CCNP Lab 017: EIGRP Multi-Technology

Lab

Lab Objective:
The focus of this lab is to understand EIGRP implementation and
configuration in Cisco IOS routers. Additional technologies tested include
stub routing, filtering, and authentication.
Lab Topology:
The lab network topology is illustrated below:

IMPORTANT NOTE
If you are using the www.101labs.net racks, please bring up the LAN
interfaces connected to the routers by issuing the no shutdown command on
the connected switches. If you are using a home lab with no
Switches, you can bring up the LAN interfaces using the following
configurations on your routers:
interface fastethernet 0/0
no keepalive
loopback
no shutdown
Alternately, you can simply connect the interfaces to a hub or switch if you
have one available in your own lab. Also, if you are using the
www.101labs.net racks, configure R3 as the Frame Relay switch using the
following configuration commands:
hostname R3-Frame-Relay-Switch
!
frame-relay switching
!
interface serial 1/0
description ‘Connected To R1 Serial 0/1’
encapsulation frame-relay
no ip address
clock rate 128000
frame-relay intf-type dce
frame-relay route 102 interface serial 1/1 201
frame-relay route 104 interface serial 1/2 401
no shutdown
!
interface serial 1/1
description ‘Connected To R2 Serial 0/1’
encapsulation frame-relay
no ip address
clock rate 128000
frame-relay intf-type dce
frame-relay route 201 interface serial 1/0 102
no shutdown
!
interface serial 1/2
description ‘Connected To R4 Serial 0/0’
encapsulation frame-relay
no ip address
clock rate 128000
frame-relay intf-type dce
frame-relay route 401 interface serial 1/0 104
no shutdown
!
end
Task 1
Configure hostnames and IP addresses on all routers as illustrated in the
network topology.
Task 2
Configure EIGRP for AS 1 as illustrated in the topology. However, do NOT
advertise the 150.x.x.x subnets on any router via EIGRP.
Task 3
Configure routers R2 and R4 to as EIGRP stub routers. These routers should
advertise their 150.x.x.x/24 subnets as Internal EIGRP routes to R1.
Task 4
Configure R1 so that it advertises ONLY a default route to both R2 and R4 as
an External EIGRP route. Next, verify your configuration using the
appropriate commands. Additionally, also verify that R2 and R4 can ping
each others’ 150.x.x.x/24 subnets from their LAN interfaces, as well as the
150.1.1.0/24 subnet on R1s LAN.
Task 5
Configure EIGRP authentication for AS 1 so that all the routers use the
password CCNP-2010; however, after 15 minutes, the routers should stop
using this password and begin using the password CCNP-2011. The
password CCNP-2011 should be used by all routers indefinitely. Verify your
configuration using the appropriate commands.
Lab Validation:
Task 1
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#no shutdown
R1(config-if)#ip address 150.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface serial 0/1
R1(config-if)#ip address 10.0.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#encapsulation frame-relay
R1(config-if)#exit
Router(config)#hostname R2
R2(config)#interface fastethernet 0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 150.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.0.0.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#encapsulation frame-relay
R2(config-if)#exit
Router(config)#hostname R4
R4(config)#interface fastethernet 0/0
R4(config-if)#no shutdown
R4(config-if)#ip address 150.4.4.4 255.255.255.0
R4(config-if)#exit
R4(config)#interface serial 0/0
R4(config-if)#ip address 10.0.0.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#encapsulation frame-relay
R4(config-if)#exit
Task 2
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#network 10.0.0.1 0.0.0.0
R1(config-router)#exit
R2(config)#router eigrp 1
R2(config-router)#no auto-summary
R2(config-router)#network 10.0.0.2 0.0.0.0
R2(config-router)#exit
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.4 0.0.0.0
R4(config-router)#exit
Use the show ip eigrp neighbors command to verify your configuration:
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.0.4 Se0/1 135 00:00:46 16 200 0 3
0 10.0.0.2 Se0/1 157 00:01:20 15 200 0 3
R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.0.1 Se0/1 166 00:01:39 1264 5000 0 3
R4#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.0.1 Se0/0 151 00:01:19 1219 5000 0 5
Task 3
By default, EIGRP stub routers advertise connected and summary routes.
Therefore, no explicit configuration other than enabling EIGRP for the
150.x.x.x/24 subnets is required:
R2(config)#router eigrp 1
R2(config-router)#network 150.2.2.2 0.0.0.0
R2(config-router)#eigrp stub
R2(config-router)#exit
R4(config)#router eigrp 1
R4(config-router)#network 150.4.4.4 0.0.0.0
R4(config-router)#eigrp stub
R4(config-router)#exit
Verify your configuration using the show ip eigrp neighbors detail
command on R1:
R1#show ip eigrp neighbors detail
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.0.4 Se0/1 160 00:00:21 1253 5000 0 8
Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
0 10.0.0.2 Se0/1 161 00:02:15 654 3924 0 7
Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
Alternatively, you can use the show ip protocols command on the stub
routers:
R2#show ip protocols
Routing Protocol is “eigrp 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
EIGRP stub, connected, summary
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
10.0.0.2/32
150.2.2.2/32
Routing Information Sources:
Gateway Distance Last Update
10.0.0.1 90 00:01:39
Distance: internal 90 external 170
R4#show ip protocols
Routing Protocol is “eigrp 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
EIGRP stub, connected, summary
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
10.0.0.4/32
150.4.4.4/32
Routing Information Sources:
Gateway Distance Last Update
10.0.0.1 90 00:00:48
Distance: internal 90 external 170
Verify that the routes are received on R1 using the show ip route [eigrp]
command:
R1#show ip route eigrp
150.2.0.0/24 is subnetted, 1 subnets
D 150.2.2.0 [90/2172416] via 10.0.0.2, 00:05:26, Serial0/1
150.4.0.0/24 is subnetted, 1 subnets
D 150.4.4.0 [90/2172416] via 10.0.0.4, 00:03:32, Serial0/1
Task 4
The task is to advertise an external default route to R2 and R4. Because split
horizon is enabled by default, R1 will not advertise the 150.2.2.0/24 and
150.3.3.0/24 subnets out the same interface via which they were received, so
no explicit filtering configuration for EIGRP is required on R1. This task is
completed as follows:
R1(config)#ip route 0.0.0.0 0.0.0.0 null 0
R1(config)#router eigrp 1
R1(config-router)#redistribute static
R1(config-router)#exit
Verify your configuration by looking at the routing tables on R2 and R4:
R2#show ip route eigrp
D*EX 0.0.0.0/0 [170/2169856] via 10.0.0.1, 00:00:35, Serial0/1
R4#show ip route eigrp
D*EX 0.0.0.0/0 [170/2169856] via 10.0.0.1, 00:00:53, Serial0/0
Verify IP connectivity using simple pings:
R1#ping 150.2.2.2 source 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R1#ping 150.4.4.4 source 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 150.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R2#ping 150.1.1.1 source 150.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 150.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R2#ping 150.4.4.4 source 150.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 150.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R4#ping 150.1.1.1 source 150.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 150.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R4#ping 150.2.2.2 source 150.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 150.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Task 5
There are several ways in which this task can be completed. One way would
be to synchronize the router clocks by manually setting the system clock
using the clock set command or using the Network Time Protocol (NTP). If
this solution is used, this task is completed as follows:
R1(config)#clock timezone CST -6
R1(config)#clock summer-time CST recurring
R1(config)#ntp master
R1(config)#exit
R2(config)#clock timezone CST -6
R2(config)#clock summer-time CST recurring
R2(config)#ntp server 10.0.0.1
R2(config)#exit
R4(config)#clock timezone CST -6
R4(config)#clock summer-time CST recurring
R4(config)#ntp server 10.0.0.1
R4(config)#exit
Verify Network Time Protocol and clock settings using the show ntp status
command:
R4#show ntp status
Clock is synchronized, stratum 9, reference is 10.0.0.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is D170B71D.82C8E0A7 (01:30:53.510 CST Sun May 8
2011)
clock offset is -0.0292 msec, root delay is 24.98 msec
root dispersion is 125.11 msec, peer dispersion is 125.05 msec
Following this configuration, you can then configure EIGRP authentication
as follows:
R1(config)#key chain EIGRP-AUTH
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CCNP-2010
R1(config-keychain-key)#accept local 01:45:00 May 8 2011 02:00:00 May
8 2011
R1(config-keychain-key)#send local 01:45:00 May 8 2011 02:00:00 May 8
2011
R1(config-keychain-key)#exit
R1(config-keychain)#key 2
R1(config-keychain-key)#key-string CCNP-2011
R1(config-keychain-key)#accept-lifetime local 02:00:00 May 8 2011
infinite
R1(config-keychain-key)#send-lifetime local 02:00:00 May 8 2011 infinite
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#interface serial 0/0
R1(config-if)#ip authentication mode eigrp 1 md5
R1(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R1(config-if)#exit
R2(config)#key chain EIGRP-AUTH
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CCNP-2010
R2(config-keychain-key)#accept local 01:45:00 May 8 2011 02:00:00 May
8 2011
R2(config-keychain-key)#send local 01:45:00 May 8 2011 02:00:00 May 8
2011
R2(config-keychain-key)#exit
R2(config-keychain)#key 2
R2(config-keychain-key)#key-string CCNP-2011
R2(config-keychain-key)#accept-lifetime local 02:00:00 May 8 2011
infinite
R2(config-keychain-key)#send-lifetime local 02:00:00 May 8 2011 infinite
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip authentication mode eigrp 1 md5
R2(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R2(config-if)#exit
R4(config)#key chain EIGRP-AUTH
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string CCNP-2010
R4(config-keychain-key)#accept local 01:45:00 May 8 2011 02:00:00 May
8 2011
R4(config-keychain-key)#send local 01:45:00 May 8 2011 02:00:00 May 8
2011
R4(config-keychain-key)#exit
R4(config-keychain)#key 2
R4(config-keychain-key)#key-string CCNP-2011
R4(config-keychain-key)#accept-lifetime local 02:00:00 May 8 2011
infinite
R4(config-keychain-key)#send-lifetime local 02:00:00 May 8 2011 infinite
R4(config-keychain-key)#exit
R4(config-keychain)#exit
R4(config)#interface serial 0/0
R4(config-if)#ip authentication mode eigrp 1 md5
R4(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R4(config-if)#exit
Following this, verify the key chain configuring using the show key chain
command:
R1#show clock
01:54:36.175 CST Sun May 8 2011
R1#show key chain EIGRP-AUTH
Key-chain EIGRP-AUTH:
key 1 -- text “CCNP-2010”
accept lifetime (01:45:00 CST May 8 2011) - (02:00:00 CST May 8 2011)
[valid now]
send lifetime (01:45:00 CST May 8 2011) - (02:00:00 CST May 8 2011)
[valid now]
key 2 -- text “CCNP-2011”
accept lifetime (02:00:00 CST May 8 2011) - (infinite)
send lifetime (02:00:00 CST May 8 2011) - (infinite)
After the configured time interval has elapsed, the second key is used and the
first invalidated:
R1#show key chain EIGRP-AUTH
Key-chain EIGRP-AUTH:
key 1 -- text “CCNP-2010”
accept lifetime (01:45:00 CST May 8 2011) - (02:00:00 CST May 8 2011)
send lifetime (01:45:00 CST May 8 2011) - (02:00:00 CST May 8 2011)
key 2 -- text “CCNP-2011”
accept lifetime (02:00:00 CST May 8 2011) - (infinite) [valid now]
send lifetime (02:00:00 CST May 8 2011) - (infinite) [valid now]
The second method would simply be to specify the duration in the key chain.
To do this, you will need to know the local time on each router, which is why
the synchronized time, i.e. the NTP method is better - especially if you have
multiple routers. This is completed as follows:
R1(config)#key chain EIGRP-AUTH
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CCNP-2010
R1(config-keychain-key)#send-lifetime 01:45:00 May 8 2011 duration 900
R1(config-keychain-key)#accept-lifetime 01:45:00 May 8 2011 duration
900
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#key chain EIGRP-AUTH
R1(config-keychain)#key 2
R1(config-keychain-key)#key-string CCNP-2011
R1(config-keychain-key)#accept 02:00:00 May 8 2011 infinite
R1(config-keychain-key)#exit
NOTE: The duration is specified in seconds. 15 minutes = 900 seconds.
R1#show key chain EIGRP-AUTH
Key-chain EIGRP-AUTH:
key 1 -- text “CCNP-2010”
accept lifetime (01:45:00 UTC May 8 2011) - (900 seconds) [valid now]
send lifetime (01:45:00 UTC May 8 2011) - (900 seconds) [valid now]
key 2 -- text “CCNP-2011”
accept lifetime (02:00:00 UTC May 8 2011) - (infinite)
send lifetime (02:00:00 UTC May 8 2011) - (infinite)
After the configured time interval has elapsed, the second key is used and the
first invalidated:
R1#show key chain EIGRP-AUTH
Key-chain EIGRP-AUTH:
key 1 -- text “CCNP-2010”
accept lifetime (01:45:00 UTC May 8 2011) - (900 seconds)
send lifetime (01:45:00 UTC May 8 2011) - (900 seconds)
key 2 -- text “CCNP-2011”
accept lifetime (02:00:00 UTC May 8 2011) - (infinite) [valid now]
send lifetime (02:00:00 UTC May 8 2011) - (infinite) [valid now]