Ospf Lab3 Exam

7/27/2019 Ospf Lab3 Exam

http://slidepdf.com/reader/full/ospf-lab3-exam 1/16

Exam: 642-902

Exam Objective: Configure OSPF routing.

Contents

• Introduction

• Technology Background

• Lab Scenario

• Lab Objectives

• Lab Solution

Lab 1

Introduction

OSPF is an open standard Link State Routing Protocol. The basic configuration of OSPF is covered in another lab. This one focuses on advanced OSPF features such as areaauthentication.

Technology Background

OSPF supports several types of areas, including standard areas, stub areas, totally stubby

areas, and not-so-stubby (NSSA) areas. These special area types bring flexibility to OSPF

network design, allowing OSPF to be molded according to needs and hardware.

It should be remembered that an area is a part of the OSPF Routing Domain. Routes are exchanged between area through Area Border Routers(ABRs). Areas break up the Osmall manageable blocks.

Sometimes the design or hardware of routers in an area warrants less LSA information in. Imagine a small branch office router getting all LSAs from the Head Office router in adomain. The router will soon exhaust its memory and/or CPU.

OSPF provides for different type of Stub areas which limit the number of LSAs which are received into it. There are 3 rules which need to be remembered when configuring any

• All routers in an area should be configured for the same stub type

• Area 0 cannot be a stub area

• A Virtual link cannot traverse a stub area

The different types of Stub Areas are:

• Stub Area

• Totally Stubby Area

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#intro

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#techn

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labsc

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labob

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labso

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#techn

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labsc

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labob

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#labso

http://www.pass4sure.com/member/index.php/part_private/sect_labv2/product_8566/page_750/#intro



• Not-So-Stubby Area (NSSA)

• Totally Stubby NSSA

Stub Area:

The ABR of a Stub area will filter all external advertisements (LSA type 5) and replace them with a default route. Which means you will never see an E1 or E2 route in a Stub a

route injected by the ABR will have a next hop address of the ABR's interface. So all traffic destined to an external network will pass through the ABR. In Figure 1 if Area 1 is cothen the external routes being advertised by ASBR RouterA will not be seen on RouterD. RouterB, the ABR, would replace the External Routes with a default route.

Figure 1

The command to implement a stub area on an ABR is:

Router(config-router)#area <area-id> stub

Totally Stubby Area:

Totally stubby areas are areas where the ABR filters all inter-area and external advertisements and replaces them with a default route. The totally stubby option is Cisco proprinetwork the routing table's considerable size comes from other areas and external sources. Hence a totally stubby area would reduce the size of routing table a great deal. Foris configured as Totally Stubby in Figure 1, RouterC, the ABR, will not only filter the external routers from RouterA but also the Area 1 routes advertised by RouterB.

The command to implement a totally stubby ABR is:

Router(config-router)#area <area-id> stub no-summary

The area <area-id> stub no-summary command is only entered on the ABR of a totally

stubby area. The other routers in the totally stubby area are only configured with the

area <area-id> stub command.

Not-So-Stubby Area (NSSA):

A stub or a totally stubby Area does not have external routes. This means that these areas cannot have an ASBR also. NSSA is a stub area that allows an ASBR. The ASBR utype 5 LSAs are not permitted and so disguises the LSAs as type 7. The type 7 LSAs are converted to type 5 by the ABR and sent normally out to other Areas. NSSA external



N1 or N2 instead of E1 or E2.

NSSA is similar to a stub area in all other aspects.

Note that the ABR of an NSSA does not automatically generate a default route; the nosummary

or default-originate optional keywords must be appended to the area nssa <area-id> command on the ABR for that to happen.

The command to implement a stub or totally stubby NSSA ABR is

Router(config-router)#area <area-id> nssa

Remember that NSSA is a stub area so the ABR will not allow LSA type 5 to come into the Area.

Totally Not-So-Stubby Area (NSSA):

Similar to NSSA but the ABR of this area will not allow Inter Area routes to come into the area. This area is similar to Totally Stubby Area but will allow an ASBR and LSA type

ABR of this area will also not generate a default route unless the nosummary or default-originate keyword are not configured on it.

The command to configure an area as Totally NSSA is :

Router(config-router)#area <area-id> nssa no-summary

Authentication:

OSPF by default trusts any router. This can be dangerous if someone injects malicious routes. To prevent this from happening we can configure Authentication between OSPFtwo kinds of authentication available - clear text and MD5 hash.

Clear text passwords can be found out by anyone who can capture the packets. MD5 hash cannot be reversed and hence are secure.

Plain Text authentication can be enabled on per-interface basis using the following commands:

Router(config-if)#ip ospf authentication

Router(config-if)#ip ospf authentication-key <key>

MD5 authentication can be enabled per-interface basis using the following commands:

Router(config-if)#ip ospf authentication message-digest

Router(config-if)#ip ospf message-digest-key <key id> md5 <key>

Lab Scenario

We are using OSPF in our network, shown in Figure 2.



Figure 2

The relevant configuration of the routers is given below:

RouterA#sh run

!

hostname RouterA

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface Loopback1

ip address 172.16.1.1 255.255.255.0

!

interface Loopback2

ip address 172.16.2.1 255.255.255.0

!

interface FastEthernet0/0



ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

redistribute connected subnets route-map connred

network 192.168.1.1 0.0.0.0 area 0

!

route-map connred permit 10

match interface Loopback1 Loopback2

!

RouterB#sh run

!

hostname RouterB

!

interface Loopback0

ip address 2.2.2.2 255.255.255.0

!


ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.2.2 255.255.255.0

clock rate 2000000

!

router ospf 1




network 192.168.1.2 0.0.0.0 area 0

network 192.168.2.2 0.0.0.0 area 1

RouterC#sh run

!

hostname RouterC

!

!

interface Loopback0

ip address 3.3.3.3 255.255.255.0

!


ip address 192.168.1.3 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.3.3 255.255.255.0

clock rate 2000000

!

router ospf 1


network 192.168.1.3 0.0.0.0 area 0

network 192.168.3.3 0.0.0.0 area 2

!

RouterD#sh run

!

hostname RouterD

!



interface Loopback0

ip address 4.4.4.4 255.255.255.0

!

interface Serial0/0

ip address 192.168.2.4 255.255.255.0

clock rate 2000000

!

router ospf 1


network 192.168.2.4 0.0.0.0 area 1

!

RouterE#sh run

!

hostname RouterE

!

interface Loopback0

ip address 5.5.5.5 255.255.255.0

!

interface Serial0/0

ip address 192.168.3.5 255.255.255.0

clock rate 2000000

!

interface Serial0/1

ip address 192.168.4.5 255.255.255.0

clock rate 2000000

!

router ospf 1


redistribute rip subnets



network 192.168.3.5 0.0.0.0 area 2

!

router rip

version 2

redistribute ospf 1 metric 5

network 192.168.4.0

no auto-summary

!

RouterF#sh run

!

hostname RouterF

!

interface Loopback1

ip address 10.1.1.1 255.255.255.0

!

interface Loopback2

ip address 10.1.2.1 255.255.255.0

!

interface Loopback3

ip address 10.1.3.1 255.255.255.0

!

interface Serial0/0

ip address 192.168.4.6 255.255.255.0

clock rate 2000000

!

router rip

version 2

network 10.0.0.0

network 192.168.4.0



no auto-summary

Your task is to configure OSPF such that :

• No external or inter-area routes are seen on RouterD. A default route should be present to reach these networks

•No E1 or E2 routes are seen on RouterE. A default route should be present to reach these networks. Routes from RouterF should be present on RouterA.

• Communication between RouterA, RouterB and RouterC is as secure as possible.

Lab Objectives

• Configure Area 1 as Totally Stubby

• Configure Area 2 as NSSA and ensure that the ABR is sending default route

• Configure message-digest authentication between RouterA, RouterB and RouterC

Lab SolutionThe first task requires us to configure Area 1 as Totally Stubby:

RouterB(config)#router ospf 1

RouterB(config-router)#area 1 stub no-summary

RouterD(config)#router ospf 1

RouterD(config-router)#area 1 stub

Let's verify on RouterD:

RouterD#sh ip ospf

Routing Process "ospf 1" with ID 4.4.4.4

Start time: 00:09:17.700, T ime elapsed: 00:25:47.876

Supports only single TOS(TOS0) routes

Supports opaque LSA

Supports Link-local Signaling (LLS)

Supports area transit capability

Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 5000 msecs

Minimum hold time between two consecutive SPFs 10000 msecs

Maximum wait time between two consecutive SPFs 10000 msecs

Incremental-SPF disabled



Minimum LSA interval 5 secs

Minimum LSA arrival 1000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission pacing timer 66 msecs

Number of external LSA 0. Checksum Sum 0x000000

Number of opaque AS LSA 0. Checksum Sum 0x000000

Number of DCbitless external and opaque AS LSA 0

Number of DoNotAge external and opaque AS LSA 0

Number of areas in this router is 1. 0 normal 1 stub 0 nssa

Number of areas transit capable is 0

External flood list length 0

Area 1

Number of interfaces in this area is 1

It is a stub area

Area has no authentication

SPF algorithm last executed 00:01:02.744 ago

SPF algorithm executed 4 times

Area ranges are

Number of LSA 3. Checksum Sum 0x016E12

Number of opaque link LSA 0. Checksum Sum 0x000000

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Flood list length 0

RouterD#sh ip route

--output truncated--

Gateway of last resort is 192.168.2.2 to network 0.0.0.0

4.0.0.0/24 is subnetted, 1 subnets



C 4.4.4.0 is directly connected, Loopback0

C 192.168.2.0/24 is directly connected, Serial0/0

O*IA 0.0.0.0/0 [110/65] via 192.168.2.2, 00:01:48, Serial0/0

RouterD#ping 10.1.3.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.3.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/59/128 ms

The above outputs shown that Area 1 is stub, a default route is being injected into the area by the ABR and RouterD can reach the external routes on RouterF.

Next task requires us to configure Area 2 as NSSA:

RouterC(config)#router ospf 1

RouterC(config-router)#area 2 nssa default-information-originate

RouterE(config)#router ospf 1

RouterE(config-router)#area 2 nssa

Let's verify the configuration and the routing tables:

RouterE#sh ip ospf

Routing Process "ospf 1" with ID 5.5.5.5

Start time: 00:10:21.252, T ime elapsed: 00:29:35.448

Supports only single TOS(TOS0) routes

Supports opaque LSA


Supports area transit capability

It is an autonomous system boundary router

Redistributing External Routes from,

rip, includes subnets in redistribution

Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 5000 msecs

Minimum hold time between two consecutive SPFs 10000 msecs

Maximum wait time between two consecutive SPFs 10000 msecs



Incremental-SPF disabled

Minimum LSA interval 5 secs

Minimum LSA arrival 1000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission pacing timer 66 msecs

Number of external LSA 0. Checksum Sum 0x000000

Number of opaque AS LSA 0. Checksum Sum 0x000000

Number of DCbitless external and opaque AS LSA 0

Number of DoNotAge external and opaque AS LSA 0

Number of areas in this router is 1. 0 normal 0 stub 1 nssa

Number of areas transit capable is 0

External flood list length 0

Area 2

Number of interfaces in this area is 1

It is a NSSA area

Area has no authentication

SPF algorithm last executed 00:01:20.680 ago

SPF algorithm executed 5 times

Area ranges are

Number of LSA 9. Checksum Sum 0x05D8B9

Number of opaque link LSA 0. Checksum Sum 0x000000

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Flood list length 0

RouterE#sh ip route


Gateway of last resort is 192.168.3.3 to network 0.0.0.0







R 10.1.3.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1

R 10.1.2.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1

R 10.1.1.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1

O IA 192.168.1.0/24 [110/74] via 192.168.3.3, 00:01:49, Serial0/0

O IA 192.168.2.0/24 [110/138] via 192.168.3.3, 00:01:49, Serial0/0


O*N2 0.0.0.0/0 [110/1] via 192.168.3.3, 00:01:49, Serial0/0

RouterC#sh ip route


Gateway of last resort is not set




O E2 172.16.1.0 [110/20] via 192.168.1.1, 00:02:46, FastEthernet0/0


O N2 192.168.4.0/24 [110/20] via 192.168.3.5, 00:02:46, Serial0/0


O N2 10.1.3.0 [110/20] via 192.168.3.5, 00:02:46, Serial0/0

O N2 10.1.2.0 [110/20] via 192.168.3.5, 00:02:47, Serial0/0

O N2 10.1.1.0 [110/20] via 192.168.3.5, 00:02:47, Serial0/0

C 192.168.1.0/24 is directly connected, FastEthernet0/0

O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:02:47, FastEthernet0/0


RouterA#sh ip route










O E2 192.168.4.0/24 [110/20] via 192.168.1.3, 00:03:18, FastEthernet0/0








The above outputs shown that Area 2 is a NSSA and the ABR is injecting a default route. We also see that no E1/E2 routes are seen on RouterE but the RouterC has the N2 rshown as E2 on RouterA.

The Final task requires us to configure Authentication between RouterA, RouterB and RouterC:

RouterA(config)#interface fa0/0

RouterA(config-if)#ip ospf authentication message-digest

RouterA(config-if)#ip ospf message-digest-key 1 md5 mypassword

RouterB(config)#interface fa0/0

RouterB(config-if)#ip ospf authentication message-digest

RouterB(config-if)#ip ospf message-digest-key 1 md5 mypassword

RouterC(config)#interface fa0/0

RouterC(config-if)#ip ospf authentication message-digest

RouterC(config-if)#ip ospf message-digest-key 1 md5 mypassword

Let's verify the OSPF interface configuration and see if the routing table is correct after applying authentication:

RouterA#sh ip ospf interface

FastEthernet0/0 is up, line protocol is up

Internet Address 192.168.1.1/24, Area 0



Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 1.1.1.1, Interface address 192.168.1.1

Backup Designated router (ID) 3.3.3.3, Interface address 192.168.1.3

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:04


Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 0, maximum is 2

Last flood scan time is 4 msec, maximum is 4 msec

Neighbor Count is 2, Adjacent neighbor count is 2

Adjacent with neighbor 2.2.2.2

Adjacent with neighbor 3.3.3.3 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

Message digest authentication enabled

Youngest key id is 1

RouterA#sh ip route

--output truncated—







O E2 192.168.4.0/24 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0










The above outputs show that authentication is enabled and routing table is correct after authentication has been applied. This means that the communication between the Rou

References:

OSPF Design Guide

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml

http://



Documents

Ospf Lab3 Exam