Friday, October 4, 2013

Multi-Area OSPF with Stub Areas and Authentication




CCNP Route Lab Manual  Lab 3-2, Multi-Area OSPF with Stub Areas and Authentication


Objectives

Configure multiple-area OSPF on a router.
Verify multiple-area behavior.
Configure OSPF stub, totally stubby, and not-so-stubby areas.
Configure OSPF authenticatio

Background

You are responsible for configuring the new network to connect your company’s engineering, marketing, and accounting departments, represented by loopback interfaces on each of the three routers. The physical devices have just been installed and connected by serial cables. Configure multiple-area OSPF to allow full connectivity between all departments.R3 also has a loopback representing a connection to another autonomous system that is not part of OSPF

Step 1: Configure addressing and loopbacks

Step 2: Add interfaces into OSPF

Step 3: Configure a stub area.

Q-What are the advantages of having a router receive a default route rather than a more specific route?
Ans: Router memory and processing are conserved because the router has fewer routes to contend with.

Q-Why do all routers in a stub area need to know that the area is a stub?
Ans - Routers need to know that an area is a stub for consistency so that no routers generate type 5 LSAs or other OSPF features (such as virtual links) in an area in which they cannot exist.

Step 4: Configure a totally stubby area

Q-What are the advantages of making an area totally stubby instead of a regular stub area? What are the disadvantages?
Ans - By making an area totally stubby, routers in the area only see intra-area routes and a default route. This can save a lot of router memory and processor time. However, as with any type of route aggregation, the loss of routing detail makes it possible for a non-optimal route to be chosen.
Q- Why did only the ABR need to know that the area was totally stubby rather than all routers in the area?
Ans:The ABR is the gateway to the rest of the area and therefore is the boundary that all inter-area LSAs need to pass through. Because of this, it only needs to filter out the type 3 LSAs and let the default route through.

Step 5: Configure a not-so-stubby area.

Q - Where would it be useful to make an area into an NSSA ?
Ans - An NSSA is useful if you want to allow an area to inject external routes into an OSPF domain while still retaining some of the stub characteristics of the area such as not accepting external routes that are originated in other areas

Step 6: Configure OSPF interface authentication

Q - Why is configuring authentication for OSPF, or any routing protocol, a good idea?
Ans - Configuring routing protocol authentication is beneficial because without it, you could have a rogue router on a subnet advertising false routes.

Use the following Tcl script to verify connectivity to all addresses in the topology.
R1# tclsh
R1(tcl)#
foreach address {
10.1.1.1
10.1.2.1
10.1.3.1
10.1.12.1
10.1.12.2
10.1.23.2
10.1.23.3
172.20.200.1
} {
ping $address }

R1#sh running-config
Building configuration...

Current configuration : 1237 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
no ip domain lookup
ip domain name lab.local    
!       
interface Loopback1
 description Engineering Department
 ip address 10.1.1.1 255.255.255.0
 ip ospf network point-to-point
!       
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!       
interface Serial0/0
 ip address 10.1.12.1 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 clock rate 2000000
!       
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!       
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!       
router ospf 1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 10.1.12.0 0.0.0.255 area 0
!       
ip forward-protocol nd
!       
no ip http server
no ip http secure-server
!               
control-plane
!              
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login  
!             
end

R2#sh running-config
Building configuration...

Current configuration : 1396 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
no ip domain lookup
ip domain name lab.local
!
interface Loopback2
 description Marketing Department
 ip address 10.1.2.1 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.12.2 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.1.23.2 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key cisco
 clock rate 2000000
!
router ospf 1
 log-adjacency-changes
 area 23 nssa default-information-originate no-summary
 network 10.1.2.0 0.0.0.255 area 0
 network 10.1.12.0 0.0.0.255 area 0
 network 10.1.23.0 0.0.0.255 area 23
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!        
end

R3#sh running-config
Building configuration...

Current configuration : 1363 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
no ip domain lookup
ip domain name lab.local
!
interface Loopback3
 description Accounting Department
 ip address 10.1.3.1 255.255.255.0
 ip ospf network point-to-point
!
interface Loopback20
 description Connection to another AS
 ip address 172.20.200.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.23.3 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key cisco
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
router ospf 1
 log-adjacency-changes
 area 23 nssa
 redistribute connected subnets
 network 10.1.3.0 0.0.0.255 area 23
 network 10.1.23.0 0.0.0.255 area 23
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
Posted by at

1 comment:

Subscribe to: Post Comments (Atom)