 10, and 11
- for future upgrades to OPSF, like MPLS
Interpreting the Routing Table: Types of Routes
Calculating the COSTS for E1 and E2 Routes
E1: Calculates cost by adding the external cost to the internal cost of each link that the packet crosses. Used if multiple ASBRs are advertising
E2: Default. Externcal cost only . Used if only one ASBR advertising
Configuring OSPF LSDB Overload Protection
- protects against misconfigured routers that can cause excessive LSAs and drain local CPU and memory resources
Changing the Cost Metric
- OSPF has the ability to summarize routes at area and AS boundaries
- summarization is impt because it reduces OSPF LSA flooding, LSDB, routing table size
- with route summarization only summarize routes are advertised to the backbone area(area 0)
2 Types of Summarization
1. Interarea route summarization
- occurs on ABRs and applies to routes from within each area
- it does not apply to external routes injected into OSPF via redistribution
2. Exrenal route summarization
- is specific to external routes that are injected into OSPF via redistribution
- only ASBRs summarize external routes
Configuring
Note: IOS software creates a summary route to interface null 0 when manual summarization is configured.
Default Route on OSPF
- a default route is injected into OSPF as an external LSA type 5
- default route distribution is not ON by default
VII. Configuring OSPF Special Area Types
- the purpose behind stub areas is to inject default routes into an area so that external and summary link-state advertisement
- stub areas are designed to reduce the amount of flooding, LSDB size and routing table size within the area
OSPF Area Types
1. Standard area:
- this default area accepts link updates, route summaries and external routes
2. Backbone area (transit area)
- labeled as area 0, all other area connect to this and exchange route info
- this include all the properties of a standard OSPF area
3. Stub area
- this area does not accept information about routes external to the AS
- if routers need to route outside the AS, they use default route, noted as 0.0.0.0
- stub areas cannot contain ASBR
4. Totally stubby area
- this area does not accept external AS routes or summary routes from other areas internal to the AS
- if routers need to send packet to an external network it uses a default route
- cannot contain ASBRs
5. NSSA
- OSPF RFC
- this area defines a special LSA type 7
- it allows ASBRs and benefits similar to stub and totally stubby area
Note: Stub and Totally Stubby areas do not carry any external routes,LSA type 5.
Qualification for Stub and Totally Stubby
- there is a single exit point from that area
- if there are multiple exits, one or more ABR inject a default into the stub area
- all OSPF routers including the ABR and internal routers must be configured as stub routers before they can become neighbors and exchange infor
- there is no ABR inside the stub area
- the area is not the backbone area, area0
- the area is not needed as a transit area for virtual links
- area 2 is defined as stub area, no routes from the external AS are forwarded into the stub area
- R3 automatically advertises 0.0.0.0 (default route) with a default metric cost of 1 to the stub area
- each router in the stub area must be configured with the area stub command
Routes that appear in the routing table of R4 are as follows
- intra-area routes, designated with an O in the routing table
- default-route and interarea routes, designated with an IA in the routing table
- default route is denoted with an asterisk (O *IA)
Configuring Totally Stubby Areas
- Cisco proprietary, it blocks type 5 LSA as well as summary type 3 and type 4 LSA from entering the area
- Totally stubby area recognizes only intra-area routes and default route 0.0.0.0
- ABRs inject the default summary link 0.0.0.0 into the totally stubby area
- all routes advertised into area 1 (from area0 and the external AS) default to 0.0.0.0
- default route cost is set to 5 on router2 and to 10 on rotuer4
- both default routes are advertised into area 1
- only ABR use the no-summary command to keep summary LSAs from being propagated into another area
Configuring NSSA
- described by RFC 3101, non proprietary extension of the existing stub area feature that allows the injection of external routes in a limited fashion into the stub area
- creates a Type 7 LSA, generated by ASBR and NSSA ABR translates it into a type 5 LSA
- ABR sends a default route into the NSSA instead of external routes from other ASBRs
- Type 7 LSA is described in the routing table as an O N2 or O N1 (N means NSSA)
- N1 means that the metric is calculated like external type 1
- N2 means that the metric is calculated like external type 2, default is O N2
- R2 is the NSSA ABR, this router converts LSA type 7 into type 5 for advertisement into the backbone area0
- To cause R2 to generate an O *N2 default route (O *N2 0.0.0.0/0) into the NSSA, use the default-information originate option
- R2 the NSSA ABR automatically generates the O *N2 default route into the NSSA area with the no-summary option, so the default-information-originate option is not required
- All other routers in the NSSA area require area 1 nssa command only
Verifying All Stub Area Types
VIII. CONFIGURING OSPF AUTHENTICATION
- enabled on per interface basis
- all neighboring routers must have the same password
- do not use key chain as with EIGRP
2 Types of Authentication
1. Simple password
2. MD5 authentication
Type Codes
1. type 0 - null, no authentication
2. type 1 – simple password
3. type 2 – MD5
Monday, July 16, 2007
DHCP Topic
DHCP Topic
DHCP Operation
1. Client locate DHCP Server, sends DHCPDISCOVER (broadcast)
2. Server replies with DHCPOFFER (unicast)
3. Client sends DHCPREQUEST (broadcast)
4. Server sends DHCPACK to client (unicast)
DHCPDISCOVER –> DHCPOFFER –> DHCPREQUEST -> DHCPACK
broadcast -> unicast -> broadcast -> unicast
Note: client always broadcast, Server always unicast
DHCP Mechanisms
a. Manual – assigns the IP address to MAC Address
b. Automatic – IP address is permanently assigned to a host
c. Dynamic – IP address is assigned to host for a limited time
Configuring a Router to be a DHCP Client
Router(config)#interface Fast 0/1
Router(config-if)#ip address dhcp
Note: configured on an interface, think nic on computer.
Limiting the request info
Router(config-if)#no ip dhcp request dns-nameserver
Note:by default all services are available
Useful commands
Router#show host
Router#release dhcp Fa0/1
Router#renew dhcp Fa0/1
Router#show dhcp lease
Configuring IOS for DHCP Server
Router(config)#service dhcp
Note: on by default
Router(config)#no service dhcp
Define pool of address to be given to host
Sales Department: 172.16.1.0/24 with 172.16.1.1 to 172.16.10 excluded
Router(config)#ip dhcp pool sales-dept
Router(dhcp-config)#network 172.16.1.0 255.255.255.0
Router(dhcp-config)#ip dhcp excluded-address 172.16.1.1 172.16.1.10
Changing key info.
Router(config)#ip dhcp pool sales-dept
Router(dhcp-config)#dns-server 172.16.1.2
Router(dhcp-config)#netbios-name-server 172.16.1.2
Router(dhcp-config)#default-router 172.16.1.1
Router(dhcp-config)#domain-name jepoy.net
IP Helper Address
Purpose: accepts broadcast request and forward it as unicast to a specific dhcp server
Example: Forward all DHCP request to 172.16.1.3 DHCP server
Router(config)#interface FastEthernet 0/0
Router(config-if)#ip helper-address 172.16.1.3
Limiting the impact of ip helper address
Example: Remove tftp and time
Router(config)#no ip forward-protocol udp tftp
Router(config)#no ip forward-protocol udp time
Example:Add UDP 517
Router(config)#ip forward-protocol udp 517
8-Default Forward Service
Port Service Name
37 Time
49 TACACS
53 DNS
67 DHCP Client
68 DHCP Server
69 TFTP
137 NETBIOS name service
138 NETBIOS datagram service
I. EIGRP Topic
EIGRP Enhanced Interior Gateway Routing Protocol
I. Introduction
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary classless routing protocol that uses a complex metric based on bandwidth and delay. The following are some features of EIGRP:
- fast convergence
- support for VLSM
- partial triggered updates conserve network bandwidth
- supports Multiple Network Protocol,PDM Example: IP, AppleTalk, and IPX
- support for all layer 2 (data link layer) protocols and topologies
- sophisticated metric that supports unequal-metric proportional load-balancing
- use of multicasts and unicasts instead of broadcasts
- support for authentication
- backup Routes (DUAL)
- hybrid Protocol, both distance vector and link-state
- supports multiple AS on a single router
Administrative Distance
External EIGRP(redistributed) – 170
Internal EIGRP - 90
Neighbor Discovery Conditions
- Hello and ACK
- As-number must be match
Note: different AS don’t share routing information
- Identical Metrics (k values)
Hello Protocol
- multicast address 224.0.0.0
- sent every 5 secs with BW > 1.544
- sent every 60 secs with BW<1.544>
RTP (Reliable Transport Protocol)
- cisco proprietary, guaranteed ordered delivery of packets
- uses multicast and unicast
Process
- sends multicast traffic 224.0.0.10 Class D
- maintain the lists of neighbors replied
- if it doesn’t get a reply it will send unicasts packet
- 16 unicasts attempts to declare a neighbor is down
DUAL (Diffusing Update Algorithm)
Convergence in two folds
First: maintains a copy of all the neighbor routes, if best path is down it examines the content of the topology table and select a replacement
Second: if no good alternatives, quickly ask the neighbors to find one
II. EIGRP Tables
- Neighbor Table – list adjacent routers
- Topology Table – lists all learned routes to each destination, feasible successor are found here
- contains the metric, AD and FD
- active state- router is performing recomputation, if FS are always available, a destination never has to go to active state. passive state – router is not performing recomputation
Recomputation Process (
- occurs when a destination has no FS
- while destination is in active state, the router’s routing table info cannot be changed
- router sends a query packet to each of its neighbors (active state)
- if the neighbor has a route for the destination it sends a reply and stops the query from spreading in other branch of the network
- if the neighbor has no route, it will send a query packet to other neighbors(active state)
- after a router received a reply from each neighboring router, the destination returns to passive and the router can select a successor
- Routing Table – contains the best route to each destination called the successor route
-the router compares all FD’s to reach a specific network and selects the route with the lowes FD and places it on the routing table
Holdtime – the amount of time that a router treats a neighbor as reachable and operational
EIGRP Terminologies
Feasible Distance (FD)
- how far a network is away from your router
- cost between the next hop router and the AD
Advertised Distance (AD)
- how far is it away from your neighbor
- cost between the local router and the next hop router
Successor/Current Successor – the best path (injected on the Routing Table)
Feasible Successor – backup path (Topology Table)
By default:
4 Successors with the same FD.
Total of 6 paths= 1 Successor + 5 Feasible Successor
To qualify to be a FS:
Conditions:
FD(successor) > AD(fs to be)
Note: if no suitable successor (FS) is found after topology change, recomputation must occur.
EIGRP Table Illustrations
III. EIGRP Packets
- HELLO :
- for neighbor discovery (MULTICAST and NO ACK)
- UPDATE:
- contains route change information
- sent reliably to affected routers only (triggered updates)
- unicast to a specific or multicast to multiple attached routers
(Triggered updates – only changes are sent unlike RIP where all Routing tables is sent)
- QUERY:
- query are sent when router performs recomputation
- sent to determine if neighbors have FS
- normally multicast or unicast on certain cases
- are sent when a route is lost and no feasible successor is available
- are sent to all neighboring routers on all interface except the interface of the successor
- REPLY:
- response to QUERY packet
- are unicast reliably to the originator
- ACK:
- acknowledges the UPDATE, QUERY and REPLY packets.
- unicast hello packets , nonzero acknowledgment number
Initial Route Discover
IV. EIGRP Metric (k values)
- same metric as IGRP, EIGRP metric is IGRP metric multiplied by 256
- IGRP metric is 24 bits length, EIGRP metric is 32 bits in length
- for routers to communicate they must have the same metric or k values, mismatched can cause neighbor to be reset
5 Criteria for metric computation
- Bandwidth
- the smallest bandwidth between source and destination
- Delay
- the cumulative interface delay along the path
The following critera are not to be change as cisco recommends it.
- Reliability
- worst reliability between source and destination based on keepalives
- Load/Loading
- worst load on a link between source and destination based on packet rate and configured bandwidth of the interface
- MTU
- smallest MTU on the path
Router#show interface serial 0
MTU 1500 bytes, BW 1 Kbit, DLY 50 usec, rely 255/255, load 1/255 Calculating Metrics
By default:
Metric = bandwidth (slowest link) + delay (sum of delays)
Delay – sum of delays in the path, in microseconds
Bandwidth – 10^7 / min bandwidth (kilobits)
K values
K1 = 1 (BW)
K3 = 1 (Delay)
EIGRP metric = Bandwidth + Delay
EIGRP Bandwidth = (10^7/min bandwidth along the path in kbps)*256
EIGRP Delay= (sum of delay in the path in tens of microseconds)*256
Notes: the format of the delay and bandwidth values used for EIGRP metric calculations is different from those displayed by the show interface command.
Integration
IGRP metric = EIGRP metric / 256
Changing the values
Router(config-if)#bandwidth
Router(config-if)#delay
Router(config-if)#ip bandwidth-percent eigrp
Router(config-router)#metric weights
Router#show ip protocols
V. Configuring EIGRP
Router(config)#router eigrp
Router(config-router)# network
Router(config-router)#no auto-summary
Router(config-if)#bandwidth
Router(config-if)ip bandwidth-percent eigrp
- network command indicates what interface will participate in eigrp process
- no auto summary turns off classful routing (on by default)
- if you do not use wildcard mask it will assume a classful network
- use the mask 0.0.0.0 to specify interface
- use the wildcard mask combination 0.0.0.0 255.255.255.255 matches all interface
- wildcard are useful when connecting to different AS
- if no bandwidth is configured on the interface it will default to 1.544Mbps T1
Note:
By default, EIGRP uses 50 percent of the bandwidth on an interface.
The ip bandwidth-percent egrp 100 200 command will process 200 percent of the bandwidth.
Example: Configure EIGRP process on AS 100
Router(config)#router eigrp 100
Router(config-router)#network 172.16.1.0 0.0.0.255
Router(config-router)#network 172.16.2.0 0.0.0.255
Router(config-router)#network 172.16.3.0 0.0.0.255
Router(config-router)#no auto-summary
Router(config-router)#exit
Router(config)#interface serial 0/0
Router(config-if)#bandwidth 64
Router(config-if)#ip bandwidth-percent eigrp 100 50
Wildcard Mask in EIGRP
VI. Configuring the ip default-network command
- used to configure the last-resort gateway or default route
- router configured on this command considers the network listed as the last-resort gateway which will be announce to other routers
Router(config-router)#ip default-network
<> - classful destination
- must be recheable by the router
- the network must be either be EIGRP derived in the routing table or be generated using a static route, redistributed
Example:
Router(config)#router eigrp 100
Router(config-router)#ip default-network 172.30.0.0
Router#show ip route
D*
Example:Advertising a default route
Router(config)#router eigrp 100
Router(config-router)#network 0.0.0.0
Router(config-router)#router eigrp 10.10.10.0
Router(config)#interface loopback 0
Router(config)#ip address 10.10.10.255 255.255.225.255
Router(config)#ip route 0.0.0.0 0.0.0.0 lo 0
Router#show ip route
S* 0.0.0.0/0 is directly connected
VII. Verifying EIGRP Routes
To verify EIGRP operations
Router#show ip route eigrp
Router#show ip protocols
- gives information on dynamic routing protocol running on the router
Router#show ip eigrp traffic
- displays number of various EIGRP packets send and recieved
Router#show ip eigrp topology
- lists networks known by this router through EIGRP process
Router#show ip eigrp interfaces
- displays information about interfaces configured for EIGRP
Router# show ip eigrp neighbors
-shows eigrp neighbors
Several route types:
D – EIGRP routes
D EX – external EIGRP routes
Summarization on EIGRP
- reduces the amount of EIGRP traffic
- smaller routing tables, smaller updates, less bandwidth intensive
- automatic summarization is enabled by default for EIGRP
- configured on a per interface basis, creates a routing point to null0
- the minimum metric of the specific routes is used as the metric of the summary route
- when the last specific route of the summary goes away, the summary is deleted
Configuring Manual route summarization
1. Turn off automatic summarization
Router(config-router)#no auto-summary
2. Create summary address that this interface will generate
Router(config-if)#ip summary-address eigrp
Example:
Router(config-if)#ip summary-address eigrp 100 255.255.0.0
Router#show ip route
D 172.16.0.0/16 is a summary, 00:00:02, Null0
Note:
- The summary route is advertised only if a component of the summary route is present in the routing table
- Summary route is source from Null0 and not the actual interface.
- If no AD is configured it will default to 5
- for discontigous network auto-summarization must be disabled and use ip-address summary command instead.
Routing Table Entries
- Most specific routes, /30 is preferred over /24.
- AD – the lesser the preferred
- metrics
Manual Summarization
Verifying the result
IX. EIGRP Load Balancing
Equal Cost Load Balancing
- the ability of a router to distribute traffic over all its network ports that are the same metric from the destination address
- max of 4 equal paths by default
- using the maximum-paths
- setting the maximum-paths 1 command will disable load balancing
- when process-switched, load balancing over equal cost occurs on per-packet basis
- when fast-switched, load balancing over equal cost occurs on per-destination basis
Unequal-cost Load Balancing
- EIGRP can balance traffic across multiple routes that have different metrics
- it is controlled with the variance command
- if path is not a feasible successor it is not used for load balancing
variance command
- multiplier with a value of 1 to 128
- default is one (equal cost load balancing)
Router(config-router)#variance
Conditions:
- FD(successor) > AD(feasible path to be)
- FD(successor) x Variance > FD(feasible path to be)
Example:
Router(config-router)#variance 2
Router(config)#clear ip eigrp neighbor
Variance example
X. EIGRP Bandwidth Across WAN Links
- EIGRP operates efficiently in WAN environments
- scalable on both P2P and
- by default, EIGRP uses 50 percent of the bandwidth of an interface or subinterface
- uses the bandwidth of the link set by the bandwidth command
Changed the percentage used
Router(config-if)#ip bandwidth-percent eigrp
Bandwidth utilization over WAN interfaces
1. P2P using Frame Relay
- treats bandwidth as T1 by default
- should manually configure bandwidth as the CIR of the PVC
- all virtual circuit are treated equally, dividing the link speed into the number of remote sites
2.
- uses bandwidth on the physical interface divided by the number of neighbors on that interface to calculate the bandwidth attributed per neighbor
- to prevent your router from receiving fraudulent route updates
- no authentication by default
- when enabled the router authenticates the source of each routing update packet it receives
- authentication is accomplished by exchanging authentication key (password) that is known to both the sending and receiving router
2 Types of Authentication
a. Simple password Authentication/Plain Text Authentication
- supported by IS-IS, OSPF and RIPv2
- sends the key over the wire, unsecured process
b. MD5 Authentication
- supported by OSPF, RIPv2, BGP and EIGRP
- sends message digest instead of the key
- cryptographic authentication, a key(password) and key-id are configured
- key ID generates a message digest called hash that is appended to the packet
Configuring MD5 Authentication
1. Type of authentication used for EIGRP packets
Router(config-if)#ip authentication mode eigrp
Example: Configure md5 authentication on interface serial 0, on AS 100
Router(config)#interface serial 0
Router(config-if)# ip authentication mode eigrp 100 md5
2. Enable authentication of EIGRP packet
Router(config-if)#ip authentication key-chain eigrp
Example: Enable authentication on AS 100 and identifies key-chain named JEPOY
Router(config)#interface serial 0
Router(config-if)#ip authentication key-chain eigrp 100 JEPOY
3. Enter configuration mode for the key-chain
Router(config)#key chain
4. Identify key and enters configuration mode for the key-id
Router(config-keychain)#key
5. Identify key string(password) from 1 to 80 alphanumeric character, except the first character must not be a number
Router(config-keychain-key)#key-string
6. Optional: when key will be accepted for received and sending packets
Router(config-keychain-key)#accept-lifetime
Router(config-keychain-key)#send-lifetime
<>
hh:mm:ss month date year
hh:mm:ss date month year
hh hours, mm minutes, ss seconds, month first 3 letters, date (1-31), year (4 digits)
default time and date is January 1, 1993
Creating the key chain
Order of commands:
key chain
key
key string
accept-lifetime
send-lifetime
Example:
Router(config)#interface serial 0
Router(config-if)# ip authentication mode eigrp 100 md5
Router(config-if)#ip authentication key-chain eigrp 100 JEPOY
Router(config-if)#exit
Router(config)#key chain JEPOY
Router(config-keychain)#key 1
Router(config-keychain-key)#key string 0123456789
Router(config-keychain-key)#accept-lifetime 04:00:00 Jan 1 2007 infinite
Router(config-keychain-key)#send-lifetime 01:00:00 Jan 1 2007 04:00:00 Jan 1 2006
accept-lifetime 04:00:00 Jan 1 2006 infinite
- this key is acceptable for use on packets received from Jan 1 ,2007 onward
send-lifetime 05:00:00 Jan 1 2007 05:05:00 Jan 1 2007
- this command specifies that this key is valid for use only when sending packets for one minute only on Jan 1, 2007
-
Verifying MD5 Authentication
Router(config)#debug eigrp packets
- invalid authentication, authentication mismatch are seen on the console
XII. EIGRP Stubs
Hub/Distribution Router
Stub/Remote Router
Hub and spoke topology
- stub router forward all non local traffic to hub so it becomes unnecessary to hold the complete routing table
- stub router sends a special peer info packet to all neighboring routers to report its status as a stub router
- a neighbor that receives a packet informing if of the stub status does not query the stub router for any routes
- stub router responds to queries as inaccessible
- queries are not propagated on stub routers
- only remoter routers are configured as stub
- hub router need not send anything more than a default route to the remote router
Configuring EIGRP Stub
Router(config-router)#eigrp stub [connected,summary,static,receive-only]
Options
- default is summary and connected if no options is configured
summary - permits stub to send summary routes
connected – permit stub to send connected routes, must be redistributed
static – permits stub to advertises static routes only, must be redistributed
receive-only – prevents stub from sending any type of route, will not advertised anything
SIA Stuck in Active
Stuck in Active: taking too long waiting for a query
- route can only move from active to passive state if it receives a reply message generated by a query
- if it doesn’t receive a reply for 3 minutes the route goes to SIA state
- when the route goes SIA state, the querying router resets the neighbor relationship to the neighbor that fails to reply
Common reasons for SIA routers
- high CPU usage or memory problems
- link between the routers is not good, packets are lost
- unidirectional link, traffic on one direction only
Graceful shutdown
- implemented with the goodbye message feature
- a goodbye message is broadcast when an EIGRP routing process is shut down
- are sent in hello packets
- sends on a interface with all K values to 255
Eavesdropping on EIGRP Neighbors
Router#debug eigrp packets
Router#undebug all
To be more specific
Router#debug eigrp packets query reply
EIGRP: Enqueueing QUERY
EIGRP: Sending QUERY
EIGRP: Receiving REPLY
Subscribe to:
Posts (Atom)
