OBJECTIVES
1. Configure basic OSPF for the network shown. Advertise all networks attached to each router into OSPF using the simplest method available. To inject external networks into the OSPF domain, redistribute the static routes on R1. These routes should be marked as type E1.
2. OSPF should never form neighbor relationships on any interface where other OSPF routers do not exist (as shown in the diagram).
3. All routers in Area 0 should use MD5 authentication for OSPF neighbors. Routers in Area 23 should be configured to support clear-text authentication for OSPF neighbors. All keys should be set to the passphrase ‘cisco’ (without quotes).
4. Routers in Area 45 are limited in their capacity and should not receive routes for networks outside the OSPF system. These routers should reach the external network using a default route which cannot be configured statically.
5. Routers in Area 23 must not receive any Type 3, 4, or 5 LSAs from the rest of the OSPF network. These routers should reach the external network using a default route with an initial OSPF cost of 100.
6. When this exercise is complete, all routers should be able to reach (ping) every route in the OSPF routing table.
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.100.1.1 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#ip route 172.31.0.0 255.255.255.0 nul 0
R1(config)#ip route 172.31.1.0 255.255.255.0 nul 0
R1(config)#ip route 172.31.2.0 255.255.255.0 nul 0
R1(config)#ip route 172.31.3.0 255.255.255.0 nul 0
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.100.1.2 0.0.0.255 area 0
R2(config-router)#network 10.23
*Mar 1 00:09:41.511: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R2(config-router)#network 10.23.1.2 0.0.0.255 area 23
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 10.23.1.3 0.0.0.255 area 23
R3(config-router)#
*Mar 1 00:11:21.223: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from LOADING to FULL, Loading Done
R3(config-router)#network 172.30.0.0 0.0.255.255 area 23
R4(config)#router ospf 1
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 10.100.1.4 0.0.0.255 area 0
R4(config-router)#network 10
*Mar 1 00:14:35.439: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R4(config-router)#network 10.45.1.4
*Mar 1 00:14:40.811: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R4(config-router)#network 10.45.1.4 0.0.0.255 area 45
*Mar 1 00:15:33.031: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on Serial0/0 from LOADING to FULL, Loading Done
R5(config)#router ospf 1
R5(config-router)#router-id 5.5.5.5
R5(config-router)#network 10.45.1.0 0.0.0.255 area 45
R5(config-router)#
*Mar 1 00:15:29.903: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Serial0/0 from LOADING to FULL, Loading Done
R6(config)#router ospf 1
R6(config-router)#router-id 6.6.6.6
R6(config-router)#network 10.100.1.6 0.0.0.255 area 0
R6(config-router)#network 10
*Mar 1 00:17:08.035: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R6(config-router)#network 10.67.1.0 0.0.0.255
*Mar 1 00:17:13.735: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R6(config-router)#network 10.67.1.0 0.0.0.255 area 67
R7(config)#router ospf 1
R7(config-router)#router-id 7.7.7.7
R7(config-router)#network 10.67.1.0 0.0.0.255 area 67
R7(config-router)#netwo
*Mar 1 00:18:14.891: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on Serial0/0 from LOADING to FULL, Loading Done
R7(config-router)#network 10.78.1.7 0.0.0.255 area 78
R7 looks okay, looking at his routing table:
R7#show ip route
172.30.0.0/32 is subnetted, 4 subnets
O IA 172.30.3.1 [110/139] via 10.67.1.6, 00:00:55, Serial0/0
O IA 172.30.2.1 [110/139] via 10.67.1.6, 00:00:55, Serial0/0
O IA 172.30.1.1 [110/139] via 10.67.1.6, 00:00:55, Serial0/0
O IA 172.30.0.1 [110/139] via 10.67.1.6, 00:00:55, Serial0/0
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.23.1.0 [110/138] via 10.67.1.6, 00:00:55, Serial0/0
O IA 10.45.1.0 [110/138] via 10.67.1.6, 00:00:55, Serial0/0
C 10.78.1.0 is directly connected, Serial0/1
C 10.67.1.0 is directly connected, Serial0/0
O IA 10.100.1.0 [110/74] via 10.67.1.6, 00:00:56, Serial0/0
lets configure naughty router8 (our illegal router):
R8(config)#router ospf 1
R8(config-router)#router-id 8.8.8.8
R8(config-router)#network 10.78.1.8 0.0.0.255 area 78
R8(config-router)#
*Mar 1 00:20:02.863: %OSPF-5-ADJCHG: Process 1, Nbr 7.7.7.7 on Serial0/0 from LOADING to FULL, Loading Done
R8(config-router)#
So, Router8 has formed a relationship with R7, but he is not recieving any LSA's from R7, R7 will not forward them on as R8 violates the OSPF rules without having a connection into the backbone (area 0)
R8#show ip route
10.0.0.0/24 is subnetted, 1 subnets
C 10.78.1.0 is directly connected, Serial0/0
R8#show ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
7.7.7.7 0 FULL/ - 00:00:37 10.78.1.7 Serial0/0
Lets get this redistribution working on R1, we need to redistribute the static routes:
R1#show run | i ip route
ip route 172.31.0.0 255.255.255.0 Null0
ip route 172.31.1.0 255.255.255.0 Null0
ip route 172.31.2.0 255.255.255.0 Null0
ip route 172.31.3.0 255.255.255.0 Null0
R1(config)#router ospf 1
R1(config-router)#redistribute static ?
metric Metric for redistributed routes
metric-type OSPF/IS-IS exterior metric type for redistributed routes
route-map Route map reference
subnets Consider subnets for redistribution into OSPF
tag Set tag for routes redistributed into OSPF
<cr>
R1(config-router)#redistribute static subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
Remember we choose Type 1, as there metric increments as they travel thru the network, the default is E2 type, we also need to set a seed metric....
R1(config-router)#redistribute static subnets metric-type 1 ?
metric Metric for redistributed routes
route-map Route map reference
tag Set tag for routes redistributed into OSPF
<cr>
R1(config-router)#redistribute static subnets metric-type 1 metric 50
Lets check R7 to see if them routes are coming through;
R7#show ip route
172.31.0.0/24 is subnetted, 4 subnets
O E1 172.31.3.0 [110/124] via 10.67.1.6, 00:04:00, Serial0/0
O E1 172.31.2.0 [110/124] via 10.67.1.6, 00:04:00, Serial0/0
O E1 172.31.1.0 [110/124] via 10.67.1.6, 00:04:00, Serial0/0
O E1 172.31.0.0 [110/124] via 10.67.1.6, 00:04:00, Serial0/0
172.30.0.0/32 is subnetted, 4 subnets
O IA 172.30.3.1 [110/139] via 10.67.1.6, 00:27:47, Serial0/0
O IA 172.30.2.1 [110/139] via 10.67.1.6, 00:27:47, Serial0/0
O IA 172.30.1.1 [110/139] via 10.67.1.6, 00:27:48, Serial0/0
O IA 172.30.0.1 [110/139] via 10.67.1.6, 00:27:48, Serial0/0
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.23.1.0 [110/138] via 10.67.1.6, 00:27:48, Serial0/0
O IA 10.45.1.0 [110/138] via 10.67.1.6, 00:27:48, Serial0/0
C 10.78.1.0 is directly connected, Serial0/1
C 10.67.1.0 is directly connected, Serial0/0
O IA 10.100.1.0 [110/74] via 10.67.1.6, 00:27:48, Serial0/0
Notice the metric has changed also, from the initial seed metric of 50 that i set :0)
Lets now set the passive-interface command to complete objective 2, this works exactly the same as on EIGRP (still advertises the network, but wont form neighbours),
what we can do is the passive-interface command to be on by default and then simple allow OSPF to form relationships with other OSPF routers per interface, by the no passive-interface command:
R1(config)#router ospf 1
R1(config-router)#passive-interface default
R1(config-router)#
*Mar 1 00:54:51.795: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:54:51.799: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:54:51.803: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R1(config-router)#no passive-interface fa0/0
*Mar 1 00:55:21.135: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar 1 00:55:21.515: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R1(config-router)#
Lets do R2 now also;
R2(config)#router ospf 1
R2(config-router)#passive-inter default
*Mar 1 00:59:48.563: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:59:48.567: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:59:48.567: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:59:48.571: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R2(config-router)#no passive-inter fa0/0
R2(config-router)#no passive-inter ser0/0
*Mar 1 01:00:02.563: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from LOADING to FULL, Loading Done
*Mar 1 01:00:12.951: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar 1 01:00:13.779: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on FastEthernet0/0 from LOADING to FULL, Loading Done
Okay, lets go do the rest of the other routers ...... all done :0)
Right,
Objective 3 ..... lets setup some authentication with these OSPF routers, OSPF is quite an old protocol as you can tell from the fact it supports clear-text authentication (we will set this up just for grins, but real world ... me thinks not lol) .
Also unlike EIGRP, OSPF does not use keychains :0( , we have to configure the auth per interface:
R1(config)#router ospf 1
R1(config-router)#area 0 authentication message-digest
RIGHT, so the above enables it global for Area 0, meaning any router in Area 0 wishing to talk to R1 will need MD5 authentication, however you dont configure the key under the OSPF process, that is done on the interface........ HOWEVER CISCO DO NOT RECOMMEND THIS METHOD
It is alot easier/more effiecient to do it per neighbout and configure the authentication on the interface per neighbour:
R1(config)#inter fa0/0
R1(config-if)#ip ospf authentication message-digest
If you press enter without entering the message-digest bit, it will enable clear text, notice my neighbours start dieing ....
*Mar 1 01:18:54.139: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from 2WAY to DOWN, Neighbor Down: Dead timer expired
*Mar 1 01:18:58.067: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar 1 01:18:58.371: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
Lets apply it to the other routers in Area 0;
R2(config)#inter fa0/0
R2(config-if)#ip ospf authen message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
NOTE: YOU HAVE TO USE THE SAME KEY ID
Lets check this out in wireshark, this capture is before the MD5 hashing is enabled on fa0/0
Notice, the Auth Type and Auth Data = none
Lets setup R6, BUT .... lets enable some debugs first:
R6(config)#do debug ip ospf adj
OSPF adjacency events debugging is on
R6(config)#inter fa0/0
R6(config-if)#
*Mar 1 01:43:31.059: OSPF: Rcv pkt from 10.100.1.2, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
R6(config-if)#
*Mar 1 01:43:33.303: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
R6(config-if)#
*Mar 1 01:43:34.991: OSPF: Rcv pkt from 10.100.1.4, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
Type 2 = MD5
Type 1 = Cleartext
Type 0 = Not use authentication
R6(config-if)#ip ospf authen message-digest
R6(config-if)#ip ospf mess 1 md5 cisco
*Mar 1 01:46:41.067: OSPF: Rcv pkt from 10.100.1.2, FastEthernet0/0 : Mismatch Authentication Key - No message digest key 1 on interface
R6(config-if)#
*Mar 1 01:46:43.271: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#
*Mar 1 01:46:44.967: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.031: OSPF: Rcv DBD from 4.4.4.4 on FastEthernet0/0 seq 0xC80 opt 0x52 flag 0x7 len 32 mtu 1500 state INIT
*Mar 1 01:46:45.031: OSPF: 2 Way Communication to 4.4.4.4 on FastEthernet0/0, state 2WAY
*Mar 1 01:46:45.035: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 01:46:45.035: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 01:46:45.035: OSPF: Elect BDR 4.4.4.4
*Mar 1 01:46:45.035: OSPF: Elect DR 6.6.6.6
*Mar 1 01:46:45.035: DR: 6.6.6.6 (Id) BDR: 4.4.4.4 (Id)
*Mar 1 01:46:45.035: OSPF: Send DBD to 4.4.4.4 on FastEthernet0/0 seq 0x1FF2 opt 0x52 flag 0x7 len 32
*Mar 1 01:46:45.035: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.035: OSPF: First DBD and we are not SLAVE
*Mar 1 01:46:45.039: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 01:46:45.039: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 01:46:45.039: OSPF: Elect BDR 4.4.4.4
*Mar 1 01:46:45.039: OSPF: Elect DR 6.6.6.6
*Mar 1 01:46:45.039: DR: 6.6.6.6 (Id) BDR: 4.4.4.4 (Id)
*Mar 1 01:46:45.055: OSPF: Rcv DBD from 4.4.4.4 on FastEthernet0/0 seq 0x1FF2 opt 0x52 flag 0x2 len 372 mtu 1500 state EXSTART
*Mar 1 01:46:45.059: OSPF: NBR Negotiation Done. We are the MASTER
*Mar 1 01:46:45.063: OSPF: Send DBD to 4.4.4.4 on FastEthernet0/0 seq 0x1FF3 opt 0x52 flag 0x3 len 332
*Mar 1 01:46:45.063: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.071: OSPF: Rcv DBD from 4.4.4.4 on FastEthernet0/0 seq 0x1FF3 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
*Mar 1 01:46:45.071: OSPF: Send DBD to 4.4.4.4 on FastEthernet0/0 seq 0x1FF4 opt 0x52 flag 0x1 len 32
*Mar 1 01:46:45.071: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.071: OSPF: Send LS REQ to 4.4.4.4 length 96 LSA count 8
*Mar 1 01:46:45.071: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.083: OSPF: Rcv LS REQ from 4.4.4.4 on FastEthernet0/0 length 36 LSA count 1
*Mar 1 01:46:45.083: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.083: OSPF: Send UPD to 10.100.1.4 on FastEthernet0/0 length 40 LSA count 1
*Mar 1 01:46:45.091: OSPF: Rcv DBD from 4.4.4.4 on FastEthernet0/0 seq 0x1FF4 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
*Mar 1 01:46:45.091: OSPF: Exchange Done with 4.4.4.4 on FastEthernet0/0
*Mar 1 01:46:45.103: OSPF: Rcv LS UPD from 4.4.4.4 on FastEthernet0/0 length 276 LSA count 8
*Mar 1 01:46:45.107: OSPF: No full nbrs to build Net Lsa for interface FastEthernet0/0
*Mar 1 01:46:45.107: OSPF: Build network LSA for FastEthernet0/0, router ID 6.6.6.6
*Mar 1 01:46:45.107: OSPF: Build network LSA for FastEthernet0/0, router ID 6.6.6.6
*Mar 1 01:46:45.107: OSPF: Synchronized with 4.4.4.4 on FastEthernet0/0, state FULL
*Mar 1 01:46:45.107: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar 1 01:46:45.139: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.511: OSPF: Rcv LS UPD from 4.4.4.4 on FastEthernet0/0 length 76 LSA count 1
*Mar 1 01:46:45.543: OSPF: Build router LSA for area 0, router ID 6.6.6.6, seq 0x8000000C
*Mar 1 01:46:45.543: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.551: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.563: OSPF: 2 Way Communication to 2.2.2.2 on FastEthernet0/0, state 2WAY
*Mar 1 01:46:45.567: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 01:46:45.567: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 01:46:45.571: OSPF: Elect BDR 4.4.4.4
*Mar 1 01:46:45.571: OSPF: Elect DR 6.6.6.6
*Mar 1 01:46:45.575: DR: 6.6.6.6 (Id) BDR: 4.4.4.4 (Id)
*Mar 1 01:46:45.575: OSPF: Send DBD to 2.2.2.2 on FastEthernet0/0 seq 0x1AB3 opt 0x52 flag 0x7 len 32
*Mar 1 01:46:45.579: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.579: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 01:46:45.583: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 01:46:45.583: OSPF: Elect BDR 4.4.4.4
*Mar 1 01:46:45.583: OSPF: Elect DR 6.6.6.6
*Mar 1 01:46:45.583: DR: 6.6.6.6 (Id) BDR: 4.4.4.4 (Id)
*Mar 1 01:46:45.583: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.595: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0 seq 0xA47 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
*Mar 1 01:46:45.595: OSPF: First DBD and we are not SLAVE
*Mar 1 01:46:45.603: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0 seq 0x1AB3 opt 0x52 flag 0x2 len 372 mtu 1500 state EXSTART
*Mar 1 01:46:45.607: OSPF: NBR Negotiation Done. We are the MASTER
*Mar 1 01:46:45.611: OSPF: Send DBD to 2.2.2.2 on FastEthernet0/0 seq 0x1AB4 opt 0x52 flag 0x3 len 352
*Mar 1 01:46:45.615: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.627: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0 seq 0x1AB4 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
*Mar 1 01:46:45.631: OSPF: Send DBD to 2.2.2.2 on FastEthernet0/0 seq 0x1AB5 opt 0x52 flag 0x1 len 32
*Mar 1 01:46:45.631: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.639: OSPF: Rcv LS REQ from 2.2.2.2 on FastEthernet0/0 length 36 LSA count 1
*Mar 1 01:46:45.639: OSPF: Send with youngest Key 1
*Mar 1 01:46:45.639: OSPF: Send UPD to 10.100.1.2 on FastEthernet0/0 length 40 LSA count 1
*Mar 1 01:46:45.647: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0 seq 0x1AB5 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
*Mar 1 01:46:45.651: OSPF: Exchange Done with 2.2.2.2 on FastEthernet0/0
*Mar 1 01:46:45.651: OSPF: Synchronized with 2.2.2.2 on FastEthernet0/0, state FULL
*Mar 1 01:46:45.651: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar 1 01:46:46.119: OSPF: Rcv LS UPD from 2.2.2.2 on FastEthernet0/0 length 76 LSA count 1
*Mar 1 01:46:46.123: OSPF: Send with youngest Key 1
*Mar 1 01:46:47.611: OSPF: Send with youngest Key 1
*Mar 1 01:46:50.107: OSPF: Build network LSA for FastEthernet0/0, router ID 6.6.6.6
*Mar 1 01:46:50.107: OSPF: Build network LSA for FastEthernet0/0, router ID 6.6.6.6
*Mar 1 01:46:50.111: OSPF: Send with youngest Key 1
*Mar 1 01:46:51.075: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar 1 01:46:51.079: OSPF: DR/BDR election on FastEthernet0/0
*Mar 1 01:46:51.079: OSPF: Elect BDR 4.4.4.4
*Mar 1 01:46:51.083: OSPF: Elect DR 6.6.6.6
*Mar 1 01:46:51.083: DR: 6.6.6.6 (Id) BDR: 4.4.4.4 (Id)
R6(config-if)#
R6(config-if)#
*Mar 1 01:46:53.291: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#u all
*Mar 1 01:46:54.751: OSPF: Rcv LS UPD from 2.2.2.2 on FastEthernet0/0 length 60 LSA count 1
*Mar 1 01:46:54.755: OSPF: Send with youngest Key 1
*Mar 1 01:46:54.759: OSPF: Send UPD to 10.100.1.2 on FastEthernet0/0 length 40 LSA count 1
*Mar 1 01:46:55.011: OSPF: Send with youngest Key 1
*Mar 1 01:46:55.547: OSPF: Send with youngest Key 1
*Mar 1 01:47:03.263: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#
*Mar 1 01:47:05.551: OSPF: Send with youngest Key 1
R6(config-if)#
*Mar 1 01:47:13.275: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#
*Mar 1 01:47:15.551: OSPF: Send with youngest Key 1
R6(config-if)#
*Mar 1 01:47:23.263: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#
*Mar 1 01:47:25.555: OSPF: Send with youngest Key 1
R6(config-if)#
*Mar 1 01:47:33.267: OSPF: Rcv pkt from 10.100.1.1, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1
R6(config-if)#
*Mar 1 01:47:35.559: OSPF: Send with youngest Key 1
R6(config-if)#
Here we can see all packets being sent with Key ID 1 :0)
and we have all our neighbours back:
R6#show ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DROTHER 00:00:37 10.100.1.1 FastEthernet0/0
2.2.2.2 1 FULL/DROTHER 00:00:35 10.100.1.2 FastEthernet0/0
4.4.4.4 1 FULL/BDR 00:00:38 10.100.1.4 FastEthernet0/0
7.7.7.7 0 FULL/ - 00:00:30 10.67.1.7 Serial0/0
Lets setup cleartext authentication on R2 and R3:
R2(config-if)#inter ser0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key ccnp
R3(config-if)#ip ospf authentication
R3(config-if)#ip ospf authentication-key cisco
Wireshark confirms :0)
OBJECTIVE 4
Routers in Area 45 are limited in their capacity and should not receive routes for networks outside the OSPF system. These routers should reach the external network using a default route which cannot be configured statically.
Lets confirm that R5 is getting external routes from outside the OSPF network (which they are, our redistributed statics that we setup earlier - TYPE 5 LSA's)
R5#show ip route
172.31.0.0/24 is subnetted, 4 subnets
O E1 172.31.3.0 [110/124] via 10.45.1.4, 00:08:35, Serial0/0
O E1 172.31.2.0 [110/124] via 10.45.1.4, 00:08:35, Serial0/0
O E1 172.31.1.0 [110/124] via 10.45.1.4, 00:08:35, Serial0/0
O E1 172.31.0.0 [110/124] via 10.45.1.4, 00:08:35, Serial0/0
172.30.0.0/32 is subnetted, 4 subnets
O IA 172.30.3.1 [110/139] via 10.45.1.4, 00:08:40, Serial0/0
O IA 172.30.2.1 [110/139] via 10.45.1.4, 00:08:40, Serial0/0
O IA 172.30.1.1 [110/139] via 10.45.1.4, 00:08:42, Serial0/0
O IA 172.30.0.1 [110/139] via 10.45.1.4, 00:08:42, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
O IA 10.23.1.0 [110/138] via 10.45.1.4, 00:38:27, Serial0/0
C 10.45.1.0 is directly connected, Serial0/0
O IA 10.67.1.0 [110/138] via 10.45.1.4, 00:21:53, Serial0/0
O IA 10.100.1.0 [110/74] via 10.45.1.4, 01:53:12, Serial0/0
R4(config)#router ospf 1
R4(config-router)#area 45 stub
Lets enable debugging on R5, as the relationship has died (hold down timers expired) as the stub flag in the HELLO packet does not match anymore, so they cannot be neighbours ...
R5#deb ip ospf pack
OSPF packet debugging is on
R5#
*Mar 1 02:14:08.015: OSPF: Rcv hello from 4.4.4.4 area 45 from Serial0/0 10.45.1.4
*Mar 1 02:14:08.019: OSPF: Hello from 10.45.1.4 with mismatched Stub/Transit area option bit
R5#
*Mar 1 02:14:10.787: OSPF: Send hello to 224.0.0.5 area 45 on Serial0/0 from 10.45.1.5
R5#u all
*Mar 1 02:14:18.003: OSPF: rcv. v:2 t:1 l:44 rid:4.4.4.4
aid:0.0.0.45 chk:E669 aut:0 auk: from Serial0/0
*Mar 1 02:14:18.007: OSPF: Rcv hello from 4.4.4.4 area 45 from Serial0/0 10.45.1.4
*Mar 1 02:14:18.007: OSPF: Hello from 10.45.1.4 with mismatched Stub/Transit area option bit
R5#u all
R5(config)#router ospf 1
R5(config-router)#area 45 stub
Lets have a look now at the routing table:
R5#show ip route
Gateway of last resort is 10.45.1.4 to network 0.0.0.0
172.30.0.0/32 is subnetted, 4 subnets
O IA 172.30.3.1 [110/139] via 10.45.1.4, 00:00:08, Serial0/0
O IA 172.30.2.1 [110/139] via 10.45.1.4, 00:00:08, Serial0/0
O IA 172.30.1.1 [110/139] via 10.45.1.4, 00:00:08, Serial0/0
O IA 172.30.0.1 [110/139] via 10.45.1.4, 00:00:08, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
O IA 10.23.1.0 [110/138] via 10.45.1.4, 00:00:08, Serial0/0
C 10.45.1.0 is directly connected, Serial0/0
O IA 10.67.1.0 [110/138] via 10.45.1.4, 00:00:10, Serial0/0
O IA 10.100.1.0 [110/74] via 10.45.1.4, 00:00:10, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.45.1.4, 00:00:10, Serial0/0
And now we have the default route and now external routes :0) - this only affects the stub router within the area (area 45)
OBJECTIVE 5.
Routers in Area 23 must not receive any Type 3, 4, or 5 LSAs from the rest of the OSPF network. These routers should reach the external network using a default route with an initial OSPF cost of 100.
R2(config)#router ospf 1
R2(config-router)#area 23 stub no-summary
R2(config-router)#
*Mar 1 02:21:24.291: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
R3(config)#router ospf 1
R3(config-router)#area 23 stub
Lets check it out:
R3#show ip route
Gateway of last resort is 10.23.1.2 to network 0.0.0.0
172.30.0.0/24 is subnetted, 4 subnets
C 172.30.2.0 is directly connected, Loopback2
C 172.30.3.0 is directly connected, Loopback3
C 172.30.0.0 is directly connected, Loopback0
C 172.30.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 1 subnets
C 10.23.1.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.23.1.2, 00:00:26, Serial0/0
Now the metric is 65, the inital cost is 1 we need to set this too 100:
R2(config-router)#area 23 default-cost ?
<0-16777215> Stub's advertised external route metric
R2(config-router)#area 23 default-cost 100
R3#show ip route
Gateway of last resort is 10.23.1.2 to network 0.0.0.0
172.30.0.0/24 is subnetted, 4 subnets
C 172.30.2.0 is directly connected, Loopback2
C 172.30.3.0 is directly connected, Loopback3
C 172.30.0.0 is directly connected, Loopback0
C 172.30.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 1 subnets
C 10.23.1.0 is directly connected, Serial0/0
O*IA 0.0.0.0/0 [110/164] via 10.23.1.2, 00:02:03, Serial0/0
Done, the WAN links cost must be 64, plus our initial cost of 100 :0)
OBJECTIVE 6.
When this exercise is complete, all routers should be able to reach (ping) every route in the OSPF routing table.
Easy you think....well remember Router8 .... we need to join him to area 0, so lets get him in the backbone area so he can talk OSPF with everyone else
We need the virtual link between R6 and R7
R6(config)#router ospf 1
R6(config-router)#area 67 virtual-link 7.7.7.7
R7(config)#router ospf 1
R7(config-router)#area 67 virtual-link 6.6.6.6
*Mar 1 02:35:20.299: %OSPF-5-ADJCHG: Process 1, Nbr 6.6.6.6 on OSPF_VL0 from LOADING to FULL, Loading Done
R7#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 6.6.6.6 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:00
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
So now, R8 believes R7 is directly connect to Area 0 (via the virtua link) - this could also be a GRE tunnel :0)
lets check:
R8#show ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
7.7.7.7 0 FULL/ - 00:00:34 10.78.1.7 Serial0/0
R8#show ip route
172.31.0.0/24 is subnetted, 4 subnets
O E1 172.31.3.0 [110/188] via 10.78.1.7, 00:01:46, Serial0/0
O E1 172.31.2.0 [110/188] via 10.78.1.7, 00:01:46, Serial0/0
O E1 172.31.1.0 [110/188] via 10.78.1.7, 00:01:46, Serial0/0
O E1 172.31.0.0 [110/188] via 10.78.1.7, 00:01:46, Serial0/0
172.30.0.0/32 is subnetted, 4 subnets
O IA 172.30.3.1 [110/203] via 10.78.1.7, 00:01:47, Serial0/0
O IA 172.30.2.1 [110/203] via 10.78.1.7, 00:01:47, Serial0/0
O IA 172.30.1.1 [110/203] via 10.78.1.7, 00:01:48, Serial0/0
O IA 172.30.0.1 [110/203] via 10.78.1.7, 00:01:48, Serial0/0
10.0.0.0/24 is subnetted, 5 subnets
O IA 10.23.1.0 [110/202] via 10.78.1.7, 00:01:48, Serial0/0
O IA 10.45.1.0 [110/202] via 10.78.1.7, 00:01:48, Serial0/0
C 10.78.1.0 is directly connected, Serial0/0
O IA 10.67.1.0 [110/128] via 10.78.1.7, 00:01:58, Serial0/0
O IA 10.100.1.0 [110/138] via 10.78.1.7, 00:01:49, Serial0/0
R8#ping 172.30.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/38/68 ms
Hi there..
ReplyDeleteI was following your labs as well to the end.. Interesting..
But I didnt see some of the routes at the end of the exercise..
Did you apply a clock rate to the routers?