15 déc. 2011
Frame relay and inverse-arp
no frame-relay inverse arp says that I shall not ask the other end what his IP address is.
no arp frame-relay means that if the other end asks me my IP address, I shall not answer him.
29 nov. 2011
Create ACL on eXtreme Network Switches...
vi no67udp.pol
(use a pol extension)
(ls command will list the files/configs on the XOS switch...linux) The following is needed in the policy (I add count so I can see the number of packet hits...it's not required):
entry drop1 {
if match all {
protocol udp;
source-port 67;
} then {
deny;
count drop1;
}
}
entry drop2{
if match all {
protocol udp;
destination-port 67;
} then {
deny;
count drop2;
}
}
After you've wq that (if you're doing vi) then you're ready to apply the policy/access-list. Enter the following commands:
check policy no67udp
(to make sure there are no errors and don't use .pol extension)
Next, apply to the ports:
configure access-list no67udp port 1-11,13-24 (or 26)
(it should respond with done!)
You can then show access-list or show access-list counter to see
if there are any hits.
To remove the access-list enter:
unconfigure access-list no67udp
You can edit the access-list while it's running and then after the
check policy command you will need to enter:
refresh policy no67udp
to make the changes take affect. I think that's all you need.
There's probably a better way and someone
with more experience than me might know. But
this should deny all 67 udp packets from all ports but 12.
27 nov. 2011
OSPF Authentication #1
Three authentication modes:
r1(config)#interface s1/0
r1(config-if)#ip ospf authentication ?
MD5 Authentication:
If "ip ospf authentication message-digest", then:
r1(config-if)#ip ospf message-digest-key 1 md5 ccie_lab
If you just entered "ip ospf authentication", it is clear-text authentication, then:
r1(config-if)#ip ospf authentication-key joe
Bad configuration #1:
There is no authentication here, but it works. Check with show ip ospf interface.
interface Serial1/1
ip ospf authentication message-digest
ip ospf authentication-key joe
Don't forget to use the same key id on both sides, else it won't work. Multiple key numbers can exist on the same interface.
Area Authentication
Authentication can be configured for the whole area (md5 or plain-text).
On each router:
router ospf 1
area 0 authentication message-digest
And on all interface configured with area 0:
interface Serial1/0
ip ospf message-digest-key 1 md5 CCIE_LAB
Note that here, there is no need to configure "ip ospf authentication message-digest" on the interface.
If using a Virtual_Link (which belong to area 0), configure on each router (even if no interfaces belongs to area 0):
Troubleshooting
Always look at "show ip ospf interface (intf)" and see what's happening. If you see "key 0" is used in MD5, then you will NOT be getting credit for that section where they likely tell you to use "cisco" as the password!
To check authentication problems:
r1#debug ip ospf adj
00:39:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0
00:40:04: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 1
00:51:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication Key - No message digest key 0 on interface
- 0 - null, no authentication
- 1 - clear-text
- 2 - md5
r1(config)#interface s1/0
r1(config-if)#ip ospf authentication ?
message-digest Use message-digest authentication
null Use no authentication
MD5 Authentication:
If "ip ospf authentication message-digest", then:
r1(config-if)#ip ospf message-digest-key 1 md5 ccie_lab
If you just entered "ip ospf authentication", it is clear-text authentication, then:
r1(config-if)#ip ospf authentication-key joe
Bad configuration #1:
interface Serial1/1
ip address 13.0.0.1 255.255.255.0
ip ospf authentication-key joe
There is no authentication here, but it works. Check with show ip ospf interface.
Bad configuration #2:
interface Serial1/1
ip ospf authentication message-digest
ip ospf authentication-key joe
There is md5 authentication here, but there is no md5 password specified, it works:
r1#show ip ospf interface Serial1/1
Serial1/1 is up, line protocol is up
[...]
Message digest authentication enabled
No key configured, using default key id 0
Don't forget to use the same key id on both sides, else it won't work. Multiple key numbers can exist on the same interface.
Area Authentication
Authentication can be configured for the whole area (md5 or plain-text).
On each router:
router ospf 1
area 0 authentication message-digest
And on all interface configured with area 0:
interface Serial1/0
ip ospf message-digest-key 1 md5 CCIE_LAB
Note that here, there is no need to configure "ip ospf authentication message-digest" on the interface.
If using a Virtual_Link (which belong to area 0), configure on each router (even if no interfaces belongs to area 0):
router ospf 1
area 0 authentication message-digest
message-digest-key 1 md5 CCIE_LAB
area 234 virtual-link 2.2.2.2 authentication
Troubleshooting
Always look at "show ip ospf interface (intf)" and see what's happening. If you see "key 0" is used in MD5, then you will NOT be getting credit for that section where they likely tell you to use "cisco" as the password!
To check authentication problems:
r1#debug ip ospf adj
00:39:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0
00:40:04: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 1
00:51:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication Key - No message digest key 0 on interface
OSPF Virtual links
OSPF Virtual links are mainly used to avoid partitionned areas.
r1 and r2 belongs to area 0.
r1 and r3 to area 13, r3's loopback0 belongs to area 13.
r2, r3 and r4 to area 234.
If the link between r1 and r3 goes down, r3's loopback 0 becomes unreachable because area 13 has no connectivity with area 0 to reach other areas.
To avoid this, a virtual-link is established betwen the ABR, r3 and r2. This virtual-link belong to area 0.
Configuration:
r1:
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-point
!
!
interface Serial1/0
ip address 12.0.0.1 255.255.255.0
!
interface Serial1/1
ip address 13.0.0.1 255.255.255.0
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
redistribute connected subnets
network 12.0.0.1 0.0.0.0 area 0
network 13.0.0.1 0.0.0.0 area 13
!
On r2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip address 12.0.0.2 255.255.255.0
!
interface Serial1/1
ip address 24.0.0.2 255.255.255.0
!
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute connected subnets
network 12.0.0.2 0.0.0.0 area 0
network 24.0.0.2 0.0.0.0 area 234
!
On r3:
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip address 34.0.0.3 255.255.255.0
! interface Serial1/1
ip address 13.0.0.3 255.255.255.0!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute connected subnets
network 3.3.3.3 0.0.0.0 area 13
network 13.0.0.3 0.0.0.0 area 13
network 34.0.0.3 0.0.0.0 area 234
!
r4:
!
interface Loopback0
ip address 4.4.4.4
ip ospf network point-to-point
!
interface Serial1/0
ip address 24.0.0.4 255.255.255.0
!
interface Serial1/1
ip address 34.0.0.4 255.255.255.0
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute connected subnets
network 24.0.0.4 0.0.0.0 area 234
network 34.0.0.4 0.0.0.0 area 234
!
To create the virtual-link through area 234 (using OSPF router-id), configure the ABR:
On r2:
!
router ospf 1
area 234 virtual-link 3.3.3.3
!
On r3:
!
r3#show ip ospf neighbor
r1 and r2 belongs to area 0.
r1 and r3 to area 13, r3's loopback0 belongs to area 13.
r2, r3 and r4 to area 234.
If the link between r1 and r3 goes down, r3's loopback 0 becomes unreachable because area 13 has no connectivity with area 0 to reach other areas.
To avoid this, a virtual-link is established betwen the ABR, r3 and r2. This virtual-link belong to area 0.
Configuration:
r1:
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-point
!
!
interface Serial1/0
ip address 12.0.0.1 255.255.255.0
!
interface Serial1/1
ip address 13.0.0.1 255.255.255.0
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
redistribute connected subnets
network 12.0.0.1 0.0.0.0 area 0
network 13.0.0.1 0.0.0.0 area 13
!
On r2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip address 12.0.0.2 255.255.255.0
!
interface Serial1/1
ip address 24.0.0.2 255.255.255.0
!
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute connected subnets
network 12.0.0.2 0.0.0.0 area 0
network 24.0.0.2 0.0.0.0 area 234
!
On r3:
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
ip address 34.0.0.3 255.255.255.0
! interface Serial1/1
ip address 13.0.0.3 255.255.255.0!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute connected subnets
network 3.3.3.3 0.0.0.0 area 13
network 13.0.0.3 0.0.0.0 area 13
network 34.0.0.3 0.0.0.0 area 234
!
r4:
!
interface Loopback0
ip address 4.4.4.4
ip ospf network point-to-point
!
interface Serial1/0
ip address 24.0.0.4 255.255.255.0
!
interface Serial1/1
ip address 34.0.0.4 255.255.255.0
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute connected subnets
network 24.0.0.4 0.0.0.0 area 234
network 34.0.0.4 0.0.0.0 area 234
!
To create the virtual-link through area 234 (using OSPF router-id), configure the ABR:
On r2:
!
router ospf 1
area 234 virtual-link 3.3.3.3
!
On r3:
!
router ospf 1
area 234 virtual-link 2.2.2.2
!
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - - 24.0.0.2 OSPF_VL1
1.1.1.1 0 FULL/ - 00:00:33 13.0.0.1 Serial1/1
4.4.4.4 0 FULL/ - 00:00:38 34.0.0.4 Serial1/0
r3#show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Vl1 1 0 34.0.0.3/24 128 P2P 1/1
Lo0 1 13 3.3.3.3/24 1 P2P 0/0
Se1/1 1 13 13.0.0.3/24 64 P2P 1/1
Se1/0 1 234 34.0.0.3/24 64 P2P 1/1
26 nov. 2011
Access-List and Wildcard Mask
ACL and Wildcard mask can be determined based on AND (gives the network) and XOR (gives the wildcard mask) operations:
Example1:
Deny the following hosts in a single access-list statement:
- 200.0.1.2
- 200.0.1.10
- 200.0.1.18
- 200.0.1.26
- 200.0.3.2
- 200.0.3.10
- 200.0.3.18
- 200.0.3.26
| 200.0.1.2 | 11001000 | 00000000 | 00000001 | 00000010 |
| 200.0.1.10 | 11001000 | 00000000 | 00000001 | 00001010 |
| 200.0.1.18 | 11001000 | 00000000 | 00000001 | 00010010 |
| 200.0.1.26 | 11001000 | 00000000 | 00000001 | 00011010 |
| 200.0.3.2 | 11001000 | 00000000 | 00000011 | 00000010 |
| 200.0.3.10 | 11001000 | 00000000 | 00000011 | 00001010 |
| 200.0.3.18 | 11001000 | 00000000 | 00000011 | 00010010 |
| 200.0.3.26 | 11001000 | 00000000 | 00000011 | 00011010 |
| AND: | ||||
| 200.0.1.2 | 11001000 | 00000000 | 00000001 | 00000010 |
| 200.0.1.2 | 11001000 | 00000000 | 00000001 | 00000010 |
| 200.0.1.10 | 11001000 | 00000000 | 00000001 | 00001010 |
| 200.0.1.18 | 11001000 | 00000000 | 00000001 | 00010010 |
| 200.0.1.26 | 11001000 | 00000000 | 00000001 | 00011010 |
| 200.0.3.2 | 11001000 | 00000000 | 00000011 | 00000010 |
| 200.0.3.10 | 11001000 | 00000000 | 00000011 | 00001010 |
| 200.0.3.18 | 11001000 | 00000000 | 00000011 | 00010010 |
| 200.0.3.26 | 11001000 | 00000000 | 00000011 | 00011010 |
| XOR: | ||||
| 0.0.2.24 | 00000000 | 00000000 | 00000010 | 00011000 |
access-list 1 deny 200.0.1.2 0.0.2.24
access-list 1 permit any
There may be overlaps.
Example2:
Deny the follwing networks from being received by RIPv2:
10.0.0.0/16
10.4.0.0/16
10.32.0.0/16
10.36.0.0/16
The amount of bits set in the wildcard mask directly corresponds to the number of addresses the access-list will match.How do we know if we are overlapping address space?
access-list 1 permit 10.0.0.0 0.36.0.0
In the first case, the amount of bits set in the wildcard mask is 3. 3 bits set result in 256 combinations (23 = 8). There is overlap in this address space. However, the resulting access-list is the most specific match possible in one line.
In the second case, 2 bits are set in the wildcard mask, the 32 bit and the 4 bit. 2 bits set result in 4 combinations (22 = 4). In this case, it is evident that these four combinations are the said networks in question.
OSPF - Ethernet Network Type BROADCAST and POINT_TO_MULTIPOINT NON_BROADCAST
BROADCAST and POINT_TO_MULTIPOINT NON_BROADCAST Network Type on Ethernet
BROADCAST
Ethernet = broadcast (default)
On r1:
POINT_TO_POINT NON_BROADCAST
point_to_point non_broadcast:
With FR Hub&Spoke, there is no need to configure the hub as neighbor on each spoke, configuring the hub was sufficient. With Ethernet, it is highly recommanded.
r1#show ip route ospf
192.168.123.0/24 is variably subnetted, 3 subnets, 2 masks
O 192.168.123.3/32 [110/1] via 192.168.123.3, 00:29:03, FastEthernet0/0
O 192.168.123.2/32 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O 23.0.0.0 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0
On r2:
BROADCAST
Ethernet = broadcast (default)
broadcast:
- DR/BDR election
- multicast updates
On r1:
r1#show ip ospf interface f0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.123.1/24, Area 0
Process ID 1, Router ID 192.168.123.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 192.168.123.3, Interface address 192.168.123.3
Backup Designated router (ID) 192.168.123.2, Interface address 192.168.123.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 192.168.123.2 (Backup Designated Router)
Adjacent with neighbor 192.168.123.3 (Designated Router)
Suppress hello for 0 neighbor(s)
On BROADCAST, there DR/BDR election : highest router-id or lowest priority.
No preemption exist if the DR fails: if r1 start first, then r3, then r2, r1 will br dr and r3 bdr.
From the DR/BDR other routers on the segment are seen as FULL/DROTHER.
From other routers, non DR/BDR neighbors are in 2WAY state.
No preemption exist if the DR fails: if r1 start first, then r3, then r2, r1 will br dr and r3 bdr.
From the DR/BDR other routers on the segment are seen as FULL/DROTHER.
From other routers, non DR/BDR neighbors are in 2WAY state.
r1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.123.2 1 FULL/BDR 00:00:31 192.168.123.2 FastEthernet0/0
192.168.123.3 1 FULL/DR 00:00:34 192.168.123.3 FastEthernet0/0
r2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.123.3 0 FULL/ - 00:00:38 23.0.0.3 FastEthernet0/0
192.168.123.1 1 FULL/DROTHER 00:00:38 192.168.123.1 Ethernet1/0
192.168.123.3 1 FULL/DR 00:00:39 192.168.123.3 Ethernet1/0
r3#sho ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.123.2 0 FULL/ - 00:00:38 23.0.0.2 FastEthernet1/0
192.168.123.1 1 FULL/DROTHER 00:00:38 192.168.123.1 FastEthernet0/0
192.168.123.2 1 FULL/BDR 00:00:38 192.168.123.2 FastEthernet0/0
the following routes are present on each router:
r1#show ip route ospf
23.0.0.0/24 is subnetted, 1 subnets
O 23.0.0.0 [110/2] via 192.168.123.3, 00:01:13, FastEthernet0/0
[110/2] via 192.168.123.2, 00:01:13, FastEthernet0/0
r2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 23.0.0.3, 00:01:28, FastEthernet0/0
r3#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.123.1, 00:01:50, FastEthernet0/0
From r2, 1.1.1.1/32 is reachable via r3 and not r1 because r2 is connected via an 10bT interface to the switch:
r2#show ip ospf interface ethernet 1/0 | include Cost
Process ID 1, Router ID 192.168.123.2, Network Type BROADCAST, Cost: 10
On the other side, r1 has two routes to 23.0.0.0/24 via r3 and r2 even if r2 uses ethernet link.
To solve this problem we can change the network type to POINT_TO_MULTIPOINT
NON_BROADCAST (no DR/BDR election, manual configuration of the neighbors). This will allow the configuration of the cost on a per neighbor basis.
NON_BROADCAST (no DR/BDR election, manual configuration of the neighbors). This will allow the configuration of the cost on a per neighbor basis.
POINT_TO_POINT NON_BROADCAST
point_to_point non_broadcast:
- no DR/BDR election (point_to_point)
- unicast updates (non_broadcast)
With FR Hub&Spoke, there is no need to configure the hub as neighbor on each spoke, configuring the hub was sufficient. With Ethernet, it is highly recommanded.
On r1:
!
router ospf 1
router ospf 1
router-id 192.168.123.1
log-adjacency-changes
passive-interface Loopback0
network 1.1.1.1 0.0.0.0 area 0
network 192.168.123.1 0.0.0.0 area 0
neighbor 192.168.123.3 cost 1
neighbor 192.168.123.2 cost 10
!
interface FastEthernet0/0
ip address 192.168.123.1 255.255.255.0
ip ospf network point-to-multipoint non-broadcast
duplex auto
speed auto
!
r1#show ip route ospf
192.168.123.0/24 is variably subnetted, 3 subnets, 2 masks
O 192.168.123.3/32 [110/1] via 192.168.123.3, 00:29:03, FastEthernet0/0
O 192.168.123.2/32 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O 23.0.0.0 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0
On r2:
!
router ospf 1
router-id 192.168.123.2
log-adjacency-changes
network 23.0.0.2 0.0.0.0 area 0
network 192.168.123.2 0.0.0.0 area 0
neighbor 192.168.123.3 cost 10
neighbor 192.168.123.1 cost 10
!
interface Ethernet1/0
ip address 192.168.123.2 255.255.255.0
ip ospf network point-to-multipoint non-broadcast
half-duplex
!
r2#show ip route ospf
192.168.123.0/24 is variably subnetted, 3 subnets, 2 masks
O 192.168.123.3/32 [110/1] via 23.0.0.3, 00:01:05, FastEthernet0/0
O 192.168.123.1/32 [110/2] via 23.0.0.3, 00:00:49, FastEthernet0/0
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 23.0.0.3, 00:00:49, FastEthernet0/0
On r3:
!
router ospf 1
router-id 192.168.123.3
log-adjacency-changes
network 23.0.0.3 0.0.0.0 area 0
network 192.168.123.3 0.0.0.0 area 0
neighbor 192.168.123.2 cost 10
neighbor 192.168.123.1 cost 1
!
interface FastEthernet0/0
ip address 192.168.123.3 255.255.255.0
ip ospf network point-to-multipoint non-broadcast
!
24 nov. 2011
OSPF - Network Types
OSPF Network Types are:
BROADCAST, DR/BDR election, auto neighbor, 10s hello.
NON_BROADCAST, DR/BDR election, configured neighbor, 30s hello.
POINT_TO_POINT, no DR/BDR election, auto neighbor, 10s hello.
POINT_TO_MULTIPOINT, no DR/BDR election, configured neighbor, 30s hello.
POINT_TO_MULTIPOINT NON_BROADCAST, no DR/BDR election, configured neighbor, 30s hello.
Avoid mixing of OSPF Network types that works with DR/BDR and those that don't.
On Ethernet segments, use:
BROADCAST (default) , if more than two routers on the segment.
POINT_TO_POINT, if only two routers on the segment.
POINT_TO_MULTIPOINT NON_BROADCAST, usefull to configure neighbor costs, but there should be a full mesh configuration.
On NBMA, use:
BROADCAST, DR/BDR election, auto neighbor, 10s hello.
NON_BROADCAST, DR/BDR election, configured neighbor, 30s hello.
POINT_TO_POINT, no DR/BDR election, auto neighbor, 10s hello.
POINT_TO_MULTIPOINT, no DR/BDR election, configured neighbor, 30s hello.
POINT_TO_MULTIPOINT NON_BROADCAST, no DR/BDR election, configured neighbor, 30s hello.
Avoid mixing of OSPF Network types that works with DR/BDR and those that don't.
On Ethernet segments, use:
BROADCAST (default) , if more than two routers on the segment.
POINT_TO_POINT, if only two routers on the segment.
POINT_TO_MULTIPOINT NON_BROADCAST, usefull to configure neighbor costs, but there should be a full mesh configuration.
On NBMA, use:
NON_BROADCAST (default), use if the mapping is fully configured (static mapping only or dynamic mapping plus static mapping allowed) or at least if all spokes have connectivity with the Hub.
BROADCAST, broadcast must be enabled on each mapping.
POINT_TO_POINT, can be configured on the spokes if the Hub is configured in POINT_TO_MULTIPOINT, but change timers.
POINT_TO_MULTIPOINT, if the mapping is not fully configured (dynamic mapping only) and no BDR are allowed.
POINT_TO_MULTIPOINT NON_BROADCAST, if the mapping is not fully configured (dynamic mapping only or static mapping (to the HUB only or not) but without broadcast keyword) and no BDR are allowed.
On serial links, use:
POINT_TO_POINT (default)
OSPF - Network Type POINT_TO_MULTIPOINT NON_BROADCAST
POINT_TO_MULTIPOINT NON_BROADCAST is a mix of POINT_TO_MULTIPOINT and NON_BROADCAST network types. The best of each network type is used.
POINT_TO_MULTIPOINT means no DR/BDR election. This also signify that the hub sees each adjacency as a point-to point link and that the NEXT-HOP is always the HUB (so, partial mesh frame relay configuration is possible, for example dynamic mapping with no knowledge of the dlci to use to reach another spoke).
NON_BROADCAST means manual configuration of the neighbors. The costs can be specified on a per neighbor basis, through the neighbor command. This is useful on NBMA networks.
On r1:
!
interface Serial0/0
ip address 150.0.0.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 150.0.0.2 102 broadcast
frame-relay map ip 150.0.0.3 103 broadcast
no frame-relay inverse-arp
!
router ospf 1
router-id 150.1.1.1
log-adjacency-changes
passive-interface Loopback0
network 150.0.0.1 0.0.0.0 area 0
network 150.1.1.1 0.0.0.0 area 0
network 150.10.0.11 0.0.0.0 area 0
neighbor 150.0.0.3
neighbor 150.0.0.2
!
r1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
150.3.3.3 0 FULL/ - 00:01:42 150.0.0.3 Serial0/0
150.2.2.2 0 FULL/ - 00:01:42 150.0.0.2 Serial0/0
r1#
On r2:
!
interface Serial0/0
ip address 150.0.0.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 150.0.0.1 201 broadcast
frame-relay map ip 150.0.0.3 201
frame-relay map ip 150.0.0.4 201
no frame-relay inverse-arp
!
router ospf 1
router-id 150.2.2.2
log-adjacency-changes
passive-interface Loopback0
network 150.0.0.2 0.0.0.0 area 0
network 150.2.2.2 0.0.0.0 area 0
!
r2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
150.1.1.1 0 FULL/ - 00:01:54 150.0.0.1 Serial0/0
r2#
r2#show ip route ospf
150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 150.0.0.3/32 [110/128] via 150.0.0.1, 00:22:52, Serial0/0
O 150.0.0.1/32 [110/64] via 150.0.0.1, 00:22:52, Serial0/0
150.1.0.0/32 is subnetted, 1 subnets
O 150.1.1.1 [110/65] via 150.0.0.1, 00:22:52, Serial0/0
150.3.0.0/32 is subnetted, 1 subnets
O 150.3.3.3 [110/129] via 150.0.0.1, 00:22:52, Serial0/0
150.10.0.0/24 is subnetted, 1 subnets
O 150.10.0.0 [110/65] via 150.0.0.1, 00:22:52, Serial0/0
r2#
r2#show ip ospf interface Serial 0/0
Serial0/0 is up, line protocol is up
Internet Address 150.0.0.2/24, Area 0
Process ID 1, Router ID 150.2.2.2, Network Type POINT_TO_MULTIPOINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:27
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 150.1.1.1
Suppress hello for 0 neighbor(s)
r2#show ip ospf database router 150.3.3.3
OSPF Router with ID (150.2.2.2) (Process ID 1)
Router Link States (Area 0)
LS age: 1704
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 150.3.3.3
Advertising Router: 150.3.3.3
LS Seq Number: 80000022
Checksum: 0xCD39
Length: 60
Number of Links: 3
Link connected to: a Stub Network
(Link ID) Network/subnet number: 150.3.3.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 150.1.1.1
(Link Data) Router Interface address: 150.0.0.3
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 150.0.0.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 0
There is a new stub network, 150.3.3.3 with mask 255.255.255.255 which is entered in the routing table as 150.3.3.3/32.
Note:
The mapping on the spoke is only necessary toward the HUB. Moreover, the broadcast keyword is optional.
The cost can be specified on a per neighbor basis.
On r1:
!
interface Serial0/0
ip address 150.0.0.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 150.0.0.2 102
frame-relay map ip 150.0.0.3 103
no frame-relay inverse-arp
!
router ospf 1
router-id 150.1.1.1
log-adjacency-changes
passive-interface Loopback0
network 150.0.0.1 0.0.0.0 area 0
network 150.1.1.1 0.0.0.0 area 0
network 150.10.0.11 0.0.0.0 area 0
neighbor 150.0.0.3 cost 100
neighbor 150.0.0.2 cost 20
!
On r2:
!
interface Serial0/0
ip address 150.0.0.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 150.0.0.1 201
no frame-relay inverse-arp
!
On r3:
!
interface Serial0/0
ip address 150.0.0.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 150.0.0.1 301
no frame-relay inverse-arp
!
r1# show ip route ospf
150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 150.0.0.2/32 [110/20] via 150.0.0.2, 00:01:16, Serial0/0
O 150.0.0.3/32 [110/100] via 150.0.0.3, 00:01:16, Serial0/0
150.2.0.0/32 is subnetted, 1 subnets
O 150.2.2.2 [110/21] via 150.0.0.2, 00:01:16, Serial0/0
150.3.0.0/32 is subnetted, 1 subnets
O 150.3.3.3 [110/101] via 150.0.0.3, 00:01:16, Serial0/0
r1# show frame-relay map
Serial0/0 (up): ip 150.0.0.2 dlci 102(0x66,0x1860), static,
CISCO, status defined, active
Serial0/0 (up): ip 150.0.0.3 dlci 103(0x67,0x1870), static,
CISCO, status defined, active
r1#show ip ospf neighbor detail
Neighbor 150.3.3.3, interface address 150.0.0.3
In the area 0 via interface Serial0/0
Neighbor priority is 0 (configured 0), State is FULL, 13 state changes, Cost is 100
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:01:47
Neighbor is up for 00:04:58
Index 2/2, retransmission queue length 0, number of retransmission 4
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Neighbor 150.2.2.2, interface address 150.0.0.2
In the area 0 via interface Serial0/0
Neighbor priority is 0 (configured 0), State is FULL, 13 state changes, Cost is 20
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:01:47
Neighbor is up for 00:04:58
Index 1/1, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
r2#show ip route ospf
150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 150.0.0.3/32 [110/164] via 150.0.0.1, 00:01:17, Serial0/0
O 150.0.0.1/32 [110/64] via 150.0.0.1, 00:01:17, Serial0/0
150.1.0.0/32 is subnetted, 1 subnets
O 150.1.1.1 [110/65] via 150.0.0.1, 00:01:17, Serial0/0
150.3.0.0/32 is subnetted, 1 subnets
O 150.3.3.3 [110/165] via 150.0.0.1, 00:01:17, Serial0/0
150.10.0.0/24 is subnetted, 1 subnets
O 150.10.0.0 [110/65] via 150.0.0.1, 00:01:17, Serial0/0
r2#show frame-relay map
Serial0/0 (up): ip 150.0.0.1 dlci 201(0xC9,0x3090), static,
CISCO, status defined, active
r3#show ip route ospf
150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 150.0.0.2/32 [110/84] via 150.0.0.1, 00:01:50, Serial0/0
O 150.0.0.1/32 [110/64] via 150.0.0.1, 00:01:50, Serial0/0
150.1.0.0/32 is subnetted, 1 subnets
O 150.1.1.1 [110/65] via 150.0.0.1, 00:01:50, Serial0/0
150.2.0.0/32 is subnetted, 1 subnets
O 150.2.2.2 [110/85] via 150.0.0.1, 00:01:50, Serial0/0
150.10.0.0/24 is subnetted, 1 subnets
O 150.10.0.0 [110/65] via 150.0.0.1, 00:01:50, Serial0/0
r3#show frame-relay map
Serial0/0 (up): ip 150.0.0.1 dlci 301(0x12D,0x48D0), static,
CISCO, status defined, active
Note:
Since the beginning of the example, the loopback configured on each router is a /24 but a /32 is advertised. This is because loopback have always the LOOPBACK network type. To change this, use ip ospf network point-to-point.
On r3:
r3#show ip ospf interface Loopback 0
Loopback0 is up, line protocol is up
Internet Address 150.3.3.3/24, Area 0
Process ID 1, Router ID 150.3.3.3, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
r2#show ip route 150.3.3.3
Routing entry for 150.3.3.3/32
Known via "ospf 1", distance 110, metric 165, type intra area
Last update from 150.0.0.1 on Serial0/0, 00:00:55 ago
Routing Descriptor Blocks:
* 150.0.0.1, from 150.3.3.3, 00:00:55 ago, via Serial0/0
Route metric is 165, traffic share count is 1
After configuring the network type:
!
interface Loopback0
ip address 150.3.3.3 255.255.255.0
ip ospf network point-to-point
!
r3#show ip ospf interface Loopback 0
Loopback0 is up, line protocol is up
Internet Address 150.3.3.3/24, Area 0
Process ID 1, Router ID 150.3.3.3, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Now, this route is seen as a /24 on r2:
r2#show ip route 150.3.3.3
Routing entry for 150.3.3.0/24
Known via "ospf 1", distance 110, metric 165, type intra area
Last update from 150.0.0.1 on Serial0/0, 00:00:05 ago
Routing Descriptor Blocks:
* 150.0.0.1, from 150.3.3.3, 00:00:05 ago, via Serial0/0
Route metric is 165, traffic share count is 1
These changes are reflected in the database:
r2#show ip ospf database router 150.3.3.3
OSPF Router with ID (150.2.2.2) (Process ID 1)
Router Link States (Area 0)
LS age: 54
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 150.3.3.3
Advertising Router: 150.3.3.3
LS Seq Number: 80000026
Checksum: 0xA75E
Length: 60
Number of Links: 3
Link connected to: a Stub Network
(Link ID) Network/subnet number: 150.3.3.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 150.1.1.1
(Link Data) Router Interface address: 150.0.0.3
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 150.0.0.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 0
Inscription à :
Articles (Atom)