Create ACL on eXtreme Network Switches...

First, create a policy.    Enter command:

vi no67udp.pol

(use a pol extension)

(ls command will list the files/configs on the XOS switch...linux)  The following is needed in the policy (I add count so I can see the number of packet hits...it's not required):

entry drop1 {
        if match all {
                protocol                udp;
                source-port             67;
         } then {
            deny;
                count drop1;
  }

}
entry drop2{
        if match all {
                protocol                udp;
                destination-port        67;
         } then {
            deny;
                count drop2;
  }
}


After you've wq that (if you're doing vi) then you're ready to apply the policy/access-list.  Enter the following commands:

check policy no67udp
(to make sure there are no errors and don't use .pol extension)

Next, apply to the ports:

configure access-list no67udp port 1-11,13-24 (or 26)
(it should respond with done!)

You can then show access-list or show access-list counter to see
if there are any hits.

To remove the access-list enter:

unconfigure access-list no67udp

You can edit the access-list while it's running and then after the
check policy command you will need to enter:

refresh policy no67udp

to make the changes take affect.  I think that's all you need. 
There's probably a better way and someone
with more experience than me might know.  But
this should deny all 67 udp packets from all ports but 12.

OSPF Authentication #1

Three authentication modes:

• 0 - null, no authentication
• 1 - clear-text
• 2 - md5

Per interface authentication
r1(config)#interface s1/0
r1(config-if)#ip ospf authentication ?

  message-digest  Use message-digest authentication

  null            Use no authentication

MD5 Authentication:


If "ip ospf authentication message-digest", then:
r1(config-if)#ip ospf message-digest-key 1 md5 ccie_lab


If you just entered "ip ospf authentication", it is clear-text authentication, then:
r1(config-if)#ip ospf authentication-key joe

Bad configuration #1: 

interface Serial1/1

 ip address 13.0.0.1 255.255.255.0

 ip ospf authentication-key joe

There is no authentication here, but it works. Check with show ip ospf interface.

Bad configuration #2: 

interface Serial1/1

 ip ospf authentication message-digest
 ip ospf authentication-key joe

There is md5 authentication here, but there is no md5 password specified, it works:

r1#show ip ospf interface Serial1/1

Serial1/1 is up, line protocol is up 

[...]

  Message digest authentication enabled

      No key configured, using default key id 0

Don't forget to use the same key id on both sides, else it won't work. Multiple key numbers can exist on the same interface.


Area Authentication


Authentication can be configured for the whole area (md5 or plain-text).
On each router:
router ospf 1
 area 0 authentication message-digest
And on all interface configured with area 0:

interface Serial1/0
 ip ospf message-digest-key 1 md5 CCIE_LAB


Note that here, there is no need to configure "ip ospf authentication message-digest" on the interface.


If using a Virtual_Link (which belong to area 0), configure on each router (even if no interfaces belongs to area 0):

router ospf 1

 area 0 authentication message-digest

 message-digest-key 1 md5 CCIE_LAB

 area 234 virtual-link 2.2.2.2 authentication 

Troubleshooting
Always look at "show ip ospf interface (intf)" and see what's happening.  If you see "key 0" is used in MD5, then you will NOT be getting credit for that section where they likely tell you to use "cisco" as the password!


To check authentication problems:
r1#debug ip ospf adj 


00:39:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0


00:40:04: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 1

00:51:54: OSPF: Rcv pkt from 13.0.0.3, Serial1/1 : Mismatch Authentication Key - No message digest key 0 on interface

OSPF Virtual links

OSPF Virtual links are mainly used to avoid partitionned areas.


r1 and r2 belongs to area 0.
r1 and r3 to area 13, r3's loopback0 belongs to area 13.
r2, r3 and r4 to area 234.


If the link between r1 and r3 goes down, r3's loopback 0 becomes unreachable because area 13 has no connectivity with area 0 to reach other areas.
To avoid this, a virtual-link is established betwen the ABR, r3 and r2. This virtual-link belong to area 0.


Configuration:


r1:
!

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point

!

!
interface Serial1/0
 ip address 12.0.0.1 255.255.255.0

!
interface Serial1/1
 ip address 13.0.0.1 255.255.255.0

!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 redistribute connected subnets
 network 12.0.0.1 0.0.0.0 area 0
 network 13.0.0.1 0.0.0.0 area 13
!


On r2:

interface Loopback0
 ip address 2.2.2.2 255.255.255.0
 ip ospf network point-to-point
!

interface Serial1/0
 ip address 12.0.0.2 255.255.255.0
!

interface Serial1/1
 ip address 24.0.0.2 255.255.255.0
!

!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute connected subnets
 network 12.0.0.2 0.0.0.0 area 0
 network 24.0.0.2 0.0.0.0 area 234
!






On r3:
!

interface Loopback0
 ip address 3.3.3.3 255.255.255.0
 ip ospf network point-to-point


!
interface Serial1/0
 ip address 34.0.0.3 255.255.255.0
! interface Serial1/1
 ip address 13.0.0.3 255.255.255.0!
router ospf 1

 router-id 3.3.3.3
 log-adjacency-changes
 redistribute connected subnets
 network 3.3.3.3 0.0.0.0 area 13
 network 13.0.0.3 0.0.0.0 area 13
 network 34.0.0.3 0.0.0.0 area 234
!




r4:
!
interface Loopback0
 ip address 4.4.4.4
 ip ospf network point-to-point
!
interface Serial1/0
 ip address 24.0.0.4 255.255.255.0
!
interface Serial1/1
 ip address 34.0.0.4 255.255.255.0
!

router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 redistribute connected subnets
 network 24.0.0.4 0.0.0.0 area 234
 network 34.0.0.4 0.0.0.0 area 234
!



To create the virtual-link through area 234 (using OSPF router-id), configure the ABR:
On r2:
!
router ospf 1
 area 234 virtual-link 3.3.3.3
!


On r3:
!

router ospf 1

 area 234 virtual-link 2.2.2.2

!

r3#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

2.2.2.2           0   FULL/  -           -        24.0.0.2        OSPF_VL1

1.1.1.1           0   FULL/  -        00:00:33    13.0.0.1        Serial1/1

4.4.4.4           0   FULL/  -        00:00:38    34.0.0.4        Serial1/0

r3#show ip ospf interface brief 

Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C

Vl1          1     0               34.0.0.3/24        128   P2P   1/1

Lo0          1     13              3.3.3.3/24         1     P2P   0/0

Se1/1        1     13              13.0.0.3/24        64    P2P   1/1

Se1/0        1     234             34.0.0.3/24        64    P2P   1/1

Access-List and Wildcard Mask

ACL and Wildcard mask can be determined based on AND (gives the network) and XOR (gives the wildcard mask) operations:

Example1:

Deny the following hosts in a single access-list statement:

200.0.1.2
200.0.1.10
200.0.1.18
200.0.1.26
200.0.3.2
200.0.3.10
200.0.3.18
200.0.3.26






 
 


  
200.0.1.2
  
11001000
  
00000000
  
00000001
  
00000010
 

  
200.0.1.10
  
11001000
  
00000000
  
00000001
  
00001010
 

  
200.0.1.18
  
11001000
  
00000000
  
00000001
  
00010010
 

  
200.0.1.26
  
11001000
  
00000000
  
00000001
  
00011010
 

  
200.0.3.2
  
11001000
  
00000000
  
00000011
  
00000010
 

  
200.0.3.10
  
11001000
  
00000000
  
00000011
  
00001010
 

  
200.0.3.18
  
11001000
  
00000000
  
00000011
  
00010010
 

  
200.0.3.26
  
11001000
  
00000000
  
00000011
  
00011010
 

  
AND:
  

  

  

  

 

  
200.0.1.2
  
11001000
  
00000000
  
00000001
  
00000010





 
 


  
200.0.1.2
  
11001000
  
00000000
  
00000001
  
00000010
 

  
200.0.1.10
  
11001000
  
00000000
  
00000001
  
00001010
 

  
200.0.1.18
  
11001000
  
00000000
  
00000001
  
00010010
 

  
200.0.1.26
  
11001000
  
00000000
  
00000001
  
00011010
 

  
200.0.3.2
  
11001000
  
00000000
  
00000011
  
00000010
 

  
200.0.3.10
  
11001000
  
00000000
  
00000011
  
00001010
 

  
200.0.3.18
  
11001000
  
00000000
  
00000011
  
00010010
 

  
200.0.3.26
  
11001000
  
00000000
  
00000011
  
00011010
 

  
XOR:
  

  

  

  

 

  
0.0.2.24
  
00000000
  
00000000
  
00000010
  
00011000
 



The acl would be:
access-list 1 deny 200.0.1.2 0.0.2.24
access-list 1 permit any
There may be overlaps.


Example2:
Deny the follwing networks from being received by RIPv2:
10.0.0.0/16

10.4.0.0/16

10.32.0.0/16

10.36.0.0/16

access-list 1 permit 10.0.0.0 0.36.0.0
How do we know if we are overlapping address space?

The amount of bits set in the wildcard mask directly corresponds to the number of addresses the access-list will match.

In the first case, the amount of bits set in the wildcard mask is 3. 3 bits set result in 256 combinations (23 = 8). There is overlap in this address space. However, the resulting access-list is the most specific match possible in one line.

In the second case, 2 bits are set in the wildcard mask, the 32 bit and the 4 bit. 2 bits set result in 4 combinations (22 = 4). In this case, it is evident that these four combinations are the said networks in question.

OSPF - Ethernet Network Type BROADCAST and POINT_TO_MULTIPOINT NON_BROADCAST

BROADCAST and POINT_TO_MULTIPOINT NON_BROADCAST Network Type on Ethernet

BROADCAST 
Ethernet = broadcast (default)

broadcast:

• DR/BDR election
• multicast updates

On r1:

r1#show ip ospf  interface f0/0

FastEthernet0/0 is up, line protocol is up 

  Internet Address 192.168.123.1/24, Area 0 

  Process ID 1, Router ID 192.168.123.1, Network Type BROADCAST, Cost: 1

  Transmit Delay is 1 sec, State DROTHER, Priority 1

  Designated Router (ID) 192.168.123.3, Interface address 192.168.123.3

  Backup Designated router (ID) 192.168.123.2, Interface address 192.168.123.2

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    oob-resync timeout 40

    Hello due in 00:00:03

  Supports Link-local Signaling (LLS)

  Cisco NSF helper support enabled

  IETF NSF helper support enabled

  Index 1/1, flood queue length 0

  Next 0x0(0)/0x0(0)

  Last flood scan length is 1, maximum is 1

  Last flood scan time is 0 msec, maximum is 4 msec

  Neighbor Count is 2, Adjacent neighbor count is 2 

    Adjacent with neighbor 192.168.123.2  (Backup Designated Router)

    Adjacent with neighbor 192.168.123.3  (Designated Router)

  Suppress hello for 0 neighbor(s)

On BROADCAST, there DR/BDR election : highest router-id or lowest priority.
No preemption exist if the DR fails: if r1 start first, then r3, then r2, r1 will br dr and r3 bdr.


From the DR/BDR other routers on the segment are seen as FULL/DROTHER.
From other routers, non DR/BDR neighbors are in 2WAY state.

r1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.123.2     1   FULL/BDR        00:00:31    192.168.123.2   FastEthernet0/0

192.168.123.3     1   FULL/DR         00:00:34    192.168.123.3   FastEthernet0/0

r2#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.123.3     0   FULL/  -        00:00:38    23.0.0.3        FastEthernet0/0

192.168.123.1     1   FULL/DROTHER    00:00:38    192.168.123.1   Ethernet1/0

192.168.123.3     1   FULL/DR         00:00:39    192.168.123.3   Ethernet1/0

r3#sho ip ospf  neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.123.2     0   FULL/  -        00:00:38    23.0.0.2        FastEthernet1/0

192.168.123.1     1   FULL/DROTHER    00:00:38    192.168.123.1   FastEthernet0/0

192.168.123.2     1   FULL/BDR        00:00:38    192.168.123.2   FastEthernet0/0

the following routes are present on each router:

r1#show ip route ospf

     23.0.0.0/24 is subnetted, 1 subnets

O       23.0.0.0 [110/2] via 192.168.123.3, 00:01:13, FastEthernet0/0

                 [110/2] via 192.168.123.2, 00:01:13, FastEthernet0/0

r2#show ip route ospf

     1.0.0.0/32 is subnetted, 1 subnets

O       1.1.1.1 [110/3] via 23.0.0.3, 00:01:28, FastEthernet0/0

r3#show ip route ospf

     1.0.0.0/32 is subnetted, 1 subnets

O       1.1.1.1 [110/2] via 192.168.123.1, 00:01:50, FastEthernet0/0

From r2, 1.1.1.1/32 is reachable via r3 and not r1 because r2 is connected via an 10bT interface to the switch:

r2#show ip ospf interface ethernet 1/0 | include Cost                  

  Process ID 1, Router ID 192.168.123.2, Network Type BROADCAST, Cost: 10

On the other side, r1 has two routes to 23.0.0.0/24 via r3 and r2 even if r2 uses ethernet link.

To solve this problem we can change the network type to POINT_TO_MULTIPOINT 
NON_BROADCAST (no DR/BDR election, manual configuration of the neighbors). This will allow the configuration of the cost on a per neighbor basis.

POINT_TO_POINT NON_BROADCAST 

point_to_point non_broadcast:

• no DR/BDR election (point_to_point)
• unicast updates (non_broadcast)

With FR Hub&Spoke, there is no need to configure the hub as neighbor on each spoke, configuring the hub was sufficient. With Ethernet, it is highly recommanded.

On r1:

!
router ospf 1

 router-id 192.168.123.1

 log-adjacency-changes

 passive-interface Loopback0

 network 1.1.1.1 0.0.0.0 area 0

 network 192.168.123.1 0.0.0.0 area 0

 neighbor 192.168.123.3 cost 1

 neighbor 192.168.123.2 cost 10

!

interface FastEthernet0/0

 ip address 192.168.123.1 255.255.255.0

 ip ospf network point-to-multipoint non-broadcast

 duplex auto

 speed auto

!

r1#show ip route ospf
     192.168.123.0/24 is variably subnetted, 3 subnets, 2 masks
O       192.168.123.3/32 [110/1] via 192.168.123.3, 00:29:03, FastEthernet0/0
O       192.168.123.2/32 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
O       23.0.0.0 [110/2] via 192.168.123.3, 00:29:03, FastEthernet0/0

On r2:

!

router ospf 1

 router-id 192.168.123.2

 log-adjacency-changes

 network 23.0.0.2 0.0.0.0 area 0

 network 192.168.123.2 0.0.0.0 area 0

 neighbor 192.168.123.3 cost 10

 neighbor 192.168.123.1 cost 10

!

interface Ethernet1/0

 ip address 192.168.123.2 255.255.255.0

 ip ospf network point-to-multipoint non-broadcast

 half-duplex

!

r2#show ip route ospf

     192.168.123.0/24 is variably subnetted, 3 subnets, 2 masks

O       192.168.123.3/32 [110/1] via 23.0.0.3, 00:01:05, FastEthernet0/0

O       192.168.123.1/32 [110/2] via 23.0.0.3, 00:00:49, FastEthernet0/0

     1.0.0.0/32 is subnetted, 1 subnets

O       1.1.1.1 [110/3] via 23.0.0.3, 00:00:49, FastEthernet0/0

On r3:

!

router ospf 1

 router-id 192.168.123.3

 log-adjacency-changes

 network 23.0.0.3 0.0.0.0 area 0

 network 192.168.123.3 0.0.0.0 area 0

 neighbor 192.168.123.2 cost 10

 neighbor 192.168.123.1 cost 1

!

interface FastEthernet0/0

 ip address 192.168.123.3 255.255.255.0

 ip ospf network point-to-multipoint non-broadcast

!

OSPF - Network Types

OSPF Network Types are:
BROADCAST, DR/BDR election, auto neighbor, 10s hello.
NON_BROADCAST, DR/BDR election, configured neighbor, 30s hello.


POINT_TO_POINT, no DR/BDR election, auto neighbor, 10s hello.
POINT_TO_MULTIPOINT, no DR/BDR election, configured neighbor, 30s hello.
POINT_TO_MULTIPOINT NON_BROADCAST, no DR/BDR election, configured neighbor, 30s hello.

Avoid mixing of OSPF Network types that works with DR/BDR and those that don't.


On Ethernet segments, use:
BROADCAST (default) , if more than two routers on the segment.
POINT_TO_POINT, if only two routers on the segment.
POINT_TO_MULTIPOINT NON_BROADCAST, usefull to configure neighbor costs, but there should be a full mesh configuration.


On NBMA, use:

NON_BROADCAST (default), use if the mapping is fully configured (static mapping only or dynamic mapping plus static mapping allowed) or at least if all spokes have connectivity with the Hub.

BROADCAST, broadcast must be enabled on each mapping.

POINT_TO_POINT, can be configured on the spokes if the Hub is configured in POINT_TO_MULTIPOINT, but change timers.

POINT_TO_MULTIPOINT, if the mapping is not fully configured (dynamic mapping only) and no BDR are allowed.

POINT_TO_MULTIPOINT NON_BROADCAST, if the mapping is not fully configured (dynamic mapping only or static mapping (to the HUB only or not) but without broadcast keyword) and no BDR are allowed.

On serial links, use:

POINT_TO_POINT (default)

OSPF - Network Type POINT_TO_MULTIPOINT NON_BROADCAST

POINT_TO_MULTIPOINT NON_BROADCAST is a mix of POINT_TO_MULTIPOINT and NON_BROADCAST network types. The best of each network type is used.

POINT_TO_MULTIPOINT means no DR/BDR election. This also signify that the hub sees each adjacency as a point-to point link and that the NEXT-HOP is always the HUB (so, partial mesh frame relay configuration is possible, for example dynamic mapping with no knowledge of the dlci to use to reach another spoke).

NON_BROADCAST means manual configuration of the neighbors. The costs can be specified on a per neighbor basis, through the neighbor command. This is useful on NBMA networks.

On r1:

!

interface Serial0/0

 ip address 150.0.0.1 255.255.255.0

 encapsulation frame-relay

 ip ospf network point-to-multipoint non-broadcast

 frame-relay map ip 150.0.0.2 102 broadcast

 frame-relay map ip 150.0.0.3 103 broadcast

 no frame-relay inverse-arp

!

router ospf 1

 router-id 150.1.1.1

 log-adjacency-changes

 passive-interface Loopback0

 network 150.0.0.1 0.0.0.0 area 0

 network 150.1.1.1 0.0.0.0 area 0

 network 150.10.0.11 0.0.0.0 area 0

 neighbor 150.0.0.3

 neighbor 150.0.0.2

!

r1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

150.3.3.3         0   FULL/  -        00:01:42    150.0.0.3       Serial0/0

150.2.2.2         0   FULL/  -        00:01:42    150.0.0.2       Serial0/0

r1#

On r2:

!

interface Serial0/0

 ip address 150.0.0.2 255.255.255.0

 encapsulation frame-relay

 ip ospf network point-to-multipoint non-broadcast

 frame-relay map ip 150.0.0.1 201 broadcast

 frame-relay map ip 150.0.0.3 201

 frame-relay map ip 150.0.0.4 201

 no frame-relay inverse-arp

!

router ospf 1

 router-id 150.2.2.2

 log-adjacency-changes

 passive-interface Loopback0

 network 150.0.0.2 0.0.0.0 area 0

 network 150.2.2.2 0.0.0.0 area 0

! 

r2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

150.1.1.1         0   FULL/  -        00:01:54    150.0.0.1       Serial0/0

r2#

r2#show ip route ospf

     150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks

O       150.0.0.3/32 [110/128] via 150.0.0.1, 00:22:52, Serial0/0

O       150.0.0.1/32 [110/64] via 150.0.0.1, 00:22:52, Serial0/0

     150.1.0.0/32 is subnetted, 1 subnets

O       150.1.1.1 [110/65] via 150.0.0.1, 00:22:52, Serial0/0

     150.3.0.0/32 is subnetted, 1 subnets

O       150.3.3.3 [110/129] via 150.0.0.1, 00:22:52, Serial0/0

     150.10.0.0/24 is subnetted, 1 subnets

O       150.10.0.0 [110/65] via 150.0.0.1, 00:22:52, Serial0/0

r2#

r2#show ip ospf interface Serial 0/0

Serial0/0 is up, line protocol is up

  Internet Address 150.0.0.2/24, Area 0

  Process ID 1, Router ID 150.2.2.2, Network Type POINT_TO_MULTIPOINT, Cost: 64

  Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT

  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5

    oob-resync timeout 120

    Hello due in 00:00:27

  Supports Link-local Signaling (LLS)

  Cisco NSF helper support enabled

  IETF NSF helper support enabled

  Index 1/1, flood queue length 0

  Next 0x0(0)/0x0(0)

  Last flood scan length is 1, maximum is 1

  Last flood scan time is 0 msec, maximum is 4 msec

  Neighbor Count is 1, Adjacent neighbor count is 1

    Adjacent with neighbor 150.1.1.1

  Suppress hello for 0 neighbor(s)

r2#show ip ospf database router 150.3.3.3

            OSPF Router with ID (150.2.2.2) (Process ID 1)

          Router Link States (Area 0)

  LS age: 1704

  Options: (No TOS-capability, DC)

  LS Type: Router Links

  Link State ID: 150.3.3.3

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000022

  Checksum: 0xCD39

  Length: 60

  Number of Links: 3

    Link connected to: a Stub Network

     (Link ID) Network/subnet number: 150.3.3.3

     (Link Data) Network Mask: 255.255.255.255

      Number of TOS metrics: 0

       TOS 0 Metrics: 1

    Link connected to: another Router (point-to-point)

     (Link ID) Neighboring Router ID: 150.1.1.1

     (Link Data) Router Interface address: 150.0.0.3

      Number of TOS metrics: 0

       TOS 0 Metrics: 64

    Link connected to: a Stub Network

     (Link ID) Network/subnet number: 150.0.0.3

     (Link Data) Network Mask: 255.255.255.255

      Number of TOS metrics: 0

       TOS 0 Metrics: 0

There is a new stub network, 150.3.3.3 with mask 255.255.255.255 which is entered in the routing table as 150.3.3.3/32.

Note:

The mapping on the spoke is only necessary toward the HUB. Moreover, the broadcast keyword is optional.

The cost can be specified on a per neighbor basis.

On r1:

!

interface Serial0/0

 ip address 150.0.0.1 255.255.255.0

 encapsulation frame-relay

 ip ospf network point-to-multipoint non-broadcast

 frame-relay map ip 150.0.0.2 102

 frame-relay map ip 150.0.0.3 103

 no frame-relay inverse-arp

!

router ospf 1

 router-id 150.1.1.1

 log-adjacency-changes

 passive-interface Loopback0

 network 150.0.0.1 0.0.0.0 area 0

 network 150.1.1.1 0.0.0.0 area 0

 network 150.10.0.11 0.0.0.0 area 0

 neighbor 150.0.0.3 cost 100

 neighbor 150.0.0.2 cost 20

!         

On r2:

!

interface Serial0/0

 ip address 150.0.0.2 255.255.255.0

 encapsulation frame-relay

 ip ospf network point-to-multipoint non-broadcast

 frame-relay map ip 150.0.0.1 201

 no frame-relay inverse-arp

!

On r3:

!

interface Serial0/0

 ip address 150.0.0.3 255.255.255.0

 encapsulation frame-relay

 ip ospf network point-to-multipoint non-broadcast

 frame-relay map ip 150.0.0.1 301

 no frame-relay inverse-arp

!

r1# show  ip route ospf

     150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks

O       150.0.0.2/32 [110/20] via 150.0.0.2, 00:01:16, Serial0/0

O       150.0.0.3/32 [110/100] via 150.0.0.3, 00:01:16, Serial0/0

     150.2.0.0/32 is subnetted, 1 subnets

O       150.2.2.2 [110/21] via 150.0.0.2, 00:01:16, Serial0/0

     150.3.0.0/32 is subnetted, 1 subnets

O       150.3.3.3 [110/101] via 150.0.0.3, 00:01:16, Serial0/0

r1# show frame-relay map

Serial0/0 (up): ip 150.0.0.2 dlci 102(0x66,0x1860), static,

              CISCO, status defined, active

Serial0/0 (up): ip 150.0.0.3 dlci 103(0x67,0x1870), static,

              CISCO, status defined, active

r1#show ip ospf neighbor detail

 Neighbor 150.3.3.3, interface address 150.0.0.3

    In the area 0 via interface Serial0/0

    Neighbor priority is 0 (configured 0), State is FULL, 13 state changes, Cost is 100

    DR is 0.0.0.0 BDR is 0.0.0.0

    Options is 0x52

    LLS Options is 0x1 (LR)

    Dead timer due in 00:01:47

    Neighbor is up for 00:04:58

    Index 2/2, retransmission queue length 0, number of retransmission 4

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 1, maximum is 1

    Last retransmission scan time is 0 msec, maximum is 0 msec

 Neighbor 150.2.2.2, interface address 150.0.0.2

    In the area 0 via interface Serial0/0

    Neighbor priority is 0 (configured 0), State is FULL, 13 state changes, Cost is 20

    DR is 0.0.0.0 BDR is 0.0.0.0

    Options is 0x52

    LLS Options is 0x1 (LR)

    Dead timer due in 00:01:47

    Neighbor is up for 00:04:58

    Index 1/1, retransmission queue length 0, number of retransmission 1

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 1, maximum is 1

    Last retransmission scan time is 0 msec, maximum is 0 msec

r2#show ip route ospf

     150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks

O       150.0.0.3/32 [110/164] via 150.0.0.1, 00:01:17, Serial0/0

O       150.0.0.1/32 [110/64] via 150.0.0.1, 00:01:17, Serial0/0

     150.1.0.0/32 is subnetted, 1 subnets

O       150.1.1.1 [110/65] via 150.0.0.1, 00:01:17, Serial0/0

     150.3.0.0/32 is subnetted, 1 subnets

O       150.3.3.3 [110/165] via 150.0.0.1, 00:01:17, Serial0/0

     150.10.0.0/24 is subnetted, 1 subnets

O       150.10.0.0 [110/65] via 150.0.0.1, 00:01:17, Serial0/0

r2#show frame-relay map

Serial0/0 (up): ip 150.0.0.1 dlci 201(0xC9,0x3090), static,

              CISCO, status defined, active

r3#show  ip route ospf

     150.0.0.0/16 is variably subnetted, 3 subnets, 2 masks

O       150.0.0.2/32 [110/84] via 150.0.0.1, 00:01:50, Serial0/0

O       150.0.0.1/32 [110/64] via 150.0.0.1, 00:01:50, Serial0/0

     150.1.0.0/32 is subnetted, 1 subnets

O       150.1.1.1 [110/65] via 150.0.0.1, 00:01:50, Serial0/0

     150.2.0.0/32 is subnetted, 1 subnets

O       150.2.2.2 [110/85] via 150.0.0.1, 00:01:50, Serial0/0

     150.10.0.0/24 is subnetted, 1 subnets

O       150.10.0.0 [110/65] via 150.0.0.1, 00:01:50, Serial0/0

r3#show frame-relay map

Serial0/0 (up): ip 150.0.0.1 dlci 301(0x12D,0x48D0), static,

              CISCO, status defined, active

Note:

Since the beginning of the example, the loopback configured on each router is a /24 but a /32 is advertised. This is because loopback have always the LOOPBACK network type. To change this, use ip ospf network point-to-point.

On r3:

r3#show ip ospf interface Loopback 0

Loopback0 is up, line protocol is up

  Internet Address 150.3.3.3/24, Area 0

  Process ID 1, Router ID 150.3.3.3, Network Type LOOPBACK, Cost: 1

  Loopback interface is treated as a stub Host

r2#show ip route  150.3.3.3   

Routing entry for 150.3.3.3/32

  Known via "ospf 1", distance 110, metric 165, type intra area

  Last update from 150.0.0.1 on Serial0/0, 00:00:55 ago

  Routing Descriptor Blocks:

  * 150.0.0.1, from 150.3.3.3, 00:00:55 ago, via Serial0/0

      Route metric is 165, traffic share count is 1

After configuring the network type:

!

interface Loopback0

 ip address 150.3.3.3 255.255.255.0

 ip ospf network point-to-point

!

r3#show ip ospf interface Loopback 0

Loopback0 is up, line protocol is up

  Internet Address 150.3.3.3/24, Area 0

  Process ID 1, Router ID 150.3.3.3, Network Type POINT_TO_POINT, Cost: 1

  Transmit Delay is 1 sec, State POINT_TO_POINT

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    oob-resync timeout 40

    No Hellos (Passive interface)

  Supports Link-local Signaling (LLS)

  Cisco NSF helper support enabled

  IETF NSF helper support enabled

  Index 2/2, flood queue length 0

  Next 0x0(0)/0x0(0)

  Last flood scan length is 0, maximum is 0

  Last flood scan time is 0 msec, maximum is 0 msec

  Neighbor Count is 0, Adjacent neighbor count is 0

  Suppress hello for 0 neighbor(s)

Now, this route is seen as a /24 on r2:

r2#show ip route  150.3.3.3

Routing entry for 150.3.3.0/24

  Known via "ospf 1", distance 110, metric 165, type intra area

  Last update from 150.0.0.1 on Serial0/0, 00:00:05 ago

  Routing Descriptor Blocks:

  * 150.0.0.1, from 150.3.3.3, 00:00:05 ago, via Serial0/0

      Route metric is 165, traffic share count is 1

These changes are reflected in the database:

r2#show ip ospf database router 150.3.3.3

            OSPF Router with ID (150.2.2.2) (Process ID 1)

          Router Link States (Area 0)

  LS age: 54

  Options: (No TOS-capability, DC)

  LS Type: Router Links

  Link State ID: 150.3.3.3

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000026

  Checksum: 0xA75E

  Length: 60

  Number of Links: 3

    Link connected to: a Stub Network

     (Link ID) Network/subnet number: 150.3.3.0

     (Link Data) Network Mask: 255.255.255.0

      Number of TOS metrics: 0

       TOS 0 Metrics: 1

    Link connected to: another Router (point-to-point)

     (Link ID) Neighboring Router ID: 150.1.1.1

     (Link Data) Router Interface address: 150.0.0.3

      Number of TOS metrics: 0

       TOS 0 Metrics: 64

    Link connected to: a Stub Network

     (Link ID) Network/subnet number: 150.0.0.3

     (Link Data) Network Mask: 255.255.255.255

      Number of TOS metrics: 0

       TOS 0 Metrics: 0