06.Advanced EIGRP Topics

7/28/2019 06.Advanced EIGRP Topics

1/15

Cisco CCNP ROUTE TrainingInstructor: Joe Rinehart, CCIE #14256

Advanced EIGRP Topics

Cisco CCNP ROUTE Training


In This Lesson:

Neighbor Authentication

Default Routes

Route Summarization

Route Filtering Functionality

EIGRP Stub Routing

Configuration of Advanced EIGRP Lab Exercises




1. Understanding EIGRP Authentication

2. Configuring EIGRP Authentication

3. Verifying EIGRP Authentication


2/15




Understanding EIGRP Authentication

What EIGRP Neighbor AuthenticationProvides

Restricting what devices may formneighbor relationships

Authentication of all messages sent

between configured peers

Prevents denial of service type attacks

What EIGRP Neighbor AuthenticationDoes Not Provide

Encryption of traffic betweenneighbors

Any type of data privacy




Understanding EIGRP Authentication

How EIGRP Neighbor AuthenticationOperates

Open-text mode is not supported

MD5 mode ensures no information istransmitted in the clear

Configuration elements similar to RIP

Preshared key configured onneighbors

Authentication completed on a per-

interface basis




Configuring EIGRP Authentication

Defining EIGRP Preshared Keys

Keys are defined using the key-chain command in global

configuration mode

Multiple keys may be configuredusing integer values (1,2,3, etc.)

Preshared key texts are definedusing the key-string

command in keychain mode

Differing lifetimes can be definedfor each key

Key-chain name locally significantbut key strings must match

key chain EIGRP-Keykey 1key-string myeigrpkey


3/15




Configuring EIGRP Authentication

Applying EIGRP Authentication to anInterface

Key chain is applied to the interfaceusing the ip authentication key-chain eigrp command

Even though only MD5 mode is theonly one supported, it must still bespecified on the interface (see syntaxto the left)

Interface s0/0.134ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100EIGRP-Key




Verifying EIGRP Authentication

Verify Neighbor Relationships are Up andFunctioning

show ip eigrp interfaces should list

active peers (non-zero)

show ip eigrp neighbors shouldshow all the expected neighbors

show key chain will list configuredkey chain and valid lifetime settings

debug eigrp packet can displayneighbor exchange messages for

troubleshooting purposes

Setting NTP can assist in clocksynchronization



Default Routes

1. Understanding Default Routing

2. Redistributing Static Route 0.0.0.0

3. Configuring a Default Network

4. Verification of Default Routing


4/15



Default Routes

Understanding Default Routing

General Purposes for a Default Route

Communicates path to other networksin host routing (discussed earlier)

Designates the path within anenterprise to one or more routers

connected to the Internet

Creates very simple routingconfiguration for stub networks

Mathematical Significance of the DefaultRoute

The opposite of 255.255.255.255

Designates the most general prefixpossible (any)



Default Routes

Redistributing Static Route 0.0.0.0

Static Route Configuration

Configure one or more default routesusing the command ip route 0.0.0.0

0.0.0.0

Floating static routes can be createdto build backup default routes

ip route 0.0.0.0 0.0.0.0 2 (primary route)

ip route 0.0.0.0 0.0.0.0 250 (secondary route)

Importing the Route Into EIGRP

Using redistribute static command

Using network 0.0.0.0 command



Default Routes

Configuring a Default Network

Static Configuration

Typically tied to a loopback interfaceon the originating device

Network must be known to all routersin the EIGRP routing domain

On the router used as the transitpoint, issue the ip default-network command in global

configuration mode

Flagged as a candidate default route


5/15



Default Routes

Verification of Default Routing

Verify Existence of EIGRP Default Route

show ip route eigrp should listroute 0.0.0.0/0

show ip route 0.0.0.0 should listroute details (D EX and AD of 170)

show ip eigrp topology will listentire topology table, look fornetwork 0.0.0.0/0

show ip eigrp topology 0.0.0.0 willlist detailed topology information

Use ping and trace to a public IPaddress to verify routing to/from thedevice



Route Summarization

1. Why Summarize Routes at All?

2. Choosing Where to Summarize

3. Configuring Summary Routes

4. Verification of Summary Routes



Route Summarization

Why Summarize Routes at All?

Positive Aspects of Route Summarization

Reduction in size and scope of routingtables

Shrinking of query scope (stops atrouter configured with summary)

Summary routes carry best metric

Potential Drawbacks

Possible less than optimal routing

Packet discards (if networks containedin the summary are unreachable)


6/15



Route Summarization

Choosing Where to Summarize

Good Network Design UsesSummarization

If IP address allocation is done well,summarization can be a simple task

Specific areas of the network may

lend themselves to summarization

Data center(s)

Wide Area Network

Network core

Campus locations

Select Summarization Points Carefully

Calculate the Route(s) Correctly



Route Summarization

Configuring Summary Routes

Uses the ip summary-address eigrp command

in interface configuration mode

Neighbor relationship will reset

Summary route to Null0 will becreated in the IP routing table forEIGRP

More specific routes in neighborrouting tables will be suppressed in

favor of the configured summaryroute

Multiple summary routes per interface



Route Summarization

Verification of Summary Routes

Verify Existence of Summary Route

show ip route eigrp should list onlythe summarized route

show ip route should listroute details

show ip eigrp topology should list the summary, more specificroutes should not be in the table

show ip route on the originating router should listthe route to Null0


7/15




1. Simple Filtering with Access-Lists

2. Filtering Using Prefix-Lists

3. Increasing Metrics with Offset-Lists

4. Advanced Filtering Using Route-Maps

5. Verifying Route-Filtering




Simple Filtering with Access-Lists

General Access-List Principles

Processing is top-down, starting withthe first line and continuing on

When a match is made all processingstops

Actions are permit and deny

An implicit deny all is at the end ofthe list

Wildcard masks are the inverse of

subnet masksAccess-lists may be named or

numbered




Simple Filtering with Access-Lists

Using Access-List for Route Filtering

Route filtering uses standard ratherthan extended access lists

Always place more specific entriesbefore more general ones

Applying the access-list is performedusing the distribute-list command

Access-List Filtering Syntax

access-list

distribute-list


8/15




Filtering Using Prefix-Lists

Understanding Prefix-Lists

Allows for the ability to match:

Route prefix/subnet

Prefix length/mask

Also has permit/deny actions:

Permit: Route is matched

Deny: Route is not matched

Can match varying mask lengths:

le (less than or equal to)

ge (greater than or equal to)

Applying the prefix-list is performedusing the distribute-list command




Filtering Using Prefix-Lists

Prefix-List Filtering Syntax

prefix-list [le | ge]

Distribute-list

le and ge can be used together tospecify a range of prefix lengths

Some remarkably complex logic canbe configured using prefix-lists




Increasing Metrics with Offset-Lists

Understanding Offset-Lists

Offset-lists utilize standard access-liststo match routes/prefixes (permit)

Offset-lists increase the integer valueof an EIGRP metric

Can be applied to either incoming oroutgoing on a specific interface

Changes both the reported distanceand feasible distance of a route

Specifying an access-list ofzero (0)applies the offset to all networks

Applying the list causes a rest of theneighbor relationship


9/15




Increasing Metrics with Offset-Lists

Offset-List Syntax

offset-list

Offset values can range from 0-

2147483647

Offset-lists are configured in eigrprouter mode (config-router)#




Advanced Filtering Using Route-Maps

Understanding Route-Maps

Route Maps can be utilized by allrouting protocols to perform multiple

levels of route manipulation

Route Maps use sequence numbers toidentify successive steps

Route Map actions include:

Match: Specifying Match Criteria:

IP address

Next-hop

Interface

Route metric




Advanced Filtering Using Route-Maps

Understanding Route-Maps

Route Map actions include:

Match: Specifying Match Criteria:

Route type (internal/external)

MPLS labels (out of scope)

Tag (tagged routes)

Set: Actions to take:

Metric (offset or static value)

Tag (tagged routes)

Other values exist but do notapply to EIGRP routemanipulation


10/15


11/15



EIGRP Stub Routing

1. Understanding EIGRP Stub Routing

2. Configuring EIGRP Stub Routing

3. Verifying EIGRP Stub Routing



EIGRP Stub Routing

Understanding EIGRP Stub Routing

What EIGRP Stub Routing Accomplishes

Specifies a particular router as not atransit device to other remote

networks

Typically present in sub and spoketopologies

Limits the scope of EIGRP queries

Depends on hub router for sendingappropriate routing updates

Simplifies spoke device configurationprocess



EIGRP Stub Routing

Configuring EIGRP Stub Routing

Configuration Takes Place on Stub Router

Use router eigrp command

Link to hub router must be specifiedusing the networkcommand

Stub process started using the eigrpstub command, with several options:

Connected

Summary

Static

Redistributed

Receive-only


12/15



EIGRP Stub Routing

Verifying EIGRP Stub Routing

On the EIGRP Stub Router

Execute show ip eigrp neighborscommand and verify presence of hub

Execute show ip route eigrp andconfirm all routes appear as expected

On the EIGRP Hub Router

Execute show ip eigrp neighborsdetail command and verify stubneighbor clearly identified

Execute show ip route eigrp andconfirm all routes appear as expectedfrom stub




1. Review of EIGRP Configuration Commands

2. Configuration of EIGRP Routers

3. Verification of EIGRP Configuration




Review of EIGRP Configuration

Commands Neighbor Authentication

Creation of keys using the key chain

command in globalconfiguration mode

Specification of preshared key usingthe key-string command

Application to the interface using the

ip authentication key-chain eigrp and ipauthentication mode eigrp md5 commands


13/15




Review of EIGRP ConfigurationCommands

Default Route Propagation on R4

Creation of static route using iproute 0.0.0.0 0.0.0.0 command

Injection of the static default routeusing the redistribute staticcommand under the EIGRP process

Route Summarization on R2

Suppression of loopback 0

(10.2.2.2/32) using the ipsummary-address eigrp command




Review of EIGRP ConfigurationCommands

Route Filtering on R2

Creation of standard access-list using

the access-list command

Applying filtering using thedistribute-list out command

Similar filtering command set using

the ip prefix-list / command




Review of EIGRP Configuration

Commands EIGRP Stub Routing on R5

Stripping of all networkcommands

except link to R2

Configuration of the stub routingprocess using the eigrp stubconnected command under the eigrprouting process


14/15




Configuration of EIGRP Routers

Using preshared key ofmyeigrpkeybetween frame-relay neighbors

Configuration of default route to192.168.254.1 (ASA Firewall) for Internetaccess

Creating EIGRP summary route of10.2.2.0/24 from R2

Filtering of 10.2.2.2/32 on all routingupdates from R2 to R1

Configuration of EIGRP stub routing on

R5, with R2 serving as the hub site router




Verification of EIGRP Configuration

Verify fully functional neighborrelationships on R1, R2, R3 & R4 usingthe show ip eigrp neighbor command

Verify existing of default route on allrouters using the show ip routecommand (D EX 0.0.0.0/0)

Verify no 10.2.2.2/32 route exists on allrouters except R5 using the show iproute eigrp and show ip eigrptopology commands

Verify R5 is correctly configured as a stubby confirming output ofshow ip eigrpneighbors detail on R2



Key Terms You Should Know

MD5Message Digest Algorithm 5, a hash function that creates

a 128 bit hash value and used by EIGRP in the neighborauthentication process

Route Summarization The process of taking a larger

number of contiguous and expressing them in a reduced form

Route-Filtering The process of selectively removing routesfrom the routing table and/or routing process

Distribute-List Route filtering method making use of access-lists, prefix-lists and route maps to remove routes

Offset-List In EIGRP, the act of adding integer values to aroute metric in order to influence routing preferences

Stub NetworkReference to a type of network with limitedentry/exit points (frequently one) in which limited routingcapabilities may be used


15/15



What We Covered


Default Routes

Route Summarization


EIGRP Stub Routing


Date post:	03-Apr-2018
Category:	Documents
Upload:	tim-aarons
View:	215 times
Download:	0 times

06.Advanced EIGRP Topics

Documents