Narbik OSPF Filtering

CCIE R&S by Narbik Kocharians Boot Camp 4.0 Page 1 of 33

© 2011 Narbik Kocharians. All rights reserved

Boot Camp 4.0

Configure, Verify & TEST

www.MicronicsTraining.com

Narbik Kocharians CCIE #12410

R&S, Security, SP

Boot Camp

4.0

Volume I





The Serial connection between R1 and R3

The Serial connection between R4 and R5



Frame-Relay Switch connections



Frame-Relay DLCI connections: Router Local DLCI Connecting to: R1 102

112 103 104 105 106 164

R2 R2 R3 R4 R5 R6 R4

R2 201 211 203 204 205 206

R1 R1 R3 R4 R5 R6

R3 301 302 304 305 306

R1 R2 R4 R5 R6

R4 401 402 403 405 406 461

R1 R2 R3 R5 R6 R1

R5 501 502 503 504 506

R1 R2 R3 R4 R6

R6 601 602 603 604 605

R1 R2 R3 R4 R5



Switch to Switch connections



Lab rules:

• All Loopback interfaces MUST be advertised with their correct mask.

• Configure the OSPF router-id of the routers based on the following chart:

Lab 3 – OSPF Filtering



R1 : 1.1.1.1 R2 : 2.2.2.2 R3 : 3.3.3.3 R4 : 4.4.4.4 R5 : 5.5.5.5 R6 : 6.6.6.6 BB1 : 111.111.111.111 BB2 : 122.122.122.122 Task 1 Configure R1 and R3 such that the S0/1 link connecting them to each other is NOT advertised. R1 and R3 should still maintain their adjacency through this interface.

Using the “IP OSPF prefix-suppression” interface configuration command, you can explicitly configure a given OSPF enabled interface NOT to advertise its IP network to its neighbor/s without effecting the neighbor adjacency.

On R1 R1(config)#int S0/1 R1(config-if)#ip ospf prefix-suppression On R3 R3(config)#int S0/1 R3(config-if)#ip ospf prefix-suppression To test the configuration: On R3 R3#Show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 111.111.111.111 1 FULL/BDR 00:00:32 10.1.1.111 FastEthernet0/0 122.122.122.122 1 FULL/DR 00:00:31 10.1.3.112 FastEthernet0/1 1.1.1.1 0 FULL/ - 00:00:32 10.1.100.1 Serial0/1

On BB2 BB2#Show ip route ospf | Inc O O IA 1.1.1.0 [110/66] via 10.1.3.3, 00:19:04, FastEthernet0/1 O IA 50.5.5.5 [110/67] via 10.1.3.3, 00:02:04, FastEthernet0/1 O IA 100.1.1.0 [110/66] via 10.1.3.3, 00:19:04, FastEthernet0/1 O IA 55.5.5.5 [110/67] via 10.1.3.3, 00:02:04, FastEthernet0/1 O IA 5.5.5.5 [110/67] via 10.1.3.3, 00:02:04, FastEthernet0/1 O IA 111.1.1.0 [110/66] via 10.1.3.3, 00:19:04, FastEthernet0/1 O IA 10.1.15.0 [110/66] via 10.1.3.3, 00:02:24, FastEthernet0/1 O 10.1.1.0 [110/2] via 10.1.3.3, 00:22:28, FastEthernet0/1



O IA 11.1.1.0 [110/66] via 10.1.3.3, 00:19:04, FastEthernet0/1 O IA 150.5.5.5 [110/67] via 10.1.3.3, 00:02:04, FastEthernet0/1

Task 2 Configure R5 such that it ONLY advertises its Lo0 and Lo1, DO NOT remove or modify the “Network” command configured in router configuration mode.

The output of the following show command reveals that R5 is advertising its Lo0 – Lo3. Network 5.5.5.0 /24 and 50.5.5.0 /24 are R5’s Lo0 and Lo1.

On R1 R1#Show ip route ospf | Inc O O 50.5.5.0 [110/2] via 10.1.15.5, 00:00:10, FastEthernet0/0 O 55.5.5.0 [110/2] via 10.1.15.5, 00:03:22, FastEthernet0/0 O 5.5.5.0 [110/2] via 10.1.15.5, 00:00:10, FastEthernet0/0 O IA 10.1.3.0 [110/65] via 10.1.100.3, 00:44:31, Serial0/1 O IA 10.1.1.0 [110/65] via 10.1.100.3, 00:44:31, Serial0/1 O IA 10.1.200.0 [110/66] via 10.1.100.3, 00:44:31, Serial0/1 O 150.5.5.0 [110/2] via 10.1.15.5, 00:03:22, FastEthernet0/0

On R5 Using the “Prefix-suppression” command in router configuration mode globally suppresses all the networks advertised in OSPF. The interface version of this command takes precedence over the global one. The “prefix-suppression” command prevents OSPF from advertising all IP prefixes except prefixes that are associated with Loopbacks, Secondary and/or passive interfaces. R5(config)#Router ospf 1 R5(config-router)#Prefix-suppression

To verify the configuration: On R1 Note the prefixes are all suppressed: R1#Show ip route ospf | Inc O O IA 10.1.3.0 [110/65] via 10.1.100.3, 00:47:21, Serial0/1 O IA 10.1.1.0 [110/65] via 10.1.100.3, 00:47:21, Serial0/1 O IA 10.1.200.0 [110/66] via 10.1.100.3, 00:47:21, Serial0/1

The following configuration sets the Lo0 and Lo1 as passive, therefore, they will NOT get



suppressed:

On R5 R5(config)#router ospf 1 R5(config-router)#passive-interface lo0 R5(config-router)#passive-interface lo1 R5#Clear ip ospf proc Reset ALL OSPF processes? [no]: y

To test the configuration: On R1 R1#Show ip route ospf | Inc O O 50.5.5.0 [110/2] via 10.1.15.5, 00:01:22, FastEthernet0/0 O 5.5.5.0 [110/2] via 10.1.15.5, 00:01:22, FastEthernet0/0 O IA 10.1.3.0 [110/65] via 10.1.100.3, 00:53:52, Serial0/1 O IA 10.1.1.0 [110/65] via 10.1.100.3, 00:53:52, Serial0/1 O IA 10.1.200.0 [110/66] via 10.1.100.3, 00:53:52, Serial0/1

Task 3 Configure R3 to redistribute OSPF into BGP AS 100. BB2 should redistribute its Lo99 into OSPF such that BB1 DOES NOT get network 99.0.0.0 /8 in its BGP and/or routing table.

On R3 R3(config)#router bgp 100 R3(config-router)#redistribute ospf 1 match internal external 1 external 2

To verify the configuration: On BB1 BB1#Sh ip bgp | B Network Network Next Hop Metric LocPrf Weight Path r>i1.1.1.0/24 10.1.100.1 65 100 0 ? r>i5.5.5.0/24 10.1.100.1 66 100 0 ? r>i10.1.1.0/24 10.1.1.3 0 100 0 ? r>i10.1.3.0/24 10.1.1.3 0 100 0 ?



r>i10.1.15.0/24 10.1.100.1 65 100 0 ? *>i10.1.100.0/24 10.1.1.3 0 100 0 ? r>i10.1.200.0/24 10.1.3.112 2 100 0 ? r>i11.1.1.0/24 10.1.100.1 65 100 0 ? r>i50.5.5.0/24 10.1.100.1 66 100 0 ? r>i100.1.1.0/24 10.1.100.1 65 100 0 ? r>i111.1.1.0/24 10.1.100.1 65 100 0 ?

On BB2 BB2(config)#Route-map TST BB2(config-route-map)#match inter Lo99 BB2(config)#Router ospf 1 BB2(config-router)#redistribute connected route-map TST subnets

To verify the configuration: On BB1 BB1#Show ip bgp | B Network Network Next Hop Metric LocPrf Weight Path r>i1.1.1.0/24 10.1.100.1 65 100 0 ? r>i5.5.5.0/24 10.1.100.1 66 100 0 ? r>i10.1.1.0/24 10.1.1.3 0 100 0 ? r>i10.1.3.0/24 10.1.1.3 0 100 0 ? r>i10.1.15.0/24 10.1.100.1 65 100 0 ? *>i10.1.100.0/24 10.1.1.3 0 100 0 ? r>i10.1.200.0/24 10.1.3.112 2 100 0 ? r>i11.1.1.0/24 10.1.100.1 65 100 0 ? r>i50.5.5.0/24 10.1.100.1 66 100 0 ? r>i99.0.0.0 10.1.3.112 20 100 0 ? r>i100.1.1.0/24 10.1.100.1 65 100 0 ? r>i111.1.1.0/24 10.1.100.1 65 100 0 ?

To configure the task: On BB2 BB2(config)#route-map TST BB2(config-route-map)#Set tag 3758096384 To see the entire configuration: On BB2 BB2#Sh run | s route-map



redistribute connected subnets route-map TST route-map TST permit 10 match interface Loopback99 set tag 3758096384

To test and verify the configuration: On BB1 BB1#Show ip bgp | B Network Network Next Hop Metric LocPrf Weight Path r>i1.1.1.0/24 10.1.100.1 65 100 0 ? r>i5.5.5.0/24 10.1.100.1 66 100 0 ? r>i10.1.1.0/24 10.1.1.3 0 100 0 ? r>i10.1.3.0/24 10.1.1.3 0 100 0 ? r>i10.1.15.0/24 10.1.100.1 65 100 0 ? *>i10.1.100.0/24 10.1.1.3 0 100 0 ? r>i10.1.200.0/24 10.1.3.112 2 100 0 ? r>i11.1.1.0/24 10.1.100.1 65 100 0 ? r>i50.5.5.0/24 10.1.100.1 66 100 0 ? r>i100.1.1.0/24 10.1.100.1 65 100 0 ? r>i111.1.1.0/24 10.1.100.1 65 100 0 ?

To see the difference: On BB2 BB2(config)#route-map TST BB2(config-route-map)#set tag 3758096383

To verify the test: On BB1 BB1#Show ip bgp | B Network Network Next Hop Metric LocPrf Weight Path r>i1.1.1.0/24 10.1.100.1 65 100 0 ? r>i5.5.5.0/24 10.1.100.1 66 100 0 ? r>i10.1.1.0/24 10.1.1.3 0 100 0 ? r>i10.1.3.0/24 10.1.1.3 0 100 0 ? r>i10.1.15.0/24 10.1.100.1 65 100 0 ? *>i10.1.100.0/24 10.1.1.3 0 100 0 ? r>i10.1.200.0/24 10.1.3.112 2 100 0 ? r>i11.1.1.0/24 10.1.100.1 65 100 0 ? r>i50.5.5.0/24 10.1.100.1 66 100 0 ? r>i99.0.0.0 10.1.3.112 20 100 0 65535 i r>i100.1.1.0/24 10.1.100.1 65 100 0 ? r>i111.1.1.0/24 10.1.100.1 65 100 0 ?



To set the tag back: On BB2 BB2(config)#Route-map TST BB2(config-route-map)#set tag 3758096384 To verify the configuration: On BB1 BB1#Show ip bgp | B Network Network Next Hop Metric LocPrf Weight Path r>i1.1.1.0/24 10.1.100.1 65 100 0 ? r>i5.5.5.0/24 10.1.100.1 66 100 0 ? r>i10.1.1.0/24 10.1.1.3 0 100 0 ? r>i10.1.3.0/24 10.1.1.3 0 100 0 ? r>i10.1.15.0/24 10.1.100.1 65 100 0 ? *>i10.1.100.0/24 10.1.1.3 0 100 0 ? r>i10.1.200.0/24 10.1.3.112 2 100 0 ? r>i11.1.1.0/24 10.1.100.1 65 100 0 ? r>i50.5.5.0/24 10.1.100.1 66 100 0 ? r>i100.1.1.0/24 10.1.100.1 65 100 0 ? r>i111.1.1.0/24 10.1.100.1 65 100 0 ?

Task 4 Configure LSA type-3 filtering on R3 to filter Network 1.1.1.0 /24. You should reference Area 1 when accomplishing this task.

On R3

To see the network before the configuration: On R3 R3#Show ip ospf da summary | Inc 1.1.1.0 Link State ID: 1.1.1.0 (summary Network Number) Link State ID: 11.1.1.0 (summary Network Number) Link State ID: 111.1.1.0 (summary Network Number)

To configure the task:



On R3 R3(config)#IP Prefix-list NET seq 5 deny 1.1.1.0/24 R3(config)#IP Prefix-list NET seq 10 permit 0.0.0.0/0 LE 32

When configuring LSA type 3 filtering, you must use the “Area filter-list” command, the area that is referenced in this configuration determines the direction. R3 connects Area 1 to Area 0. The prefix is advertised OUT of area 1 and into Area 0, therefore, if area 1 is referenced, the direction MUST be OUT, whereas, if area 0 is referenced, the direction MUST be IN. Remember that in OSPF the “area” command can ONLY reference the area to which the router is directly connected to. R3(config)#Router ospf 1 R3(config-router)#Area 1 filter-list prefix NET OUT

To test the configuration: On R3 R3#Show ip ospf da summary | Inc 1.1.1.0 Link State ID: 11.1.1.0 (summary Network Number) Link State ID: 111.1.1.0 (summary Network Number) On BB2 BB2#Show ip route 1.1.1.0 % Network not in table

On R6 R6#Show ip route 1.1.1.0 % Network not in table

Task 5 Configure LSA type-3 filtering on R3 to filter Network 11.1.1.0 /24. You should reference Area 0 when accomplishing this task.



On R3 R3#Show ip ospf da summary | Inc 1.1.1.0 Link State ID: 11.1.1.0 (summary Network Number) Link State ID: 111.1.1.0 (summary Network Number)

To configure the task: On R3 R3(config)#IP Prefix-list NET11 seq 5 deny 11.1.1.0/24 R3(config)#IP Prefix-list NET11 seq 10 permit 0.0.0.0/0 LE 32

Note the direction and the area, since area 0 is referenced, the direction MUST be IN: R3(config)#router ospf 1 R3(config-router)#Area 0 filter-list prefix NET11 IN

To test and verify the configuration: On R3 R3#Sh ip ospf da summ | Inc 11.1.1.0 Link State ID: 111.1.1.0 (summary Network Number)

On BB2 BB2#Show ip route 11.1.1.0 % Network not in table


Task 6 Configure LSA type-3 filtering on BB2 to filter Network 5.5.5.0 /24. You should reference Area 2 when accomplishing this task.



On BB2 BB2#Show ip ospf da summa | Inc 5.5.5.0 Link State ID: 5.5.5.0 (summary Network Number) Link State ID: 5.5.5.0 (summary Network Number)

To configure the task: On BB2 BB2(config)#Ip Prefix-list NET5 seq 5 deny 5.5.5.0/24 BB2(config)#IP Prefix-list NET5 seq 10 permit 0.0.0.0/0 LE 32 BB2(config)#Router ospf 1 BB2(config-router)#Area 2 filter-list prefix NET5 IN

To test and verify the configuration: On BB2 BB2#Show ip ospf da summa | Inc 5.5.5.0 Link State ID: 5.5.5.0 (summary Network Number)



Task 7 Configure LSA type-3 filtering on BB2 to filter Network 50.5.5.0 /24. You should reference Area 0 when accomplishing this task.

On BB2



BB2#Show ip ospf da summa | Inc 50.5.5.0 Link State ID: 50.5.5.0 (summary Network Number) Link State ID: 50.5.5.0 (summary Network Number) To configure the task: On BB2 BB2(config)#IP Prefix-list NET50 seq 5 deny 50.5.5.0/24 BB2(config)#IP Prefix-list NET50 seq 10 permit 0.0.0.0/0 LE 32 BB2(config)#Router ospf 1 BB2(config-router)#Area 0 filter-list prefix NET50 OUT To test and verify the configuration: On R2 R2#Show ip route 50.5.5.0 % Network not in table On R6 R6#Show ip route 50.5.5.0 % Network not in table

Task 8 Configure BB2 such that Network 100.1.1.0 /24 is NOT advertised to the routers in area 2. DO NOT use the following to accomplish this task: Distribute-list in, Area Filter-list, Distance, an Access-list or a Prefix-list

When the router (R1) in area 1 advertises Network 100.1.1.0 /24, the ABR of area 1 floods the route into area 0, the behavior is a normal flooding behavior, but when the same network is advertised to Area 2, the behavior changes; the behavior is like a redistribution behavior, meaning that ONLY the ( O ) OSPF routes will be advertised to the routers in area 2. When the following static route is configured, from BB2’s perspective, network 100.1.1.0 /24 is no longer an OSPF ( O ) route, it’s a static ( S ) route, because the administrative distance of a static



route is lower than OSPF’s administrative distance, therefore, it will NOT be advertised to the routers in area 2.

On BB2 BB2(config)#IP Route 100.1.1.0 255.255.255.0 NULL 0

To test the configuration: On R2 R2#Show ip route 100.1.1.0 % Network not in table

On R4 R4#Show ip route 100.1.1.0 % Network not in table R4#Show ip ospf da summary | Inc 100.1.1.0 R4#

Task 9 Configure R3 such that network 111.1.1.0 /24 is NOT advertised to routers in area 0 or area 2. DO NOT use LSA Type-3 filtering to accomplish this task.

On R2 R2#Show ip rout ospf | Inc O O E2 99.0.0.0/8 [110/20] via 10.1.200.112, 03:32:20, FastEthernet0/0 O IA 111.1.1.0 [110/67] via 10.1.200.112, 05:31:37, FastEthernet0/0 O IA 10.1.15.0 [110/67] via 10.1.200.112, 05:01:27, FastEthernet0/0 O IA 10.1.3.0 [110/2] via 10.1.200.112, 06:23:54, FastEthernet0/0 O IA 10.1.1.0 [110/3] via 10.1.200.112, 05:35:01, FastEthernet0/0

On BB2 BB2#Show ip route ospf | Inc O



O IA 50.5.5.0 [110/67] via 10.1.3.3, 00:39:41, FastEthernet0/1 O IA 5.5.5.0 [110/67] via 10.1.3.3, 00:39:41, FastEthernet0/1 O IA 111.1.1.0 [110/66] via 10.1.3.3, 00:00:08, FastEthernet0/1 O IA 10.1.15.0 [110/66] via 10.1.3.3, 00:39:41, FastEthernet0/1 O 10.1.1.0 [110/2] via 10.1.3.3, 00:39:41, FastEthernet0/1

To configure the task: The “area range” command can be used as a summarization or filtering tool for intra-area routes; this command can be used as a filtering tool if the “NOT-Advertise” keyword is used. Remember that this command stops LSA type-3 generation: On R3 R3(config-router)#Area 1 range 111.1.1.0 255.255.255.0 Not-advertise

To test the configuration: On BB2 BB2#Show ip route ospf | Inc O O IA 50.5.5.0 [110/67] via 10.1.3.3, 00:41:12, FastEthernet0/1 O IA 5.5.5.0 [110/67] via 10.1.3.3, 00:41:12, FastEthernet0/1 O IA 10.1.15.0 [110/66] via 10.1.3.3, 00:41:12, FastEthernet0/1 O 10.1.1.0 [110/2] via 10.1.3.3, 00:41:12, FastEthernet0/1

On R2 R2#Show ip rout ospf | Inc O O E2 99.0.0.0/8 [110/20] via 10.1.200.112, 03:37:22, FastEthernet0/0 O IA 10.1.15.0 [110/67] via 10.1.200.112, 05:06:29, FastEthernet0/0 O IA 10.1.3.0 [110/2] via 10.1.200.112, 06:28:56, FastEthernet0/0 O IA 10.1.1.0 [110/3] via 10.1.200.112, 05:40:03, FastEthernet0/0

Task 10 Enable the F0/1 interface of R2, R4 and R6 and configure this interface in OSPF area 2.

On R2 R2(config)#Router ospf 1 R2(config-router)#Netw 200.1.1.2 0.0.0.0 area 2



On R4 R4(config)#Router ospf 1 R4(config-router)#Netw 200.1.1.4 0.0.0.0 area 2

On R6 R6(config-if)#router ospf 1 R6(config-router)#Netw 200.1.1.6 0.0.0.0 area 2

On R2, R4 and R6 Rx(config)#int f0/1 Rx(config-if)#NO Shut

To verify the configuration: On BB2 BB2#Show ip route ospf 50.0.0.0/24 is subnetted, 1 subnets O IA 50.5.5.0 [110/67] via 10.1.3.3, 00:01:36, FastEthernet0/1 5.0.0.0/24 is subnetted, 1 subnets O IA 5.5.5.0 [110/67] via 10.1.3.3, 00:01:36, FastEthernet0/1 O 200.1.1.0/24 [110/2] via 10.1.200.6, 00:01:36, FastEthernet0/0 [110/2] via 10.1.200.4, 00:01:36, FastEthernet0/0 [110/2] via 10.1.200.2, 00:01:36, FastEthernet0/0 10.0.0.0/24 is subnetted, 4 subnets O IA 10.1.15.0 [110/66] via 10.1.3.3, 00:01:36, FastEthernet0/1 O 10.1.1.0 [110/2] via 10.1.3.3, 01:12:57, FastEthernet0/1

Task 11 Configure R2, R4 and R6 based on the following policy:

• R2 should redistribute Network 120.2.2.0 /24 and 122.2.2.0 /24 as External type 1s • R2 should redistribute its Lo0 and Lo1 into Area 2 • R4 should redistribute Network 140.4.4.0 /24 and 144.4.4.0 /24 as External type 1s • R4 should redistribute its Lo0 and Lo1 into Area 2 • R6 should redistribute Network 160.6.6.0 /24 and 166.6.6.0 /24 as External type 1s • R6 should redistribute its Lo0 and Lo1 into area 2



On R2 R2(config)#Access-list 1 permit 120.2.2.0 0.0.0.255 R2(config)#Access-list 1 permit 122.2.2.0 0.0.0.255 R2(config)#Route-map TST permit 10 R2(config-route-map)#Match interface Lo0 Lo1 R2(config)#Route-map TST permit 20 R2(config-route-map)#match ip addr 1 R2(config-route-map)#Set Metric-type type-1 R2(config)#Router ospf 1 R2(config-router)#redistribute connected route-map TST subnets

To verify the configuration: On BB2 BB2#Show ip route ospf | Inc E1 O E2 2.2.2.0 [110/21] via 10.1.200.2, 00:01:59, FastEthernet0/0 O E2 20.2.2.0 [110/21] via 10.1.200.2, 00:01:59, FastEthernet0/0 BB2#Show ip route ospf | Inc E2 O E1 122.2.2.0 [110/20] via 10.1.200.2, 00:02:02, FastEthernet0/0 O E1 120.2.2.0 [110/20] via 10.1.200.2, 00:02:02, FastEthernet0/0

On R4 R4(config)#Access-list 1 permit 140.4.4.0 0.0.0.255 R4(config)#Access-list 1 permit 144.4.4.0 0.0.0.255 R4(config)#Route-map TST permit 10 R4(config-route-map)#Match interface Lo0 Lo1 R4(config-route-map)#Route-map TST permit 20 R4(config-route-map)#Match ip addr 1 R4(config-route-map)#Set metric-type Type-1 R4(config)#Router ospf 1 R4(config-router)#Redistribute connected route-map TST subnets

To verify the configuration: On BB2



BB2#Show ip route ospf | Inc E2 O E2 2.2.2.0 [110/21] via 10.1.200.2, 00:00:49, FastEthernet0/0 O E2 4.4.4.0 [110/21] via 10.1.200.4, 00:00:49, FastEthernet0/0 O E2 20.2.2.0 [110/21] via 10.1.200.2, 00:00:49, FastEthernet0/0 O E2 40.4.4.0 [110/21] via 10.1.200.4, 00:00:49, FastEthernet0/0 BB2#Show ip route ospf | Inc E1 O E1 140.4.4.0 [110/20] via 10.1.200.4, 00:00:51, FastEthernet0/0 O E1 144.4.4.0 [110/20] via 10.1.200.4, 00:00:51, FastEthernet0/0 O E1 122.2.2.0 [110/20] via 10.1.200.2, 00:00:51, FastEthernet0/0 O E1 120.2.2.0 [110/20] via 10.1.200.2, 00:00:51, FastEthernet0/0

On R6 R6(config)#Access-list 1 permit 160.6.6.0 0.0.0.255 R6(config)#Access-list 1 permit 166.6.6.0 0.0.0.255 R6(config)#Route-map TST permit 10 R6(config-route-map)#Match interface Lo0 Lo1 R6(config-route-map)#Route-map TST permit 20 R6(config-route-map)#Match ip addr 1 R6(config-route-map)#Set metric-type Type-1 R6(config)#Router ospf 1 R6(config-router)#redistribute connected route-map TST subnets

To verify the configuration: On BB2 BB2#Show ip route ospf | Inc E1 O E1 140.4.4.0 [110/20] via 10.1.200.4, 00:00:44, FastEthernet0/0 O E1 144.4.4.0 [110/20] via 10.1.200.4, 00:00:44, FastEthernet0/0 O E1 160.6.6.0 [110/20] via 10.1.200.6, 00:00:44, FastEthernet0/0 O E1 166.6.6.0 [110/20] via 10.1.200.6, 00:00:44, FastEthernet0/0 O E1 122.2.2.0 [110/20] via 10.1.200.2, 00:00:44, FastEthernet0/0 O E1 120.2.2.0 [110/20] via 10.1.200.2, 00:00:44, FastEthernet0/0 BB2#Show ip route ospf | Inc E2 O E2 2.2.2.0 [110/21] via 10.1.200.2, 00:00:47, FastEthernet0/0 O E2 4.4.4.0 [110/21] via 10.1.200.4, 00:00:47, FastEthernet0/0



O E2 20.2.2.0 [110/21] via 10.1.200.2, 00:00:47, FastEthernet0/0 O E2 6.6.6.0 [110/21] via 10.1.200.6, 00:00:47, FastEthernet0/0 O E2 40.4.4.0 [110/21] via 10.1.200.4, 00:00:47, FastEthernet0/0 O E2 60.6.6.0 [110/21] via 10.1.200.6, 00:00:47, FastEthernet0/0

Task 12 Configure the appropriate router such that the routers in area 2 see networks 2.2.2.0 /24, 4.4.4.0 /24 and 6.6.6.0 /24 in their routing table; but the routers in other areas should NOT have these networks in their routing table.

There are two types of external routes: external routes in a NSSA area and external routes in a normal area, meaning “N” or “E” routes. To filter external routes, they have to be done on the router that ORIGINATED the route/s. In an NSSA area, the ONLY router that can originate external routes is the ASBR; therefore, to filter external routes in an NSSA, the ASBR is the ONLY router that can perform the filtering. When it comes to “E” routes, the rules do not change, therefore, the filtering has to be done on the router that ORIGINATED the “E” route/s. If the routers in area 2 must have all the external routes, but the routers in the other areas should NOT have one or more of those external routes, the filtering must be done on the ASBR. But if the filtering is performed on the ASBR, then, none of the routers in the OSPF routing domain will have those routes; So how are we going to accomplish this task? In this case, if area 2 is changed into an NSSA area, the ABR of area 2 (BB2) is the router that originates LSA type 5s or “E” routes; BB2 receives the “N” route/s and it originates an “E” route for every “N” route it receives; therefore, the filtering can be performed on the ABR: On BB2 BB2(config)#Router ospf 1 BB2(config-router)#Area 2 NSSA default-information-originate On R2, R4 and R6 Rx(config)#Router ospf 1 Rx(config-router)#Area 2 NSSA On BB2 BB2(config)#Router ospf 1



BB2(config-router)#Summary-address 2.2.2.0 255.255.255.0 Not-advertise BB2(config-router)#Summary-address 4.4.4.0 255.255.255.0 Not-advertise BB2(config-router)#Summary-address 6.6.6.0 255.255.255.0 Not-advertise To test the configuration: On R3 R3#Show ip route ospf | Inc E2 O E2 20.2.2.0 [110/23] via 10.1.3.112, 00:03:12, FastEthernet0/1 O E2 40.4.4.0 [110/23] via 10.1.3.112, 00:02:46, FastEthernet0/1 O E2 60.6.6.0 [110/23] via 10.1.3.112, 00:02:46, FastEthernet0/1 On R1 R1#Show ip route ospf | Inc E1 O E1 20.2.2.0 [110/87] via 10.1.100.3, 00:03:39, Serial0/1 O E1 40.4.4.0 [110/87] via 10.1.100.3, 00:03:13, Serial0/1 O E1 60.6.6.0 [110/87] via 10.1.100.3, 00:03:13, Serial0/1

Task 13 Configure BB2 to filter networks 120.2.2.0 /24, 140.4.4.0 /24 and 160.6.6.0 /24 advertised by R6.

On BB2 BB2(config)#IP Prefix-list Task13 seq 5 permit 120.2.2.0/24 BB2(config)#IP Prefix-list Task13 seq 10 permit 140.4.4.0/24 BB2(config)#IP Prefix-list Task13 seq 15 permit 160.6.6.0/24 BB2(config)#Access-list 13 permit 10.1.200.6 BB2(config)#Route-map Task13 deny 10 BB2(config-route-map)#Match ip next-hop 13 BB2(config-route-map)#Match ip addr prefix Task13 BB2(config)#Route-map Task13 permit 90 BB2(config)#Router ospf 1



BB2(config-router)#distribute-list route-map Task13 in To verify the configuration: On BB2 BB2#Show ip route 120.2.2.0 Routing entry for 120.2.2.0/24 Known via "ospf 1", distance 110, metric 20, type NSSA extern 2, forward metric 2 Last update from 10.1.200.2 on FastEthernet0/0, 00:01:03 ago Routing Descriptor Blocks: * 10.1.200.4, from 2.2.2.2, 00:01:03 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 10.1.200.2, from 2.2.2.2, 00:01:03 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 BB2#Show ip route 140.4.4.0 Routing entry for 140.4.4.0/24 Known via "ospf 1", distance 110, metric 20, type NSSA extern 2, forward metric 2 Last update from 10.1.200.2 on FastEthernet0/0, 00:01:11 ago Routing Descriptor Blocks: * 10.1.200.4, from 4.4.4.4, 00:01:11 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 10.1.200.2, from 4.4.4.4, 00:01:11 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 BB2#Show ip route 160.6.6.0 Routing entry for 160.6.6.0/24 Known via "ospf 1", distance 110, metric 20, type NSSA extern 2, forward metric 2 Last update from 10.1.200.2 on FastEthernet0/0, 00:01:17 ago Routing Descriptor Blocks: * 10.1.200.4, from 6.6.6.6, 00:01:17 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 10.1.200.2, from 6.6.6.6, 00:01:17 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1

Task 14



Configure R2 to filter network 122.2.2.0 /24. The other routers should NOT have this route in their routing table or database.

The “Distribute-list OUT” in OSPF can be used to filter external routes (Es or Ns), but it can ONLY be configured on the ASBR. On R2 R2(config)#IP Prefix-list Task14 seq 5 deny 122.2.2.0/24 R2(config)#IP Prefix-list Task14 seq 10 permit 0.0.0.0/0 LE 32 R2(config)#Router ospf 1 R2(config-router)#Distribute-list prefix Task14 OUT

To test the configuration: On BB2 BB2#Show ip route ospf | Inc N1 O N2 140.4.4.0 [110/20] via 10.1.200.4, 00:07:21, FastEthernet0/0 O N2 144.4.4.0 [110/20] via 10.1.200.6, 00:07:21, FastEthernet0/0 O N2 160.6.6.0 [110/20] via 10.1.200.4, 00:07:21, FastEthernet0/0 O N2 166.6.6.0 [110/20] via 10.1.200.6, 00:07:21, FastEthernet0/0 O N2 120.2.2.0 [110/20] via 10.1.200.4, 00:07:21, FastEthernet0/0

On R1 R1#Show ip route ospf | Inc E1 O E2 140.4.4.0 [110/20] via 10.1.100.3, 00:07:55, Serial0/1 O E2 144.4.4.0 [110/20] via 10.1.100.3, 00:07:55, Serial0/1 O E2 160.6.6.0 [110/20] via 10.1.100.3, 00:07:55, Serial0/1 O E2 166.6.6.0 [110/20] via 10.1.100.3, 00:07:55, Serial0/1 O E2 120.2.2.0 [110/20] via 10.1.100.3, 00:07:55, Serial0/1

Task 15 Configure R2 to filter existing and future Inter-area and/or Intra-area routes. Use minimum number of commands possible to accomplish this task.



Note the following show command reveals the existing inter-area routes: On R2 R2#Show ip route ospf | Inc O O N1 4.4.4.0 [110/21] via 200.1.1.4, 00:00:08, FastEthernet0/1 O N2 140.4.4.0 [110/20] via 200.1.1.4, 00:00:08, FastEthernet0/1 O N2 99.0.0.0/8 [110/20] via 10.1.200.112, 00:00:08, FastEthernet0/0 O N1 6.6.6.0 [110/21] via 200.1.1.6, 00:00:08, FastEthernet0/1 O N2 144.4.4.0 [110/20] via 200.1.1.4, 00:00:08, FastEthernet0/1 O N2 160.6.6.0 [110/20] via 200.1.1.6, 00:00:08, FastEthernet0/1 O N1 40.4.4.0 [110/21] via 200.1.1.4, 00:00:08, FastEthernet0/1 O IA 10.1.15.0 [110/67] via 10.1.200.112, 00:00:08, FastEthernet0/0 O IA 10.1.3.0 [110/2] via 10.1.200.112, 00:00:08, FastEthernet0/0 O IA 10.1.1.0 [110/3] via 10.1.200.112, 00:00:08, FastEthernet0/0 O N2 166.6.6.0 [110/20] via 200.1.1.6, 00:00:08, FastEthernet0/1 O N1 60.6.6.0 [110/21] via 200.1.1.6, 00:00:08, FastEthernet0/1 O*N2 0.0.0.0/0 [110/1] via 10.1.200.112, 00:00:08, FastEthernet0/0 On R2 R2(config)#Route-map Task15 permit 10 R2(config-route-map)#Match route-type nssa-external type-1 nssa-external type-2 R2(config)#Router ospf 1 R2(config-router)#distribute-list route-map Task15 in To test the configuration: On R2 R2#Show ip route ospf | Inc O O N1 4.4.4.0 [110/21] via 200.1.1.4, 00:01:18, FastEthernet0/1 O N2 140.4.4.0 [110/20] via 200.1.1.4, 00:01:18, FastEthernet0/1 O N2 99.0.0.0/8 [110/20] via 10.1.200.112, 00:01:18, FastEthernet0/0 O N1 6.6.6.0 [110/21] via 200.1.1.6, 00:01:18, FastEthernet0/1 O N2 144.4.4.0 [110/20] via 200.1.1.4, 00:01:18, FastEthernet0/1 O N2 160.6.6.0 [110/20] via 200.1.1.6, 00:01:18, FastEthernet0/1 O N1 40.4.4.0 [110/21] via 200.1.1.4, 00:01:18, FastEthernet0/1 O N2 166.6.6.0 [110/20] via 200.1.1.6, 00:01:18, FastEthernet0/1 O N1 60.6.6.0 [110/21] via 200.1.1.6, 00:01:18, FastEthernet0/1 O*N2 0.0.0.0/0 [110/1] via 10.1.200.112, 00:01:18, FastEthernet0/0

Task 16



Configure R4 to filter existing and future routes that have an OSPF cost of 20.

On R4 R4(config)#Route-map Task16 deny 10 R4(config-route-map)#match metric 20 R4(config)#Route-map Task16 permit 90 R4(config)#Router ospf 1 R4(config-router)#Distribute-list route-map Task16 in To verify the configuration: On R4 R4#Show ip route ospf | Inc O O N1 2.2.2.0 [110/21] via 200.1.1.2, 00:02:29, FastEthernet0/1 O N1 20.2.2.0 [110/21] via 200.1.1.2, 00:02:29, FastEthernet0/1 O N1 6.6.6.0 [110/21] via 200.1.1.6, 00:02:29, FastEthernet0/1 O IA 10.1.15.0 [110/67] via 10.1.200.112, 00:02:29, FastEthernet0/0 O IA 10.1.3.0 [110/2] via 10.1.200.112, 00:02:29, FastEthernet0/0 O IA 10.1.1.0 [110/3] via 10.1.200.112, 00:02:29, FastEthernet0/0 O N1 60.6.6.0 [110/21] via 200.1.1.6, 00:02:29, FastEthernet0/1 O*N2 0.0.0.0/0 [110/1] via 10.1.200.112, 00:02:29, FastEthernet0/0

Task 17 Configure R6 to filter the default route injected by the ABR in Task 12 by BB2.

To see the default route injected by BB2 in Task 12: On R6 R6#Show ip route ospf | Inc 0.0.0.0/0 O*N2 0.0.0.0/0 [110/1] via 10.1.200.112, 00:00:20, FastEthernet0/0



On R6 Note the first line of the following prefix-list, denies the default route and the second line permits all other routes: R6(config)#IP Prefix-list NET seq 5 deny 0.0.0.0/0 R6(config)#IP Prefix-list NET seq 10 permit 0.0.0.0/0 LE 32 R6(config)#Router ospf 1 R6(config-router)#distribute-list prefix NET in To verify the configuration: On R6 R6#Show ip route ospf | Inc 0.0.0.0/0 R6#

Task 18 Configure R5 to filter network 1.1.1.0 /24. DO NOT use distribute-list to accomplish this task.

On R5 R5#Show ip route 1.1.1.0 Routing entry for 1.1.1.0/24 Known via "ospf 1", distance 110, metric 2, type intra area Last update from 10.1.15.1 on FastEthernet0/0, 00:00:17 ago Routing Descriptor Blocks: * 10.1.15.1, from 1.1.1.1, 00:00:17 ago, via FastEthernet0/0 Route metric is 2, traffic share count is 1 To configure the task: On R5 R5(config-router)#access-list 18 permit 1.1.1.0 0.0.0.255 R5(config)#Router ospf 1



R5(config-router)#distance 255 0.0.0.0 255.255.255.255 18 To verify the configuration: On R5 R5#Show ip route 1.1.1.0 % Network not in table

Task 19 Configure R1 to filter existing and future external routes. DO NOT configure an access-list or a prefix-list to accomplish this task.

Note the following reveals the existing external routes on R1: On R1 R1#Show ip route ospf | Inc O O 50.5.5.0 [110/2] via 10.1.15.5, 00:10:29, FastEthernet0/0 O E2 140.4.4.0 [110/20] via 10.1.100.3, 00:42:48, Serial0/1 O E1 20.2.2.0 [110/87] via 10.1.100.3, 00:42:48, Serial0/1 O 5.5.5.0 [110/2] via 10.1.15.5, 00:10:29, FastEthernet0/0 O IA 200.1.1.0/24 [110/67] via 10.1.100.3, 00:42:53, Serial0/1 O E2 144.4.4.0 [110/20] via 10.1.100.3, 00:42:48, Serial0/1 O E2 160.6.6.0 [110/20] via 10.1.100.3, 00:42:48, Serial0/1 O E1 40.4.4.0 [110/87] via 10.1.100.3, 00:42:48, Serial0/1 O IA 10.1.3.0 [110/65] via 10.1.100.3, 22:24:08, Serial0/1 O IA 10.1.1.0 [110/65] via 10.1.100.3, 22:24:08, Serial0/1 O IA 10.1.200.0 [110/66] via 10.1.100.3, 00:42:53, Serial0/1 O E2 166.6.6.0 [110/20] via 10.1.100.3, 00:42:48, Serial0/1 O E2 120.2.2.0 [110/20] via 10.1.100.3, 00:42:48, Serial0/1 O E1 60.6.6.0 [110/87] via 10.1.100.3, 00:42:48, Serial0/1 To configure the task: On R1 R1(config)#Router ospf 1



R1(config-router)#Distance OSPF external 255 To verify the configuration: On R1 R1#Show ip route ospf | Inc O O 50.5.5.0 [110/2] via 10.1.15.5, 00:00:34, FastEthernet0/0 O 5.5.5.0 [110/2] via 10.1.15.5, 00:00:34, FastEthernet0/0 O IA 200.1.1.0/24 [110/67] via 10.1.100.3, 00:00:34, Serial0/1 O IA 10.1.3.0 [110/65] via 10.1.100.3, 00:00:34, Serial0/1 O IA 10.1.1.0 [110/65] via 10.1.100.3, 00:00:34, Serial0/1 O IA 10.1.200.0 [110/66] via 10.1.100.3, 00:00:34, Serial0/1

Task 20 Configure BB1 to filter existing and future Intra-area routes. DO NOT configure an access-list or a prefix-list to accomplish this task.

On BB1 BB1#Show ip route ospf | Inc O O IA 50.5.5.0 [110/67] via 10.1.1.3, 00:14:31, FastEthernet0/0 O IA 100.1.1.0 [110/66] via 10.1.1.3, 00:46:54, FastEthernet0/0 O E2 140.4.4.0 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E2 99.0.0.0/8 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E1 20.2.2.0 [110/24] via 10.1.1.3, 00:14:26, FastEthernet0/0 O IA 5.5.5.0 [110/67] via 10.1.1.3, 00:14:31, FastEthernet0/0 O IA 200.1.1.0/24 [110/4] via 10.1.1.3, 00:46:54, FastEthernet0/0 O E2 144.4.4.0 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E2 160.6.6.0 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E1 40.4.4.0 [110/24] via 10.1.1.3, 00:14:26, FastEthernet0/0 O IA 10.1.15.0 [110/66] via 10.1.1.3, 00:46:54, FastEthernet0/0 O 10.1.3.0 [110/2] via 10.1.1.3, 00:46:54, FastEthernet0/0 O IA 10.1.200.0 [110/3] via 10.1.1.3, 00:46:54, FastEthernet0/0 O E2 166.6.6.0 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E2 120.2.2.0 [110/20] via 10.1.1.3, 00:14:26, FastEthernet0/0 O E1 60.6.6.0 [110/24] via 10.1.1.3, 00:14:27, FastEthernet0/0 To configure the task:



On BB1 BB1(config)#Router ospf 1 BB1(config-router)#Distance OSPF intra-area 255 To verify the configuration: On BB1 BB1#Show ip route ospf | Inc O O IA 50.5.5.0 [110/67] via 10.1.1.3, 00:00:28, FastEthernet0/0 O IA 100.1.1.0 [110/66] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 140.4.4.0 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 99.0.0.0/8 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E1 20.2.2.0 [110/24] via 10.1.1.3, 00:00:28, FastEthernet0/0 O IA 5.5.5.0 [110/67] via 10.1.1.3, 00:00:28, FastEthernet0/0 O IA 200.1.1.0/24 [110/4] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 144.4.4.0 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 160.6.6.0 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E1 40.4.4.0 [110/24] via 10.1.1.3, 00:00:28, FastEthernet0/0 O IA 10.1.15.0 [110/66] via 10.1.1.3, 00:00:28, FastEthernet0/0 O IA 10.1.200.0 [110/3] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 166.6.6.0 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E2 120.2.2.0 [110/20] via 10.1.1.3, 00:00:28, FastEthernet0/0 O E1 60.6.6.0 [110/24] via 10.1.1.3, 00:00:28, FastEthernet0/0

Task 21 Configure R5 to filter existing and future Inter-area routes. DO NOT configure an access-list or a prefix-list to accomplish this task.

On R5 R5#Show ip route ospf | Inc O IA O IA 200.1.1.0/24 [110/68] via 10.1.15.1, 00:10:59, FastEthernet0/0 O IA 10.1.3.0 [110/66] via 10.1.15.1, 00:10:59, FastEthernet0/0 O IA 10.1.1.0 [110/66] via 10.1.15.1, 00:10:59, FastEthernet0/0 O IA 10.1.200.0 [110/67] via 10.1.15.1, 00:10:59, FastEthernet0/0



To configure the task: On R5 R5(config)#Router ospf 1 R5(config-router)#Distance OSPF inter-area 255 To test the configuration: On R5 R5#Show ip route ospf | Inc O IA R5#

Task 22 Erase the startup configuration of the routers, config.text and the VLAN.dat of the switches and reload them before proceeding to the next lab.

Date post:	28-Oct-2015
Category:	Documents
Upload:	cisco-seeker
View:	142 times
Download:	9 times

Narbik OSPF Filtering

Documents