Date post: | 03-Apr-2018 |
Category: |
Documents |
Upload: | tim-aarons |
View: | 215 times |
Download: | 0 times |
of 15
7/28/2019 06.Advanced EIGRP Topics
1/15
Cisco CCNP ROUTE TrainingInstructor: Joe Rinehart, CCIE #14256
Advanced EIGRP Topics
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
In This Lesson:
Neighbor Authentication
Default Routes
Route Summarization
Route Filtering Functionality
EIGRP Stub Routing
Configuration of Advanced EIGRP Lab Exercises
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
1. Understanding EIGRP Authentication
2. Configuring EIGRP Authentication
3. Verifying EIGRP Authentication
7/28/2019 06.Advanced EIGRP Topics
2/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
Understanding EIGRP Authentication
What EIGRP Neighbor AuthenticationProvides
Restricting what devices may formneighbor relationships
Authentication of all messages sent
between configured peers
Prevents denial of service type attacks
What EIGRP Neighbor AuthenticationDoes Not Provide
Encryption of traffic betweenneighbors
Any type of data privacy
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
Understanding EIGRP Authentication
How EIGRP Neighbor AuthenticationOperates
Open-text mode is not supported
MD5 mode ensures no information istransmitted in the clear
Configuration elements similar to RIP
Preshared key configured onneighbors
Authentication completed on a per-
interface basis
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
Configuring EIGRP Authentication
Defining EIGRP Preshared Keys
Keys are defined using the key-chain command in global
configuration mode
Multiple keys may be configuredusing integer values (1,2,3, etc.)
Preshared key texts are definedusing the key-string
command in keychain mode
Differing lifetimes can be definedfor each key
Key-chain name locally significantbut key strings must match
key chain EIGRP-Keykey 1key-string myeigrpkey
7/28/2019 06.Advanced EIGRP Topics
3/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
Configuring EIGRP Authentication
Applying EIGRP Authentication to anInterface
Key chain is applied to the interfaceusing the ip authentication key-chain eigrp command
Even though only MD5 mode is theonly one supported, it must still bespecified on the interface (see syntaxto the left)
Interface s0/0.134ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100EIGRP-Key
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Neighbor Authentication
Verifying EIGRP Authentication
Verify Neighbor Relationships are Up andFunctioning
show ip eigrp interfaces should list
active peers (non-zero)
show ip eigrp neighbors shouldshow all the expected neighbors
show key chain will list configuredkey chain and valid lifetime settings
debug eigrp packet can displayneighbor exchange messages for
troubleshooting purposes
Setting NTP can assist in clocksynchronization
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Default Routes
1. Understanding Default Routing
2. Redistributing Static Route 0.0.0.0
3. Configuring a Default Network
4. Verification of Default Routing
7/28/2019 06.Advanced EIGRP Topics
4/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Default Routes
Understanding Default Routing
General Purposes for a Default Route
Communicates path to other networksin host routing (discussed earlier)
Designates the path within anenterprise to one or more routers
connected to the Internet
Creates very simple routingconfiguration for stub networks
Mathematical Significance of the DefaultRoute
The opposite of 255.255.255.255
Designates the most general prefixpossible (any)
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Default Routes
Redistributing Static Route 0.0.0.0
Static Route Configuration
Configure one or more default routesusing the command ip route 0.0.0.0
0.0.0.0
Floating static routes can be createdto build backup default routes
ip route 0.0.0.0 0.0.0.0 2 (primary route)
ip route 0.0.0.0 0.0.0.0 250 (secondary route)
Importing the Route Into EIGRP
Using redistribute static command
Using network 0.0.0.0 command
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Default Routes
Configuring a Default Network
Static Configuration
Typically tied to a loopback interfaceon the originating device
Network must be known to all routersin the EIGRP routing domain
On the router used as the transitpoint, issue the ip default-network command in global
configuration mode
Flagged as a candidate default route
7/28/2019 06.Advanced EIGRP Topics
5/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Default Routes
Verification of Default Routing
Verify Existence of EIGRP Default Route
show ip route eigrp should listroute 0.0.0.0/0
show ip route 0.0.0.0 should listroute details (D EX and AD of 170)
show ip eigrp topology will listentire topology table, look fornetwork 0.0.0.0/0
show ip eigrp topology 0.0.0.0 willlist detailed topology information
Use ping and trace to a public IPaddress to verify routing to/from thedevice
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Summarization
1. Why Summarize Routes at All?
2. Choosing Where to Summarize
3. Configuring Summary Routes
4. Verification of Summary Routes
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Summarization
Why Summarize Routes at All?
Positive Aspects of Route Summarization
Reduction in size and scope of routingtables
Shrinking of query scope (stops atrouter configured with summary)
Summary routes carry best metric
Potential Drawbacks
Possible less than optimal routing
Packet discards (if networks containedin the summary are unreachable)
7/28/2019 06.Advanced EIGRP Topics
6/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Summarization
Choosing Where to Summarize
Good Network Design UsesSummarization
If IP address allocation is done well,summarization can be a simple task
Specific areas of the network may
lend themselves to summarization
Data center(s)
Wide Area Network
Network core
Campus locations
Select Summarization Points Carefully
Calculate the Route(s) Correctly
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Summarization
Configuring Summary Routes
Uses the ip summary-address eigrp command
in interface configuration mode
Neighbor relationship will reset
Summary route to Null0 will becreated in the IP routing table forEIGRP
More specific routes in neighborrouting tables will be suppressed in
favor of the configured summaryroute
Multiple summary routes per interface
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Summarization
Verification of Summary Routes
Verify Existence of Summary Route
show ip route eigrp should list onlythe summarized route
show ip route should listroute details
show ip eigrp topology should list the summary, more specificroutes should not be in the table
show ip route on the originating router should listthe route to Null0
7/28/2019 06.Advanced EIGRP Topics
7/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
1. Simple Filtering with Access-Lists
2. Filtering Using Prefix-Lists
3. Increasing Metrics with Offset-Lists
4. Advanced Filtering Using Route-Maps
5. Verifying Route-Filtering
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Simple Filtering with Access-Lists
General Access-List Principles
Processing is top-down, starting withthe first line and continuing on
When a match is made all processingstops
Actions are permit and deny
An implicit deny all is at the end ofthe list
Wildcard masks are the inverse of
subnet masksAccess-lists may be named or
numbered
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Simple Filtering with Access-Lists
Using Access-List for Route Filtering
Route filtering uses standard ratherthan extended access lists
Always place more specific entriesbefore more general ones
Applying the access-list is performedusing the distribute-list command
Access-List Filtering Syntax
access-list
distribute-list
7/28/2019 06.Advanced EIGRP Topics
8/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Filtering Using Prefix-Lists
Understanding Prefix-Lists
Allows for the ability to match:
Route prefix/subnet
Prefix length/mask
Also has permit/deny actions:
Permit: Route is matched
Deny: Route is not matched
Can match varying mask lengths:
le (less than or equal to)
ge (greater than or equal to)
Applying the prefix-list is performedusing the distribute-list command
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Filtering Using Prefix-Lists
Prefix-List Filtering Syntax
prefix-list [le | ge]
Distribute-list
le and ge can be used together tospecify a range of prefix lengths
Some remarkably complex logic canbe configured using prefix-lists
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Increasing Metrics with Offset-Lists
Understanding Offset-Lists
Offset-lists utilize standard access-liststo match routes/prefixes (permit)
Offset-lists increase the integer valueof an EIGRP metric
Can be applied to either incoming oroutgoing on a specific interface
Changes both the reported distanceand feasible distance of a route
Specifying an access-list ofzero (0)applies the offset to all networks
Applying the list causes a rest of theneighbor relationship
7/28/2019 06.Advanced EIGRP Topics
9/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Increasing Metrics with Offset-Lists
Offset-List Syntax
offset-list
Offset values can range from 0-
2147483647
Offset-lists are configured in eigrprouter mode (config-router)#
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Advanced Filtering Using Route-Maps
Understanding Route-Maps
Route Maps can be utilized by allrouting protocols to perform multiple
levels of route manipulation
Route Maps use sequence numbers toidentify successive steps
Route Map actions include:
Match: Specifying Match Criteria:
IP address
Next-hop
Interface
Route metric
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Route Filtering Functionality
Advanced Filtering Using Route-Maps
Understanding Route-Maps
Route Map actions include:
Match: Specifying Match Criteria:
Route type (internal/external)
MPLS labels (out of scope)
Tag (tagged routes)
Set: Actions to take:
Metric (offset or static value)
Tag (tagged routes)
Other values exist but do notapply to EIGRP routemanipulation
7/28/2019 06.Advanced EIGRP Topics
10/15
7/28/2019 06.Advanced EIGRP Topics
11/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
EIGRP Stub Routing
1. Understanding EIGRP Stub Routing
2. Configuring EIGRP Stub Routing
3. Verifying EIGRP Stub Routing
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
EIGRP Stub Routing
Understanding EIGRP Stub Routing
What EIGRP Stub Routing Accomplishes
Specifies a particular router as not atransit device to other remote
networks
Typically present in sub and spoketopologies
Limits the scope of EIGRP queries
Depends on hub router for sendingappropriate routing updates
Simplifies spoke device configurationprocess
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
EIGRP Stub Routing
Configuring EIGRP Stub Routing
Configuration Takes Place on Stub Router
Use router eigrp command
Link to hub router must be specifiedusing the networkcommand
Stub process started using the eigrpstub command, with several options:
Connected
Summary
Static
Redistributed
Receive-only
7/28/2019 06.Advanced EIGRP Topics
12/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
EIGRP Stub Routing
Verifying EIGRP Stub Routing
On the EIGRP Stub Router
Execute show ip eigrp neighborscommand and verify presence of hub
Execute show ip route eigrp andconfirm all routes appear as expected
On the EIGRP Hub Router
Execute show ip eigrp neighborsdetail command and verify stubneighbor clearly identified
Execute show ip route eigrp andconfirm all routes appear as expectedfrom stub
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
1. Review of EIGRP Configuration Commands
2. Configuration of EIGRP Routers
3. Verification of EIGRP Configuration
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Review of EIGRP Configuration
Commands Neighbor Authentication
Creation of keys using the key chain
command in globalconfiguration mode
Specification of preshared key usingthe key-string command
Application to the interface using the
ip authentication key-chain eigrp and ipauthentication mode eigrp md5 commands
7/28/2019 06.Advanced EIGRP Topics
13/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Review of EIGRP ConfigurationCommands
Default Route Propagation on R4
Creation of static route using iproute 0.0.0.0 0.0.0.0 command
Injection of the static default routeusing the redistribute staticcommand under the EIGRP process
Route Summarization on R2
Suppression of loopback 0
(10.2.2.2/32) using the ipsummary-address eigrp command
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Review of EIGRP ConfigurationCommands
Route Filtering on R2
Creation of standard access-list using
the access-list command
Applying filtering using thedistribute-list out command
Similar filtering command set using
the ip prefix-list / command
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Review of EIGRP Configuration
Commands EIGRP Stub Routing on R5
Stripping of all networkcommands
except link to R2
Configuration of the stub routingprocess using the eigrp stubconnected command under the eigrprouting process
7/28/2019 06.Advanced EIGRP Topics
14/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Configuration of EIGRP Routers
Using preshared key ofmyeigrpkeybetween frame-relay neighbors
Configuration of default route to192.168.254.1 (ASA Firewall) for Internetaccess
Creating EIGRP summary route of10.2.2.0/24 from R2
Filtering of 10.2.2.2/32 on all routingupdates from R2 to R1
Configuration of EIGRP stub routing on
R5, with R2 serving as the hub site router
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Configuration of Advanced EIGRP Lab Exercises
Verification of EIGRP Configuration
Verify fully functional neighborrelationships on R1, R2, R3 & R4 usingthe show ip eigrp neighbor command
Verify existing of default route on allrouters using the show ip routecommand (D EX 0.0.0.0/0)
Verify no 10.2.2.2/32 route exists on allrouters except R5 using the show iproute eigrp and show ip eigrptopology commands
Verify R5 is correctly configured as a stubby confirming output ofshow ip eigrpneighbors detail on R2
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
Key Terms You Should Know
MD5Message Digest Algorithm 5, a hash function that creates
a 128 bit hash value and used by EIGRP in the neighborauthentication process
Route Summarization The process of taking a larger
number of contiguous and expressing them in a reduced form
Route-Filtering The process of selectively removing routesfrom the routing table and/or routing process
Distribute-List Route filtering method making use of access-lists, prefix-lists and route maps to remove routes
Offset-List In EIGRP, the act of adding integer values to aroute metric in order to influence routing preferences
Stub NetworkReference to a type of network with limitedentry/exit points (frequently one) in which limited routingcapabilities may be used
7/28/2019 06.Advanced EIGRP Topics
15/15
Cisco CCNP ROUTE Training
Advanced EIGRP Topics
What We Covered
Neighbor Authentication
Default Routes
Route Summarization
Route Filtering Functionality
EIGRP Stub Routing
Configuration of Advanced EIGRP Lab Exercises