Mand and Configuration Handbook Ccie Professional Development

— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| a Per >] : [Fable of Content : Looe CCisco® OSPF Command and Configuration Handbook (CCIE Professional Development) By Wiliam R. Parkhurst Ph.D, Publisher: Cisco Press Pub Date: Api 19, 2002 ISBN: 1-58705-071-4 Pages: 528 Slots:2 'As one ofthe most predominantly deployed Interior Gateway Protocols, Open Shortest Path Fits (OSPF) demands a wealth of knowledge on the part of internetworking professionals working witht on a daly basis. Unfortunately, publicly available documentation on the OSPF ‘command set vaties from being to thin on coverage to being oo demanding on the required equipment needed to test what the documentation covers. (80 OSPF Command and Configuration Handbooks a clear, concise, and complete source of dacumentaton fo ll Cis !OS() Software ‘OSPF commands. The way you use this book will depend on your objectives. I you are preparing forthe CCIE written and lab exams, then this book can be used as a laboratory guide to lear the purpose and proper use of every OSPF command, It you afe a network designer, then this book canbe used as a ready reerence for any OSPF command. (0800 OSPF Command and Configuration Handbook provides example scenarios that demonstrate the proper use of every OSPF command that can be implemented on a minimum numberof routers. This wil enable you to lear each command without requting an extensive and ‘expensive lab configuration. The scenarios clearly present the purpose and use of each command. Some of the examples lead you into ‘common non-working situations in order to reinforce the understanding ofthe operation of the particular OSPF command, “This book's part of the Cisco CCIE Protessional Development Series, which ofers expertevel instruction on network design, deployment, ‘and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams. a Per >]hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Study >] : able of Content CCisco® OSPF Command and Configuration Handbook (CCIE Professional Development) By Wiliam R. Parkhurst Ph.D. Publisher: Cisco Press Pub Date: Api 19, 2002 ISBN: 1-58705-071-4 ages: 528 Slots:2 pyri out the Author [About the Teahnical Reviewer ection 2-3. arealrea-id default cosifa Becton 24, areahwea-idnssd] Becton 2.5. arealarea-id.nssa defautnformation-origina ssa no-summan] ection 2-8. arealreai Becton 2-2, areabrea-idrange Becton 210. areafvea-dranae fot adverts Becton 2-1, areafirea.d su ection 2-12. areafprea id stub no-summar[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 2-13. areal ransi-area id viva ink outer. ection 2-14, predfransit-rea-dpitua.sinicuteriduthentication authentication ke basen ection 215. pred|ranst-rea-dyitualindjcutorijouthentcation message-diges ection 216, hred|ranst-rea-id\ituatsinjouteriduthentication nul ection 2-17, area) ransit-area-id vitua-ink|outerd authentication key basswo [conc] Becton 219, area) rans area vital outer neto-intervalbeconct] eri arid retransmit interval beconds ection 2-21, areal ransi-areaid vivant ection 2.22, arealranst-reaidvitua nkfouterid vansmit delay econ hapier 3, Auto Cost ection 3-1. auto-ostreference-bandwidh pandwt roubleshootin hapier 4, Default Route Generator Becton 4 = default information o ection 4-2, defauitnformation originate ala ection 4-3, defaut information originate metic ection 4-4. default information originate alvays metros] Gestion 45. default infomation oiginate metic-ype)yod Becton 46. default information oiginate alvays mevio-ypdped ection 4-7, defauitinformation oginateroute-mag] Bhapter 5. setting he Detaul Metric fr Redistrouted Protocols ection 5-1, defaut mevichos hapler 6_ Adminisvative Distanc ection 6-1. distance ciministratve-dstanc ection 6-2. distance ministatve-dstance source p-address source ip-mas ection 6-3. distance cministatve-cstance source ip-adcress source ip-mask acess ist-numbe] ection 6-4. distance asp externalfpsministrative-dlstan irative- dstancs ection 6-6. distance oso inta-areapminisvativecistancs hapier 7. Filtering Routes with Distrbute Lists ection 7-1. dsributestlaccess-st-rumbe i ection 7-2, disribut-tst|aocess-ist-numbe|infotertace-ipe itertace-numbel ectn 7-3. datributetsaccess et rumbel Becion 72. dstibue-itlacess-tstnumbel ot rverane ype nterace.numbe] outing Becton 7-6. citibute-istlacess.tstnamdid ection 77. dtributetslaccess st namd nfiertace type interace numba ection 7-8. dsribut-ts cess list nam Becton 7-11, distibuteist pretrefictstnamdi] ection 7-12. aistioue Ist prefipreticst-namd nfieiace type interace numba ection 7-13_cistioue st prefveiist-namdou ection 7-14, distibue ist pret rei st namd out niece ype ivertace numba[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 7-15, distibute-it pret pretiist-namd outfoutng proces: hapter 8. Handling of MOSPF LS/ ection 6-1. ignove ga m ection @2. log alacenoy changes deal section 10-1, maxinum-gaths umber path apie 11, OSPF neighbor Commane] ection 11-3. neighvorfo-adcresd database-fter allo ection 11-4. neighboro-addresd pol intervallnterva ection 11-5, neighborly-addresd priority rir hapler 12_ OSPF network Commanc ection 12-1, networkfp-address wittcard-masi|arealrea-i hapter 13. Passive OSPF interlace ection 13-1 passive interface nterface-nameinferiace-numbe ection 132. passive-intetace defau hapler 14. Route Redistrbut ection 14-1, redistribute outing process process. ection 14.2, redstibutefouing procesdrocess-d meticlospt mer ection 143. redistibutefouting process process. mettic-ype|netrc ection 144, redistibutefouing process process. subnet ection 145, redstibutefoutng procesdprocess-idtaghag valu ection 14-6. redistribute outing process process i route map) oute-map-name hapler 15. Controling the OSPF Router ection 15-1, routeridfi-acoress hapier 16_ Summarizing Exiemal Routes ection 16-1_summary-address)o-adress mash ection 16:2. summary address aderess maslfot adver ection 163. summary adcressfp-aderess masfza)valu Becton 17-1. timers ls group pacing ection 17.2, timers spibelay inter hapier 18. Trac Sharing ection 18-1, traf share min across-intrtaces hap 19. Intetace Configuration Comman Becton 19-1. ip ospauthenticati Becton 19-2 ip ospt authentication authentication keyasswor Becton 19-3. ip ospl authentication message-ciges ection 19.5, ip ost costfasl ection 19-7. ip ospt dead: intervalhs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks ection 16-11, poset messane-dgest kelley mas pass ection 19-12. ip oso! miu-ignor ection 19-16. ip oso! network point-t-mulinoint non-broadcas ection 19-17. ip oso! network point to-poin] ection 19-20. ip oso! transmit-delayfeconad Bhapier 20. show Commands ection 20-1, show ip oso ection 20-2. show ip ospiprocess.i ection 20:3. show ip osp border-routers Becton 20-10 show ip ospifrocess i] database asbr suman ection 20-11. show ip ospf database ashe summanyastif ection 20-12. show ip ospi process database asbr-summar str, Bection 20-13. show ip ospt database database-summan] Becton 20-16. show ip ospifrocess i] database database-summan Bection 20-15. show ip ospt database exter ection 20-16. show ip ospfProcess-id database external ection 20-17, show ipospt database Becton 20-18 show ip ospifrocess i] database networ Provess.fastanase nssaexterna ection 20-21. show ip ospt database route ection 20-22. show ip ospiProcessi ection 20-31. show ip osptinterfacs[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 20.32. show ip ospirocessi ection 20-38. show ip osp intertace] interac rterace|int name int-eumbel ection 20-35. show ip ospiProcess:i ection 20-37. show ip osptneightey Gestion 20-38. show ip ospifrocess.id Becton 20-9. show ip ospneightor detalfeignborid feichoorint name int eumbel ection 20-59. show ip osp! summary-addes: ‘name int-numbe] ection 20-60. show ip ospfProcess- summary adres: ection 20-61. show ip ospf vituabink ection 20-62. show ip ospiproess-id virtual in hapier 21. debug Command: ection 21-1, debug ip oxpt ad ection 21-2. debug ip ospl event ection 21-3. debug ip asp oo ection 21-4, debug ip osp! ood acess numbel ection 21-5. debug ip osp sa-generatio ection 21-6, debug ip osp sa-generatiolp- access ist numbel ection 21-7. debug ip ospt packe] ection 21-8. debug ip oso! retransmission ction 21-9, debug ip ospts ection 21-10. debug ip ospt spt external ction 21-11. debug ip ospt spt externalooess ist. numbe] jection 21-12_ debug ospt spt intl ection 21-13. debug ip ospt sot intel bocess-is-numbehs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks jection 21-14. debug ip ospt splint ection 21-15. debug ip ospt sot inti pocess-ist numb clear ip ospt counterd Bestion 22-1 ounters ection 2-7, clearip oso! redistribut ection 22-8, clearip ospfbrocess-idrecistbtor focal = Free Open Sty]This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks a Per >] Copyright Copyright® 2002 Cisco Systems, Inc Published by: is00 Press 201 West 1031d Street Indianapolis, IN 46290 USA ‘Allrights reserved. No pat ofthis book may be reproduced or transmited in any form or by any means, electronic or mechanical, including ‘photocopying, recorcing, or by any information storage and retrieval system, without writen permission from the publisher, except forthe inclusion of brief quotations in a review. Printed inthe United States of America 1234567890 Fist Printing Apri 2002 Library of Congress Cataloging Warning and Disclaimer “This book is designed to provide information about Cisco 10S Sofware OSPF commands. Every etforthas been made ta make this book as complete and as accurate as possible, but no warranty or ness simple. “The informations provided on an “as is" basis. The authors, Cisco Press, and Cisco Systems, nc, shall have neither Hablty nor responsibilty to any person or entity wih respect to any loss or damages arising ftom the infomation contained in his book or fom the use of the discs o programs that may accompany it “The opinions expressed inthis book belong tothe author and are not necessarly those of Cisco Systems, nc Trademark Acknowledgments ‘All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized, Cisca Press or Cisco Systems, Inc. cannot atest othe accuracy o this information. Use of aterm in this book should not be regarded as affecting the val of any trademark or service mark. Feedback Information 'A\Cisco Press, our glist create in-depth tecrical books othe highest quality and value. Each book is crafted wth care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers! feedback isa natural continuation ofthis process. I you have any comments regarding how we could improve the quality of thisThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘book, or otherwise alter to better sult your needs, you can contact us thraugh e-mail at [zedback@ciscopress.cor] Please make sure to include the book title and ISBN in your message. ‘We greatly appreciate your assistance, Credits Publisher John Wait Editor-in-Chiet Jahn Kane Cisco Systems Program Manager Michael Hackert Managing Editor Patrick Kanouse Development Editor (Christopher Cleveland Project Editor Mare Fowler Copy Eilitor Doug Lioys Technical Editors Mike Bass Brian Morgan Bil Wagner Robert White Team Coordinator Tammi Ross Book Designer Gina Resrode ‘Cover DesignerThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Louisa Klueznik Production Team Argosy Indexer Tim Weight ‘corporate Headquarters isco Systems, no 170 West Tasman Drive San Jose, CA 95194-1708 Usa iw. ci69,c9n] Tel 408 526-4000 £800 S59-NETS (6387) Fax: 408 526-4100 European Headquarters ‘isco Systems Europe 11 Rue Camille Desmouins 92782 Isy les Moulineaux Cedex 9 France Tol: 38 1 58 04 6000 Fax: 38 1 58.04 61 00 ‘Americas Headquarters isco Systems, no 170 West Tasman Drive San Jose, CA 95194-1708 usa .ci869,cn] Tel: 408 526-7660 Fax: 408 527-0888 ‘Asia Pacific Headquarters— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| (Cisco Systems Australia, Pty, Lid Level 17,99 Walker Street North Sydney NSW 2059 Australia iw. ci69,c9n] Tol: +61 28448 7100 Fax: +61 2.9957 4350 Cisco Systems has mor 2 inthe following countries. Addresses, phone numbers, and fax numbers ae listed on the Cisco Web site at .cisc.comiaooticed ‘Argentina + Australia + Ausra + Belgium Brazil + Bulgaria» Canada « Chile «China + Colombia « Costa Rca» Croatia» Czech Republic» Denmark + Dubai, UAE + Finland France + Germany + Greece « Hong Kong + Hungary India Indonesia «Ireland + Israel Italy + Japan + Korea + Luxembourg + Malaysia « Mexico « The Netherlands » New Zealand » Norway + Peru + Philppines « Poland « Portugal « Puerto Rico» Romania « Russia» Saudi Arabia + Scotland « Singapore» Slovakia + Siovenia « South Africa» Spain Sweden + Switzerland «Taiwan + ‘Thaland + Turkey + Ukraine + United Kingdom «United States « Venezuela Vietnam + Zimbabwe Copyright © 2000, cisco Systems, Inc. Allrights reserved. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me (CODA, CODE, CCDP, CCIE, CCNA, CONP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FeRunner, Folow Me Browsing, FormShare, GigaStack, IGX,Inteligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, 1Q Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The iQ Lago, Kemel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Intemetworking, Policy Builder, RateMUX, ReyMaster, ReyView, ScipiShare, Secure Script, Shop with Me, SideCast, SMARTnet, SVX, TraficDrecor, TransPath ‘VanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack ae trademarks of Cisco Systems, Ine; Changing the Way We Work, Live, Ply, and Learn, Empowering the Intemet Generation, ae service marks of Cisco Systems, In.; and Aronet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco 10S, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Colision Free, Enteprise/Solver, EtnerChannel, EtherSwitch, FastHub, FastLink,FastPAD, 10S, IPITY, IPX, LightStteam, LighiSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, SrataView Plus, Straim, SwitchProbe, “eleRouter, are registered trademarks of Cisco Systems, Inc. o is alates in the U.S. and cetain other counties. {All other brands, names, or trademarks mentioned inthis document or Web site are the property of their respective aumers. The use ofthe ‘word pariner does not imply a parnership relationship between Cisco and any other company. (0010R) Dedications ‘To my family and trends. Inthe final analysis, what else is there? svi] aoentaas ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks foes [: Free Oven Study 5 About the Author \Witam . Parkhurst, P.D., CCIE #2969, isa program manager with the CCIE group at Cisco Systems. Bilis responsible forthe CCIE ‘Communications and Services exams. Pia to joining the CCIE team, Bil was a Consulting Systems Engineer supporing Sprint. Bl st ‘became associated with Cisco Systems while he was a Professor of Electrical and Computer Engineering at Wichita State University (WSU). In conjunction with Cisco Systems, WSU established the first CCIE Preparation Laboratory [ice ous Shays in— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| About the Technical Reviewers Mike Bass has worked for 2 years in computer networking, the last 17 years at Sprint. Mike's networking experience began with [: Free Oven Study 5 mincomputer and mainframe networks and now consists of planning and design for distributed and peer-to-peer systems supporting voce, Video, and data services. Mike is curently responsible forthe introduction of new networking technologies to suppart Sprint internal associates. Brian Morgan, CCIE #4865, CSI, isthe Director of Data Network Engineering at Allegiance Telecom, Inc. He's been inthe networking industry fr over 12 years. Prior to going to Allegiance, Brian was an instructorconsultant teaching ICND, BSCN, BSCI, CATM, CVOICE, and BBCRAN. Brian isa co-author af the Cisco Press Remate Access Exam Certifcation Guide and technical edtor of numeraus aher Cisco Press ties. Bill Wagner works as a Cisco Certied System Instructor for Mentor Technologies. He has 23 years of computer programming and data, ‘communications experience. He has worked for corporations and companies suc as Independent Computer Consultants, Numerax, Mc Graw-illNNumerax, and Standard and Poor. His teaching experience started with the Chubb Insitute, Protocol Interface Inc, Geotain, Mentor Technologies. He is currently teaching at Skyline Computers Corporation. Robert L. White isan IP Network Design Engineer with Sprint's Long Distance Division intemal data network. Roberts design expertise focuses on routing protocols, external gateway connectivity, and IP adoress administration ona large multrprotocol network. [- Free Open Study >— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| [ice ous Shays Acknowledgments | would tke ta acknowledge the super effort of all hose involved with the development ofthis handbook. The reviewers of this book, Mike Bass, Brian Morgan, Bill Wagner, and Robert White, not only found the erors inthe book but also contributed suggestions on how to improve the content and clay of ths handbook. Ther efforts are greatly appreciated. | would also ke to thank John Kane and Chris Cleveland of (Cisco Press fr ther guidance and help in bringing tis project to a successful completion. Finally, | want to thank my wife, Debbie, for her ‘encouragement and support during tne many evenings and weekends while | was spending more ime with routers than with her. She was als the intial reviewer of his book and found misspelings, grammatical eros, and things that just didnt make sense. Once again she made a— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| a Per >] Introduction have been involved withthe word of networking from many erections. My experiences in education, network consulting, service provider ‘support, and cerfiction have shown me tha there is a common thea tha frustrates people in alla these arenas. That common thread is documentation. There are many facors that cause documentation tobe frustrating but the most common are amount, clarity, and completeness. The amount of documentation avaiable, especially in regards to OSPF, can be overwhelming. For a person whois beginning toleam OSPF, the question, "Were do begin?" There ae very good books, RFCs, white papers, and command references avaiable, but itis difcut to know where to stat. The carty of documentation depends on your personal situation. For a seasoned OSPF designer, the {documentation may be clear and concise. To an individual preparing fora professional certiicaion such as the CCIE, the same documentation may be confusing. Even ithe documentation is clea itis sometimes not complete. You may understand the words but be confused by the application. The purpose ofthis book sto provide an OSPF handbook tat is clear, concise, and complet. This book is not meant to be rea from cover to cover. The way you use this book will depend on your objectives. If you are preparing forthe CCIE writen and lab exams, this book can be used a a laboratory guide to learn the purpose and proper use of every OSPF command. If you are a network designer then ths book can be used as a teady reference for any OSPF command, inorder to satisty these varying audiences the structure ofthis book reasonably simple. Each OSPF command silustrate using the folowing structure: © Listing of the command structure and syntax © Syntax description forthe command wth an explanation of all command parameters ‘© The purpose ofthe command and the situation whee the commands used (© The frst release of the 10 in which the command appeared © one or more configuration examples to demonstrate the proper use ofthe command © Procedures and examples to vei that the command is wotkng propery © How to traubleshoot the command when things are not working as intended “The example scenarios that demonstrate the proper use ofthe OSPF commands can be implemented on a minimum numberof routers. This wil allow yout lear each command without requiing an extensive and expensive lab configuration, The scenarios are presented otha the purpose and use of each command can be presented without clouding the issue. Some ofthe examples lead you into common non-working ‘uations in order to reinforce the understanding of the operation of the particular OSPF command, My hope is that this handoook il help you prepare forthe CCIE exam, allow you to propery use OSPF in your network, or both, svi] aoentaas ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Fie Open Suara Recommended Reading This book assumes that you have a working knowledge of OSPF theory of operation and OSPF terminology. The folowing references can be used o supplement your knowledge of OSPF. (OSPF Network Design Solution, Thomas M. Thomas I, Cisco Press (second edton willbe released December 2002) outing TOPIP Volume 1, Jetf Doyle, Cisco Press in Fie Open SuaraThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Piece sua Per >] Icons Used in This Book es Be Router Bridge DSU/CSU al babel ro Catalyst Multilayer ISDN/Frame Relay ‘Switch Switch Soiteh Switch Communication Gateway Server um Macintosh —_> — =— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Biss Terminal Cisco Works Workstation Printer Line: Ethernet Token Ring Line: Serial >) seen FDDI Line: Switched Serial Cy Network Cloud Frame Relay Virtual Circuit rvs] eoantaas i— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| [: Free Oven Study 5 foes Command Syntax Conventions “The conventions used o present command syntax in tis book ae the same conventions used in he Cisco IOS Software Command Reference. The Command Reterence describes these convention as follows: © Vertical bas) separate ateraiv, mutually exclusive elements © Square brackets [indicate optional elements © Braces {) indicate a required choice. (© Braces within brackets [indicate a required choice within an optional element Boldface indicates commands and keywords that are entered itealy as shown. In actual configuration examples and output (not ‘general command syntax), boldface indicates commands that are manually input by the user (such asa show command) © Iraics indicate arguments for which you supply actual values. [ice ous Shayshs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Str fa) Chapter 1. OSPF Process Configuration Commands acess fen abcd fn Fie Open Sua rnThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [fee Open Suey fa) 1-1 router ospf process-id ‘Syntax Description: (© process:id—The OSPF process ID. The range of values is 1 to 65536. Purpose: Used to enable one or more OSPF processes on a router. The process ID is only significant onthe local router. Use thao form of the command ta remove an OSPF process. Initial 10S Sottware Release: 0.0 Configuration Example: Enabling an OSPF Process Before you enable an OSPF process, there must be at least one active interface with an assigned IP adress. OSPF uses the highest IP ‘address assigned to an ative interface asthe OSPF Router ID. loopback interfaces have been configured, then OSPF will use the highest loopback address as the Router ID even he highest loopback IP adress is smaller than the IP address of any active physical nterace Using a loopback interface on an OSPF router is 1 because a loopback interface is never down. loopback interace will produce a stable OSPF router ID. The network in igure 1-4 demonstrates thatthe OSPF Router 1D (RID) is the highest IP address assigned to an actve physical interface. Ia loopback interface is used, then OSPF wil use the loopback IP address as the OSPF RID. Figure 1-1. OSPF Router ID Selection So/t 10.1.1.1/30 OSPF Router ID 10.1.1.2 sort so Loopback 0 10.41.1780 40.1.1.2/30 2.2.2.2/32 OSPF Router IDThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 2.2.2.2 ‘Star by removing all P addresses and loopback interfaces from Router B. Now, attempt to canigure an OSPF process on Router B. ‘tB#configure terminal Enter configuration commands, one per line. End with CNTLZ. ‘trB(config)#router ospt 1 (OSPF: Could not allocate router id (OSPF cannot be enabled on Router B because OSPF needs a RID and there are no IP addresses assigned on Router B. Configure the serial Interfaces on Routers A and 8 and then configure an OSPF process on Router B Router A intertace SerialO/t bandwidth 64 Ip address 10.1.4.4 255.255.255.252 clockrate 64000 Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 bandwidth 64 router ospt 1 ‘The configuration af the OSPF process on Router B was successful. Examine the OSPF RID on Router 8 using theshow ip espfcammand, ‘uBéshow ip ospt Routing Process oso! 1 wih [SOO ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs ‘Number of Dobitless external LSA 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of DoNotAge external LSA 0 [Number ot reas in his routers 0, 0 normal 0 stub O nssa ‘The only active interface on Route Bis Seia0, so OSPF will use the IP address assigned to Sera forthe router ID. Adda loopback interlace to Router B and then re-examine the OSPF RID on Router B. Router interface Loopback® Ip address 2.22.2 255.255.255.255 ‘uBéshow ip ospt Routing Process oso! 1 wih [SOO ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs Number of DCbites external LSAO Number of DNotAge external LSA 0 "Number of areas in his routers 0. O normal O stub 0 nssa ‘The OSPF RID has nt changed. This a stably feature of OSPF. The route ID wil not change uness the OSPF process restarted ori te interface used fo the RID goes down. Shut down the sera intertace on Router B, re-enable the serial iterace on Router B, and examine the elfect onthe OSPF RID. Verification Veiiy thatthe OSPF RID on Router Bis equal to the IP address assigned tothe loopback interface, ‘uBéshow ip ospt Routing Process "spt 1" wit OI ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs Number of DCbites external LSAO Number of DNotAge external LSA 0 [Number ot reas in his routers 0, 0 normal 0 stub O nssahs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Troubleshooting ‘Verily that a loopack interface has been configured and an IP address assigned before configuring OSPF. A loopback interface is nat ‘mandatory, but it wl add stability to your OSPF network. [- Free Open Study >hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Str— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| 1-2 router ospf process-id vrf name ‘Syntax Description: (© process-id—The OSPF process ID. The range of values is 1 to 65535. © rame—VPN Routing/Forwarding Instance (VRF) name. Routes learned by he OSPF process will be placed inthe VAF instead ofthe global IP routing table Purpose: n a Muliprotecol Label Switching (MPLS) vitual private network (VPN) environment, this formof the OSPF router command is used ta transfer VPN custom en the service provider and the VPN customer. In an MPLS/VPN environment, there ar three "pes fete show nia Figure 1-2. General MPLS/VPN Architecture © Provider (P) outers © Customer edge (CE) routers © Provider edge (PE) routers P routers are routers in the service provider network that have no connections to CE routers. PE routers are the interface routers between the ‘customer and the service provider. Tag or label switching and an interior gateway protocol (IGP), such as OSPF, are run between P and PE routers to exchange intemal service provider routes. These routes are installed in the global IP routing table onthe P and PE routers. The PE routers have additional IP routing tables, one fr each attached VPN customer. These routing tables are called VAF instances. Wen OSPF is configured using the vf opin, routes learned from the CE wil be placed into the appropriate VRF on the PE router. These VPN routes will be exchanged between PE routers via mukiprotocol IBGP. For a detailed discussion of MPLS and MPLS VPNs, see the Cisco Press book MPLS and VPN Architectures by an Pepelnjak and Jim Guichard, Initial 10S Software Release: 120 a Per >]hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks an) cron Saas Chapter 2. OSPF Area Commands Becton 21 area [authenticator fear solomon) Beinn 25 areaIrea dcetaut costfoa Beinn 2-4 areafrea dss Becton 2:5. area)orea-dnssa default information originate Beinn 2-6 areafrea ]nssa noredistibutod Becton 27. atealorea-d]nssa no-summa fae coke Beinn 29 arealrea drangelo asdress mas aavers Becton 2-10, areafrea-idrangefp-adoress masfoot advert rt Becton 2-11, areabrea-idstut Beinn 2-12, arearea sub no summary Becton 2:13, arealransiarea-dvituatinkbouterid] Becton 214 redfransit-area-idfirtualtinifouterdputhentication authentication-keWpasswo Becton 2:15, redfransiarea.dvinualsinifovter-Jputhentication message-diges Beeston 216 redfransit-area-idfirtual-tinifouter dputhentication null Becton 2:17, arealransiarea-d virwal-tnkDouterifauinentcation-key basswor Beinn 2-16, area)ransit-area vue infouterid dees intealfeconad Becton 2:19, arealanst-area.d vitualnk}outerinetosntewalheconds [eae so eee neo as Becton 2:21, arealransiarea-d vitualtnkDouteriQretransmitinterallsscor Beinn 2.20, arealranst-area dvvat njouteridvansmit elayPeconad Free Open Study >| fanshs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, 2-1 area area-id authentication NOTE ‘This command requires the following adsitonal commands: For a physical interface: ip ospf authentication key password (see Becion 1: For (sxe| ital ink it authentication is used in area 0: area ransit-area virtual-tink router authent ction 2-1 ‘Syntax Description: (© area-id— OSPF area ID. This value can be entered as a decimal number inthe range of Oto 4.294,967,296 orn IP address format inthe range 0.0.0.0 to 255.255.255.255. This command wil enable simple password authentication in the indicated OSPF area, By default, authentication isnot enabled © transi-area— The OSPF area across which the vitual Ink s configured, © password Clear-text password tobe used for authentication inthe selected area on the selected interface or vitual nk. The password isan alphanumeri string from 1 to 8 characters © routerid— OSPF router ID of the router atthe remote end of the virtual ink. Purpose: To enable simple cleartext password authentication in an OSPF area, OSPF simple authentication requires the use ofthe router configuration command to enable authentication in an area and te interface or vitual-nk command for password configuration, Because this router configuration command enables authentication n an area, you must configure every interface in the area for authentication i using ‘soo IOS Software Release 11.X or eae. In Cisco IOS Software Release 12.X, the authentication used on an interface can be diferent than the authentication enabled for an area. When using Cisco |OS Software Release 12.X, the authentication method used on ferent interfaces inthe same area does not need tobe the sam command Ip ospf authentication null seeBection 19-1 ‘both ends of a common ink must use the same password, Authentication is enabled by area (Cisco |OS Software Release 11.X and eater), soit possible to employ authentication in one area without using authentication in other areas. The cleartext passwords not encrypted, so itl be possible for someone to intercept OSPF protocol packets and compromise the password. Initia Cisco 108 Software Release: 10.0 You can remove authentication from selected interfaces using the interface “The password does not need io be the same on every interface in the area, but Configuration Example: Simple Password Authentication For the network in Figure 2 start by configuring OSPF without authentication in Area 0 Figure 2-1. Network Used to Demonstrate OSPF Authentication Configuration and TroubleshootingThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, st 10.1.1.10/90 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000 router ospt 1 network 10.1.4.00.0.0.18 area 0 Router 8 Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 Verily the OSPF configuration on Routers A,B, and C by displaying the state of each router's OSPF neighbors.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000038 10.1.1.10 Serial 2222 1 FULL'- 000037 1011.2 Serialt ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface TAA 1 FULL 00:0035 10.1.1. Serio 3333 1 FULL’- 000030 10.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000030 10.1.1.5 Serial Att 1 FULL 00:00:37 10.119 Seralt Verily that OSPF isnot using authentication, ‘tA#show Ip ospt Routing Process "ost 1" with ID 1.4.1.1 ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Mrimum LSA intewal sees. Minimum LSA aval t secs "Number of external LSA 0. Checksum Sum 0x0 ‘Number of Dobitless external LSA 0This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks Number of DoNotAge external LSA 0 [Number ot reas in this routers 1. 1 normal 0 stub O nssa ‘Area BACKBONE(0) Number of interfaces inthis area is 2 ‘Area has no authentication ‘SPF algorithm executed 6 mes ‘rea ranges are Number of LSA 3. Checksum Sum Ox25F8D Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 Mody the configurations on Routes A, B, and C by adding simple password authentication to Area 0. For this example, you wll use the ear-text password “e300 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 ! Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000 router ospt 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Serialt Ip address 10.1.1.10 255.255.255.252 lock rate 64000 Verification Verily thatthe OSPF neighbor relationships ae sil acve ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 33331 FUL 00:0031 10.11.10 Serio” 2222 1 FULL 00:00:30 10.1.12 Serio" ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface tat 1 FUL 00:00:38 10.1.1.1 Serio 3333 1 FULL 00:00:33 10.118 SeraltThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000033 10.1.1.5 Serial ttt 1 FULL 00:00:30 10.119 Serial Verily that simple authentication is enabled fr Area 0. ‘tAéshow ip ospf Routing Process “oso 1" wth ID 1.1.1.1 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 EES ‘SPF algorithm executed 9imes ‘rea ranges are Number of LSA 3. Checksum Sum Ox24F95 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 “The password used can be seen by anyone looking at your configuration. For added security, the password in the configuration can be ‘encrypted using the global configuration command service password-eneryption, 2s shown in the folowing configuration. outer A service password-eneryptionThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Listing the configuration wil show thatthe password has been encrypted. Although the password is encrypted inthe configuration, iwi stil be sentin cleartext by OSPF. ‘trAfshow running-contig Bulling configuration, (Current configuration: version 12.0 service timestamps debug uptime service timestamps fog uptime hostname rr Ip subnet zero Interface Loopbacko Ip address 1.1.1.1 255.255.255.255 no ip drected-oroadcast Interface Serial0/0 Ip address 10.1.1.9 255.255.256.252 no ip drected-oroadcast no ip mroute-cache Interface Serial0/t Ip address 10.1.1.1 255.285.256.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks no ip drected-oroadcast clockrate 64000 Troubleshooting outer A ‘Step 1. Before enabling authentication in an OSPF area, vey that there isa neighbor relationship among all OSPF routers by using the show ip ospf neighbor command ‘Step 2. Vey that authentication has been enabled for every OSPF router with an interface inthe area where authentication is being deployed ‘Step 3. Vey that every interface in an OSPF area that is using authentication is configured withthe proper password. ‘Step 4. If any OSPF neighbor relationships elsappear ater configuring authentication, then debugging can be used to determine the problem. For example, change the password on Route A Interface Serial 00, to bosco, as shown here. Interface Serial010 Ip address 10.1.1.9 255.255.255.252 List the OSPF neighbors for Router A ‘trAshow ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2222 1 FULL’ 00:00:36 10.1.1.2 Serlalo/t Router A has lost Router C as a neighbor. Enable debuaging on Router A to see the problem can be determined, strAdebug ip ospf events (OSPF events debugging is on atThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks (08:41:08: OSPF: Rov hello from 2.22.2 area 0 trom Serial 10.1.1.2 (08:41:08: OSPF: End of helo processing Be careful when configuring passwords. A space is valid character, so if you use the passworbiscoespace> then there will be a password ‘mismatch, bt you wan' be able to tell by looking atthe cotiguaton, ‘Change the password on Router A, serial 0/0, back to cisco and remove the OSPF router configuration command area 0 authentication. outer A Interface Serial0/0 Ip address 10.1.1.9 255.255.255.252 router ospt 1 Router A should drop both OSPF neighbors. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 INIT/- 00:00:38 10.1.1.10 Serialovo 2222 1 INIT 00:00:99 10.1.1.2 Serio Now debug the OSPF tation Router B or © to determine the prablem. strBédebug ip ospf events (OSPF events debugging is on cod (08:58:40: OSPF: Rov hello om 3.3.3.3 area O from Serial 10.1.1.6hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks (08:55:40: OSPF: End of hello processing Routers Band C are using type 1 authentication (simple password) and Router A is using type 0 authentication (none) Fie Open SuaraThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, a Per >] 2-2 area area-id authentication message-digest NOTE ‘This command requires the following adtional commands: Fora physical interface: ip ospt message-digest-Key key ida password (seefsecion 19) For a vital ln authentication is used in Area 0: area transit area vrtual-Iink rovte-id message-digest-key key-idmd5 password (see ection 2-24 ‘Syntax Description: © ayea-id— OSPF area ID. This value can be entered as a decimal number in the range of Oto 4,294 967,295 orn IP address format inthe range 0.0.0.0 to 256.256 255.256. This command will enable simple password authentication inthe indicated OSPF area, By default, authentication isnot enabled © key-id— Key used to encrypt a password. The range of values is 1 to 255. Both ends ofa lnk must use the same key and password © password Password tobe used for authentication inthe selected area on the selected interface or virtual lnk. The password is ‘an alphanumeric string from 1 to 8 characters. © transi-area— The OSPF area across which the vital Ink s configured, © routerid— OSPF router ID of the router atthe remote end of the virtual ink. Purpose: To enable MDS password authentication in an OSPF area, OSPF MDS authentication requires the use ofthe router cotiguration ‘command to enable authentication in an area and the interface or viual Ink command for ey and password configuration. Since tis router configuration command enables authentication in an area every interlace inthe area must be configured with an authentication key and password if using Cisco IOS Sofware Release 11.X or eater. In Cisco 1OS Software Release 12, the authentication used on an interlace canbe diferent rom the authenticalon enabled for an area, When using Cisco 10S Software Release 12.X, the authentication method used ‘on different interfaces inthe same area doe command ip ospf authentication null (see nat ned Bection 19- the same. Authentication can be tured of on selected interfaces using the “The key and password do not need tobe the same on every intertace, but both ‘ends ofa comman lnk need to use the same Key and password, Autheticaion is enabled by area (Cisco IOS Sofware Release 11.X and atl) soitis possible to employ authentication in one area without using authentication in other areas. The passwords encrypted, so tis extremely lfc or someone to intercept OSPF protocol packets and compromise the password Initial Cisco 10S Software Release: 11.0 Configuration Example 1: MD5 Password AuthenticationThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, For the network infigure 2 inaly configure OSPF without authentication in Area 0 Figure 2-2. Network Used to Demonstrate OSPF MD5 Authentication Configuration and Troubleshooting key id= 2 password = ciscoab st 10.1.1.10/30 6/30 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 ! Interface Serial010 Ip address 10.1.1.9 255.255.255.252 ! Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, router ospt t network 10.1.1.00.0.0.15 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks lock rate 64000 router ospt t network 10.1.1.00.0.0.15 Veiiy the OSPF configuration on Routers A, B, and C by asplaying the state ofeach router's OSPF neighbors ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000038 10.1.1.10 Serial 2222 1 FULL'- 000037 1011.2 Serialt ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface TAA 1 FULL 00:0035 10.1.1. Serio 3333 1 FULL’- 000030 10.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000030 10.1.1.5 Serial Att 1 FULL 00:00:37 10.119 Seralt Verily that OSPF isnot using authentication. ‘tA#show Ip ospt outing Process “oso! 1" with ID 1.1.1.1This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 ‘Area has no authentication ‘SPF algorithm executed 6 mes ‘rea ranges are Number of LSA 3. Checksum Sum Ox25F8D Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Modiy the configurations on Rauters A, B, and C by adding MDS password authentication to area 0. For this example, use the passwords céscoab,clscobe, and ciscoac to demonstrate that multple passwords can be used in an area, outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 Interface Serial0it Ip address 10.4.1.1 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks lock rate 64000 router ospt 1 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt 1 outer © Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 ‘lock rate 64000, router ospt 1 Verification Veiiy thatthe OSPF neighbor relationships are sil acive, ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 9333 1 FULL’- 000031 10.1.1.10 Serial 2222 1 FULL'- 000030 10.1.1.2 Serial’ ‘tiBéshow Ip ospf neighborThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Nejghbor ID Pri State Dead Time Address Interface TA 1 FULL 00:0038 10.1.1.1 Serialo 3333 1 FULL’- 000033 10.1.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000033 10.1.1.5 Serial ttt 1 FULL 00:00:30 10.119 Serial Verily that MDS authentication is enabled for Area 0. ‘tAéshow ip ospf Routing Process “ospt 1" with ID 1.1.1.1 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 na ‘SPF algorithm executed 2 imes ‘rea ranges are Number of LSA 3. Checksum Sum Ox14A19 Number of Dobitess LSA 0 Number of nication LSA 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of DoNotage LSA 0 ‘The password used can be seen by anyone looking at your configuration. For added secur, the password in the configuration can be «encrypted using the global configuration command service password-eneryption, as shown inthe following contiguraton. outer A service password-eneryption Listing the configuration wil show thatthe password has been encrypted, ‘trAfshow running-contig Bulling configuration, (Current configuration: version 12.0 service timestamps debug uptime service timestamps fog uptime hostname rr Ip subnet zero Interface Loopbacko Ip address 1.1.1.1 255.255.255.255 no ip drected-oroadcast Interface Serial0/0 Ip address 10.1.1.9 255.255.256.252 no ip drected-oroadcastThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks no ip mroute-cache Interface Serial0/t Ip address 10.1.1.1 255.285.256.252 no ip drected-oroadcast clockrate 64000 Configuration Example 2: Changing Keys and Passwords For adctional security, you may choose to perioccaly change the key and password, With clea-ext authentication, changing passwords will cause a loss of OSPF connectivity from the time you change the password on one interface unl you change the password atthe ther end of the link. With MDS authentication, you can configure a new key and password ona ink while leaving the old key and password in place. The ‘ld key ang password will contin tobe used unt the new key and password are configured on the other end of the lnk. Modty the key and password onthe lnk between Routers A and B. Add a new key and password on Router Ain order to observe the behavior when the new key and passward have only been configured on one end ofthe nk Router A intertace SerialO/t Ip address 10.1.4.4 255.255.255.252 no ip drected-broadcast Ip ospf message-digest-key 2 mds ciscoab clockrate 64000 Verily thatthe OSPF neighbor relationship between Routers A and B is sil active. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000034 10.1.1.10 SerialThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘You can determine i Router Ais using both keys wen communicating with Router B by viewing the interface properties or by enabling (OSPF debugging ‘trAshow ip ospf interface s0i1 Serial is up line protocols up Internet Address 10.1.1.180, Area 0 Process ID 1, Route IO 1.1.11, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:08 Neighbor Counts 1, Adjacent neighbor counts 1 ‘Adjacent wth neighbor 222.2 ‘Suppress hello for 0 neighbors) ‘Message digest authenicaion enabled Youngest key idis 4 Rollover in progress, 1 neighbors) using the old key(s): heyia2 ‘wAtdebug ip ospf events (OSPF events debugging is on nt (01:30:25: OSPF: Rev helo rom 3.3.3. area 0 trom Serial 10.1.1.10 (01:30:25: OSPF: End of hello processing (01:30:26: OSPF: Rev hel om 22.2.2 area O trom Serial 1.1.1.2 (01:30:26: OSPF: End of hello processing (01:30:30: OSPF: Send with youngest Key 1 Notice that both keys ate being used for authentication. Configure the new key and password on Router B wile leaving the old key andThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks password in place. Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 no Ip directed-broadcast Ip ospf message-digest-key 2 mds ciscoab Routers A and 8 will now use the youngest key (the last Key configured) ‘wAtshow ip ospt intertace s0/t Serial is up line protocols up Intemet Adress 101.1.180, Area 0 Process ID 1, Route IO 1.1.11, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo due in 0:00:02 Neighbor Counts 1, Adjacent neighbor counts 1 ‘Adjacent with neighbor 2222.2 ‘Suppress hello for 0 neighbors) “The old key and password can now be removed trom routers A and B using the no form of he interlace command. Troubleshooting ‘Step 1. Before enabng authentication in an OSPF area, verity that there isa neighbor relationship among all OSPF routers by using the show ip ospf neighbor command.This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘Step 2. Vey that authentication has been enabled for every OSPF router with an interface inthe area where authentication is being deployed ‘Step 3. Verily that every interface using authentication in an OSPF area has been configured withthe proper key and password. ‘Step 4. If any OSPF neighbor relationships alsappear ater configuring md authentication, debugging can be used to determine the problem. For example, change the key-id on route , interface Serial Oo 5, Use the no form ofthe command to remove the ‘orginal key and passward betore applying the new ey. Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 List the OSPF neighbors for Router A ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 9333 1 FULL’- 000031 10.1.1.10 Serial Router A has lost Router C as a neighbor. Enable debugging on Router A to see if you can determine the problem. strAdebug ip ospf events (OSPF events debugging is on Be careful when configuring passwords. A space is a valid character, sof you use the password clscoespace> then there willbe a password mismatch, bt you wont be able to tll by ooking atthe configuration, especially ifthe password is encrypied inthe configuration, (On Router A, remove the OSPF router configuration command area 0 authentication message-digest. Restore the proper key on Seriald ‘on Router B, outer A Interface Serial010This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 10.1.1.9 255.255.255.252 ! router ospt 1 Router interface Serial0 Ip address 10.1.1.2 255.255.255.252 no Ip ospt message-digest-key 5 md5 ciscoab Ip ospf message-digest-key 2 mds ciscoab Router A should drop both OSPF neighbors. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 INIT/- 00:00:38 10.1.1.10 Serialovo 2222 1 INIT 00:00:99 10.1.1.2 Serio Now debug the OSPF traffic on Rute B or C to determine the problem. ‘B#debug ip ospf events (OSPF events debugging is on Bt 21:43:04: OSPF: ev helo om 3.3.3.3 area 0 tom Serial! 10.1.1 21:43:04: OSPF: End of hello processing 21:43:05: OSPF: Send with youngest Key 4 21:49:08: OSPF: Send with youngest Key 3— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Routers B and C ae using type 2 authentication (MDS) and Router Ais using type O authentication (none). [: Free Oven Study 5This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [ice ous Shays 2-3 area area-id default-cost cost NOTE ‘This command requires the following adetional commands: area areaidnssa (seeiecion 2-4 area areavid stub (see Becion 214 ‘Syntax Description: (© area-id— OSPF area ID. This value can be entered as a decimal number inthe range of Oto 4.294 967,295 orn IP address form in the range 0.0.0.0 to 255.255.255.255, © cost—The default cost ofan OSPF stub area's advertised external defauit route metic. The range of values is Oto 16,777,215. “The default vale is 1. The cost value willbe added tothe cos of reaching the Area Border Router (ABR) that is advertising the detaul route Purpose: External networks will ot be advertised into stub or totaly stubby afea. External networks are networks that have been redstriauted into OSPF. Extemal OSPF routes and inter-area OSPF routes are not advertised into taaly stubby area. When an OSPF area is configured as a stub area, a default route willbe generated by the ABR int the stub area in place ofthe external routes. When an OSPF ateais configured asa totally tubby afea, the default route replaces the extemal and inter-area routes. The purpose ofthis command is to set the cost ofthe default route advertised ito a stubby, totally stubby, or no-so-subby area. I his command is not used, then the cost of ‘he default route willbe 1. When configuring stub areas, al routers wit interfaces inthe stub area must be configured wit the same stub atea type. Initia Cisco 108 Software Release: 10.0 Configuration Example: Setting the Default Cost for a Stub Area Intl, the networkin Figure 2s configured without a stubby area to compare the diferences between the routes advertised info a narmal ‘area with those advertised info.a stubby area. You will reistribute the loopback interface on Router C inorder to generate an external route (on Routers A and 8. Figure 2-3. External OSPF Routes Are Not Advertised into an OSPF Stub Area. Inter-area and External Routes Are Not Advertised into a Totally Stubby AreaThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks <— Detaunt route (detauitt cost = 1) “<—— OSPF inter-area routes (10.1.1.4) <— betauit route (refauit cost = 1) X~— 080 F inter-area routes (10.1.1.4) x<— totally stubby outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 ! Interface Serialo/t Ip address 10.1.1. 255.255.255.252 lock rate 64000 router ospt 1 network 10.1.1.00.0.0.3This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.0 0.0.0.3 area 4 network 10.1.1.4 0.0.0.3 area 0 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt t redistribute connected subnnets network 10.1.1.4 0.0.0.3 area 0This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks It you examine the IP routing table on Router A you can see that all OSPF routes are being advertised into Area 1 ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF extemal ype 1, ESOS STIR «EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0is drecty connected, Serial Mody the configurations on Routers A and B so that Area 1 is a stub area outer A router ospt 1 network 10. at Router 8 router ospt 1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Re-examine the IP routing table on Router A. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, 1.0.00132s subnete, 1 subnets © 1.4.1. isdretly connected, Loopback 10.0.0.030is subneted, 3 subnets © 10:11.0%s drecty connected, Sera” 1A 10..1.411101128) va 1.1.12, 00:00:06, Serilot Notice thatthe cost ofthe defauit route is 65. Thiss the sum of the costo the ABR of 64 and the cost ofthe default rout, which has the default value of 1. You can very the default cost by using the command show ip ospfon Router B ‘Bshow ip ospt outing Process "oso 1" with ID 22.22 ‘Supports only single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Minimum LSA interval 5 secs. Minimum LSA artval 1 seesThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks [Number of extemal LSA 3. Checksum Sum Ox14845 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.1 normal 1 stub Onssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 21 times, ‘rea ranges are Number of LSA 3. Checksum Sum Ox14F55 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Wea Number of interfaces in his areas 1 Iisa stub area enerates stub default route wih cost 1 ‘rea has no authentication ‘SPF algothm executed 97 times, ‘rea ranges are Number of LSA 4. Checksum Sum Oxt€701 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 ‘Medi the cost ofthe detaul route being generated by Router B, Router 8 router ospt 1 area t stubThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Network 10.1.1.0 0.0.0.3 area Network 10.1.1.4 0.0.0.3 area 0 Verification Verily the new cost or the default route on Router Aby using theshow ip route command or the show ip route 0.0.0.0command. You can ‘also vert the cost ofthe default route on Router B by using the show ip ospf command. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts 10.1.1.2 0 network 0.0.00 1.0.00132s subnete, 1 subnets © 1.14.1 isdrety connected, Loopback0 10.0.0.030is subneted, 3 subnets © 10:11.0%s drecty connected, Sera” OIA 10.1.1.4 110/128] via 10.1.42, 00:08:99, SeialO/t ‘trAshow ip route 0.0.0.0 outing enty for 0.0.0.00, supernet Known via“osp 1", distance 110, metic 79, candidate defaut path, type inteThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Redistributng via ospf 1 Last update from 10.11.2 on Serial0/t, 00:01:08 ago outing Deserigtor Blacks: *10.1.1.2, rom 2.2.22, 09:01:05 ago, via Seial0/t Route metic is 79, traffic share count ist ‘tB#show Ip ospt Routing Process “oso! 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO} routes Its an area border router SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA artval 1 sees ‘Number of external LSA 3. Checksum Sum 0x14845 ‘Number of Dobitless external LSA 0 Number of DoNotAge external LSA 0 [Number of areas in his routers 21 normal 1 stub O nssa ‘Area BACKBONE(0) Number of interfaces inthis area is 1 ‘Area has no authentication SSPF algotthm executed 21 times ‘Area anges are Number of LSA 3. Checksum Sum Ox14F55, Number of DCbitless LSA 0 Number of nication LSA 0 Number of DoNotage LSA 0 ‘Acca t Number of interfaces inthis area is 1— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Iisa stub area enerates stub default rove with cost 15 ‘rea has no authentication ‘SPF algothm executed 97 times, ‘rea ranges are Number of LSA 4. Checksum Sum 0x27068 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 ‘The new costs now 64 + 15 oF 78 Troubleshooting ‘Step 1. Vey that ther is a neighbor relationship between the OSPF routers by using theshow Ip ospfneighbor command, ‘Step 2. Verily that the ABR tothe stub area and all rouer in the subarea have been configured as a stub using the router configuration command area x stub ‘Step 3. Vey that thedefault-cost command has been configured onthe ABR{s) for the stub area. Thedefault-cost command wl only work onthe stub area ABR. rvs] aT iThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks a Per >] 2-4 area area-idnssa ‘Syntax Description: (© areaid OSPF area ID. This value can be entered as a decimal number in the range of 1 to 4,294,967,295 or in IP adsress form in the range 0.0.0.1 to 255.255.285.255, Area O canbe entered but rea 0 cannot be configured as a nat-so-subay area (NSSA) th buonangoedasanNSoa wi goes oe Testes pes ee Figure 2-4. An OSPF NSSA cues (5 yrs lated 60 << —_ cere npet roe Sears Feces Initial isco 10S Software Release: 11.2 Configuration Example: Configuring an OSPF NSSA inFigre 29 Rovers Can ar naring RP Veron? Role avenge networks 186 26.2.4 and 188 26.3.026 Retr CHE Tor weds RP rues, ncusrg te 101.1890 rework lo OSPF Because Arca has bec deine a an GSA terete AIP rules be adverse no Aiea | 2 OSPF Ye ets italy you cote Aes | sna OSPF treat overs sen rae arsedThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t redistribute connected subnets network 10.1.1.00.0.0.3 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 clockrate 64000 router ospt t redistribute rip subnets network 10.1.1.4 0.0.0.3 area 1 router Hip version 2 passive-interface Serial0 network 10.0.0.0, Router D Interface Loopbacko Ip address 156.26.32.1 255.255.255.0 Interface Loopback! Ip address 156.26.39.1 255.255.255.0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Serial0/0 Ip address 10.1.1.9 255.255.255.252 network 10.0.0.0, network 156.26.0.0 rho auto-summary Router Ais advertising Loopback 0 as an OSPF type 5 extemal route because this route was injected info OSPF through relstbuton Routers A and B are aso learning the redistributed RIP routes as extemal type 5 OSPF routes. ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF exeral ype | |EASOSEEERESINGER € -E
sme tee Sg Initial isco 10S Software Release: 11.2 Configuration Example: Advertising an OSPF NSSA Default Route into an OSPF NSSA In Figure 2 Routers C and D are running RIP Version 2. Router D is advertising the networks 156.26.32.024 and 186.26.38.024 to Router Cvia RIP. Router C wil redistroute the RIP routes, including the 10.1.1.8/90 netwotk, ito OSPF. Because Area 1 has been defined as an NSSA, the redistributed RIP routes wil be advertised into Area 1 as OSPF type 7 routes nity, you wll configure Area t asa normal OSPFThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks area in order to see the routes that are advertised. outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t redistribute connected subnets network 10.1.1.00.0.0.3 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 clockrate 64000 router ospt t redistribute rip subnets network 10.1.1.4 0.0.0.3 area 1 router Hip version 2 passive-interface Serial0 network 10.0.0.0, Router D Interface Loopbacko Ip address 156.26.32.1 255.255.255.0 Interface Loopback!This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 156.26.39.1 255.255.255.0 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 router rip version 2 network 10. 0 network 156.26.0.0 rho auto-summary Router Ais advertising Loopback 0 as an OSPF type 5 extemal route because tis route was injected into OSPF through redistribution Routers A and B are aso learning the redistributed RIP routes as extemal type 5 OSPF routes. ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 1-099 exes! 9p 1, ESSENSE 1-161, Lt 16S ev, 12-1618 v2 cant cto U- peruse sta re, 0-OOR Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnetsThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks © 10.1.1.0is drecty connected, Serial OIA. 10.1.1.4 110/128] via 10.1.42, 00:02:25, SeialOlt ‘tb tohow ip oute codes: connected, Sst, |-IGAP, R- RIP, M-moble, B= EGP D- EIGRP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI -OSPF NSSA extemal ype 1, N2-OSPF NSSA extemal ype 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 10.0.0.0790 i subnetted, 3 subnets OZ 10.1.1.8 [110120] via 10.1.1.6, 0:08:14, Serilt © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt Router Cs leaming the network redistributed by Router A as an OSPF external ype 5 route. ‘trC#show ip routeThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP -EIGRP, EX- EIGRP extemal, O- OSPF, IA- OSPF ine area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF exeral ype |, EOS PSE SSDIESESE {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set '10.0:062s subnetied, 1 subnets (OER 1.1.1.1 [11020] via 10.1.1.5, 00:06:24, Seriald 8.010.024 is subnetie, 1 subnets © 3830is directly connected, Loopback 156.26.0.0724is subneted,2 subnets R156.26.520 [12011] via 10.1.1.8, 0:00:18, Sera R_156.26.98.0[120/1] via 10.1.1. 0:00:18, Sera 10.00.00 subnetted, 3 subnets © 10.1.1.8%s direct connected, Serilt OWA 10.1.1.01110/128] via 10.1.1.5, 00:06:24, Seralo © 10.1.1.41s drecty connected, Serialo Now modty the OSPF configurations on Routers B and Cin order to create the NSSA. Router 8This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer © router ospt 1 redistribute rip subnets network 10. 400.03 area Verily that Area 1 has been configured as an NSSA, ‘B¥show ip ospt Routing Process “osot 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border and autonomous system boundary router Redistbuting External Routes from, ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 5. Checksum Sum 0x32404 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 0 stub 1 nssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 1 times, ‘rea ranges are Number of LSA 3. Checksum Sum 0x20780 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0This document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks Number of interfaces in his areas 1 tis aNSSA area Perform fpe-7Aype'S LSA ransiation ‘rea has no authentication ‘SPF algorithm executed 22 times, ‘Area ranges are Number of LSA7. Checksum Sum 0326010 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 Now inspect the outing tables on Routers A,B, and Cto view the effect of configuring Area 1 as an NSSA. ‘eBshow ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP -EIGRP, EX- EIGRP extemal, O- OSPF, IA- OSPF ine area N1-OSPF NSSA external ype 1, {OOS NSSASSTSIEE 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets OE2 1.4.1.4 [110020] via 10.1.1.1, 00:08:55, Serio 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackOThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘The redistriouted FIP routes have been converted ftom OSPF E2 routes to OSPF N2 routes. This means tha the redistributed RIP routes are now being advertised as type 7 routes instead of ype 5 routes. On Router A, these routes should sill be OSPF type 5 routes since Router Bis converting them from type 7to type 5 ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0is drecty connected, Serial OIA. 10.1.1.4 [110/128] via 10.1.42, 00:08:31, SeiaO't Finally, inspect the IP routing table on Router C. ‘trC#show ip routeThis document was created by an unregistered ChmMagic, please goto htp:/lwww_bisenter.com to reistr it. Thanks Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI -OSPFNSSA external ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 8.010.024 is subnetie, 1 subnets © 3830is directly connected, Loopback 156.26.0.0724is subneted,2 subnets R156.26.820 [12011] via 10.1.8, 0:00:10, Sera R_156.26.58.0 [12011] via 10.1.1.8, 0:00:10, Sera 10.00.00 subnetted, 3 subnets © 10.1.1.8%s direct connected, Serilt (O14 10.1:.0 [110/125] via 10.1.15, 00:08:58, SevalO © 10.1.141s drecty connected, Serial0 ‘The 1.1.1.1 route that Router A was advertising as an OSPF erternal type 5 route has been blocked from entering the NSSA area by Router 8 but the iner-area routes have been permitted, Also notice that unlike a sub or ‘otal stubby are, theres no default route advertised by the ABR or ASBA Modiy the configuration on Router B in order to generate an OSPF NSSA default route into the NSSA, Router 8This document was created by an unregistered ChmMagic, please goto htp:/lwww_bisenter.com to reistr it. Thanks Verification Verily that a default route is being advertised inte the NSSA by inspecting the routing table on RauterC. ‘uC#show ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP -EIGRP, EX- EIGRP extemal, O- OSPF, IA- OSPF ine area N1-OSPF NSSA external ype 1, {OOS NSSASSTSIEE 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, 30.0.0/24issubnetied, 1 subnets © 3830's rectly connected, Loopback0 186.260.0248 subnetted, 2 subnets R18626.520[120/] via 10.1.1 9, 00:0023, Seralt R18626.58.0 [120/] va 10.1.1 9, 00:0023, Seralt 10.0.0.030is subneted, 3 subnets © 10.1.1.81s drecty connected, Seria 1A 10.1.4.011100128) va 10.1.1, 00:1498, Serial © 10.1.14%s direct comeced, Seiad Troubleshootinghs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks ‘Step 1. Vey tha there is a neighbor relationship between the OSPF routers by using theshow Ip ospf neighbor command. ‘Step 2. Verily that every route in the NSSA has been configured withthe commandarea xnsa. ‘Step 3. The command option defaultinformation-originate can only be used on the NSSA ABR or ASBR. Ensure tha this ‘command has been configured on ether the ABR or ASBR, [ice ous ShaysThis document was created by an unregistered ChmMagic, please goto htp:/iwww_bisenter.com to register it. Thanks a Per >] 2-6 area area-id nssa no-redistribution ‘Syntax Description: (© areaid OSPF area ID. This value can be entered as a decimal number in the range of 1 to 4,294,967,295 or in IP adsress form in the range 00.0.1 to 255.255.255.255, Area 0 can be entered but Area 0 cannot be configured as an NSSA. Purpose: In a stub or totaly stubby are, the ABR to the stub area wil prevent OSPF extemal routes (ype 5 rom being advertised into the ‘stub area. This implies that an ASBR cannot be part ofa stubby or totaly stubby area because an ASBR generates OSPF external type 5 routes, Situations arise where you want o create a stubey or totaly stubby area relative to OSRE want fo adverise redistributed routes from an ASBR across the area, An OSPF area that has these properties is an NSSA, inEawe? you want Route B, the ABR, to block OSPF external routes fram Area 1. You also want the routes reestrbuted by Ruiter C, the ASBR, tobe allowed int the area ‘Additonally, Router B is an ASBR forthe EIGRP routes recived om Router E. You want the EIGRP routes to be redistributed ino Area O ‘but you do not want hem advertised into Area 1, the NSSA. Ifyou configure Area 1 as an NSSA, then the extemal OSPF routes that Router B receives from Area 0 willbe blocked trom Area 1. The redistributed routes from the ASBR (Router C) willbe sent as OSPF type 7 routes. Router 8 will convert these type 7 routes to OSPF type 5 routes and advertise them ito Area 0. If you use the no-edistribute keyword on Router 8, then the EIGRP routes will ot be converted to OSPF type 7 routes. This will prevent them rom entering Area 1 but willow them tobe advertised into Area 0. Normally routes redistributed into OSPF are type 5 routes. An ASBR that has been configured as an NSSA vill ‘generate type 7 routes instead of type 5 routes. Figure 2-6. An OSPF ABR/ASBR Can Control the Redistribution of Routes into an NSSA ‘Allow redistributed RIP routes, Allow redistributed Block redistributed EIGRP routes EIGRP routes. <_—_ See _ Sane rete Initial isco 10S Software Release: 11.2This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Configuration Example: Preventing Redistributed Routes from Entering an OSPF NSSA InBigure 2 Routers C and D are running RIP Version 2. Router D is advertising the networks 156.26.32.024 and 186.26.33.024 to Router (Cvia RIP. Router C wil redistroute the RIP routes, including the 10..1.8/30 netwotk, into OSPF. Routers B and E are running EIGRP. Router 8 wil recstbute the EIGRP raves info OSPF. Since Avea 1 has been defined as an NSSA, the redstrouted RIP and EIGRP routes Wil be advertised into Area 1 as OSPF type 7 routes. Initaly, you wll conigure Area 1 asa normal OSPF area inorder to see the routes that are adverised. outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t redistribute connected subnets network 10.1.1.00.0.0.3 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Ethernet Ip address 172.16.1.1 255.255.255.0 Interface Serial0This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lockrate 64000 router elgrp 4 network 172.16.0.0, router ospt t redistribute eigrp 1 subnets network 10.1.1.00.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 clockrate 64000 router ospt t redistribute rip subnetsThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks network 10.1.1.4 0.0.0.3 area 1 router Hip version 2 passive-interface Serial0 network 10.0.0.0, Router D Interface Loopbacko Ip address 156.26.32.1 255.255.255.0 Interface Loopback! Ip address 156.26.39.1 255.255.255.0 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 router Hip version 2 network 10.0.0.0, network 156.26.0.0 rho auto-summary Router E Interface Loopbacko paddress 142.1.4.4 255.255.255.255This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Ethernet0/0 Ip address 172.16.1.2 255.255.255.0 router eigrp 1 network 142.1.0.0 network 172.16.0.0, no-auto-summary Router Ais advertising Loopback0 as an OSPF type 5 extemal rave since tis raute was injected into OSPF through resistibution. Routers A ‘and B are also leaming the redistributed RIP routes as extemal type 5 OSPF routes. Routers A and C ae learning the EIGRP routes that were redistributed by Router B. suAdshow ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI -OSPF NSSA extemal ype 1, N2-OSPF NSSA extemal ype 2 E1- OSPF extemal ype |, FAROSPERRERBINVBER, € EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 156.26.0.0:24is subnetted,2 subnets 172.16.0.024is subnetted, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 142.1.0.082is subnets, 1 subnets 10.00.0790 subnetted, 3 subnets © 10.1.1.0is drecty connected, Serial ‘tS #show ip route codes: SAB, State, |-IORP, RRP, M- mobile, 8 - BOP D- EIGRP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area Ni -OSPF NSSA external ENBOSERSSAH rye 2 1- OSPF extemal ype 1, £2-OSPF extemal type 2, E-EGP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 156.26.0.0:24is subnetted,2 subnets 172.16.0.024is subnetted, 1 subnets © 172.16.1.01s drecty connected, Ethernet 142.1.0.082is subnets, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt Router Cis eaming the networks redistributed by Routers A and B as an OSPF extemal type 5 route, ‘uC#show ip route codes: connected, Sst, |-IGAP,R- FIRMA - 2 D- EIGRP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area Ni -OSPF NSSA external ENBOSERSSAH rye 2 1- OSPF extemal ype 1, £2-OSPF extemal type 2, E-EGP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 156.26.0.0:24is subnetted,2 subnets R_ 16.26.32. [120/1] via 10.1.19, 00:00:27, Serilt R_ 156.26.38.0[120/1] via 10.1.19, 00:00:27, Serilt 172.16.0.024is subnetted, 1 subnets 142.1.0.082is subnets, 1 subnets 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.8is drecty connected, SerialtThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks OIA 10.4.1.0 [110/128] via 10.1.1.5, 00:12:03, Seialo © 10.1.1.41s drecty connected, Serialo Now modity the OSPF configurations on Routers B and Cin oder to create the NSSA. Router 8 router ospt t redistribute eigrp 1 subnets network 10.1.1.00.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 outer © router ospt t redistribute rip subnets network 10.1.1.4 0.0.0.3 area 1 Verification Verily that Area 1 has been configured as an NSSA. {Btshow ip ospt Routing Process "os 1" wih ID22.22 ‘Supports only single TOS(TOSO) routes itis an area border and autonomous system boundary router Redistrbutng External Routes trom, ip 1, includes subnets in ecistrouion SPF schedule delay 5 secs, Hold time between two SPFs 10 secsThis document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 7. Checksum Sum Ox3F184 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 0 stub 1 nssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 10 times, ‘rea ranges are Number of LSA 3. Checksum Sum 0327509 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Wea Number of interfaces in his areas 1 tis aNSSA area Perform fpe-7Aype'S LSA ransiation ‘rea has no authentication ‘SPF algorithm executed 23 times, ‘rea ranges are Number of LSA 9. Checksum Sum Ox4AE6A Number of Dobitess LSA 0 Number of nication LSA 0 Number of DoNotage LSA 0 Now inspect the routing tables on Routers A,B, and C to view the effect of configuring Area 1 as an NSSA. ‘tiBéshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGPThis document was created by an unregistered ChmMagic, please goto hitp:wmbisenter.com to register it. Thanks -EIGRP, EX- EIGRP extemal, O- OSPF, IA- OSPF ine area N1-OSPF NSSA external ype 1, {OOS NSSASSTSIEE 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0/82s subneted, 1 subnets OE2 1.11.1 [11020] vi 10.1.1, 00:02:18, Serial 2.010.082 subnetie, 1 subnets © 2222isdrecty connected, LoopbackO 156.26.0.0724is subneted,2 subnets (ON2196.26:92.0 110/20] via 10.1.1.6, 00:02:20, Serial! (ON2196.26:99.0 [110/20] via 10.1.1, 00:02:20, Serial 172.16.0.0724is subneted, 1 subnets © 172.16.1.0is ctecty connected, Ethernetd 142.1.0.032is subetted, t subnets D 142,144 190/409600] via 172.16.1.2,00:1828, Ethemet0 10.00.00 subnetted, 3 subnets ON2 101.4. [11020 via 1.1.16, 00:02:20, Sell © 10.1.1.0%5 directly connected, Serial0 © 10.1.1.4%s drecty connected, Serialt ‘trC#show ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1-OSPF NSSA external ype 1, {OOS NSSASSTSIEEThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 156.26.0.0:24is subnetted,2 subnets R_ 156.26.32.0 [120/1] via 10.1.19, 00:00:06, Serilt R_ 156.26.38.0[120/1] via 10.1.19, 00:00:06, Serilt 172.16.0.024is subnetted, 1 subnets 142.1.0.082is subnets, 1 subnets 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.8is drecty connected, Serialt OIA 10.4.1.0 [110/128] via 10.1.1.5, 00:04:53, SeialO © 10.1.1.41s drecty connected, Serialo ‘The reistriouted FIP and EIGAP routes have been converted from OSPF E2 routes to OSPF N2 routes, This means thatthe redstrbuted FIP and EIGRP rautes are now being adverised as type 7 routes instead of type 5 routes. On Router A, these routs should stll ke OSPF ‘ype 5 routes. Router B is converting the external routes learned via Rauter Crom type 7 to type 5. Router B is also advertising the ‘ecistibuted EIGRP routes as type 5 into Area 0 and type 7 into Area 1. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defautThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 156.26.0.0:24is subnetted,2 subnets 172.16.0.024is subnetted, 1 subnets 142.1.0.082is subnets, 1 subnets 10.00.0790 subnetted, 3 subnets © 10.1.1.0is drecty connected, Serial ‘The 1.1.1.1 route that Router A was adverising as an OSPF extemal type 5 route has been biocked from entering the NSSA area by Router B, butte inter-area routes have been permitted. Aso, notice that unlike a stub or totally stubby area there is no default route advertised by the ABR or ASBR, Finally, modily the configuration on Router B to prevent the redistributed EIGRP routs from being advertised info Area 1, but stil alow them tobe advertised into Area 0. network 10.1.1.00.0.0.3 a Verity that Router Bis no longer advertising the redistrbuted EIGRP routes into Area 1 ‘tiBéshow ip osptThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Routing Process "ospt 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border and autonomous system boundary router Redistbuting External Routes from, itp 1, includes subnets in redistribution ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 7. Checksum Sum Ox3EFBS [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 0 stub 1 nssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 1 times, ‘Area anges are Number of LSA 3. Checksum Sum 0x26FDC Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 Wea Number of interfaces in his area is 1 {tis a NSSA area, no redisbution info this area Perform ype-7type-5 LSA translation ‘rea has no authentication ‘SPF algothm executed 26 times, ‘Area anges are Number of LSA7. Checksum Sum Ox31A46 Number of DCbitless LSA 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of nication LSA 0 Number of DoNotage LSA 0 ‘rCtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- OD Gateway of last resorts not set 30.0.0/24issubnetied, 1 subnets © 3830's rectly connected, Loopback0 186.260.0248 subnetted, 2 subnets R18626.520[120/] via 10.1.1. 0-002, Serat R18626.58.0[120/] va 10.1.1. 00:00102,Serat 10.0.0.030is subneted, 3 subnets © 10.1.1.81s drecty connected, Seria 1A 10.1.4.011100128) va 10.1.1, 00:047, Serial © 10.1.1.41s drecty connected, Serialo ‘Verily tha the redistributed EIGRP routes are being advertised ino Area 0. ‘tA#show ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0/82s subneted, 1 subnets © 1.4.1. isdretly connected, Loopback 156.26.0.0724is subneted,2 subnets O2 156.26.52.0 110/20] via 10.1.1.2, 00:02:45, Seraoit ©2 156.26.33.0 [110/20] via 10.1.1.2, 00:02:45, Seraoit 172.16.0.0724is subneted, 1 subnets (OE2 172.16:1.0[11020] via 10.1.1.2, 00:14:41, Seria 142.1.0.032is subetted, t subnets (OED 142.144 [11020] via 1.1.1.2, 00:14:41, Serial 10.00.00 subnetted, 3 subnets OE2 10.1.1.8,110/20] via 10.1.2, 00:02:45, Seraiit © 10.1.1.0%5 drecty connected, SerialOt OIA 10.4.1.4 [110/128] via 10.1.42, 00:14:42, SeialO/t Troubleshooting ‘Step 1. Vey that there is a neighbor relationship between the OSPF routers by using theshow ip ospfneighbor command, ‘Step 2. Verily that every router in the NSSA has been configured withthe commandirea xnssa, ‘Step 3. The no-redistribute keyword should only be used on the ASBR performing the route redistribution, svi] a iThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks a Per >] 2-7 area area-id nssa no-summary ‘Syntax Description: (© areaid OSPF area ID. This value can be entered as a decimal number inthe range of 1 to 4.294,967,295 orn IP address form in the range 00.0.1 to 255 255.285.255. Area 0 can be entered, but Area O cannot be conigured as an NSSA Purpose: This commands used on an OSPF ABR to block OSPF inter-area routes from entering an NSSA. This command wil also ‘generate an OSPF inter-area default route into the NSGA. This will make the NSSA a totaly stubby area In a stub or totaly stubby area, the ‘ABR to the stub area will prevent OSPF extemal rautes (type 5) am being adverised into the stub area. This implies that an ASBR cannot be part of a stubby or totally stubby area because an ASBR generates OSPF external type 5 routes. Situation arse where you want to create a stubby or totally stubby area relative to OSPy want to advertise redistributed routes from an ASBR across the area. An (OSPF area that has these properties is an NSA. nbases you want Router 8, the ABR, to block OSPF external routes and OSPF inter-area routes rom Area 1 and advetise a default route ino the NSSA. You aso want the routes recstiouted by Router C, the ASBR, to be alowed into the area. I you configure Area 1 as an NSSA, then the external OSPF routes that Router B receives from Area 0 willbe blocked from Area 1. The redistributed routes from the ASBR willbe sent as OSPF type 7 routes. Router B will convert these type 7 routes to (OSPF type 5 routes and adverse them into Area 0. Normally, routes recstrbuted into OSPF are type S routes. An ASBR that has been configured as an NSSA will generate type 7 routes instead of type 5 routes. By default, an ABR does not generate a default route nto an NSSA. Figure 2-7. A Totally Stubby NSSA. Initial isco 10S Software Release: 11.2 Configuration Example: Creating a Totally Stubby NSSA In Figure 27] Routers C and D are running RIP version 2. Router Dis advertising the networks 196.26.32.0/24 and 156.26.83.0/24 to Router Cvia RIP. Router C wil redistroute the RIP routes, including the 10.1.1.8/90 netwotk ito OSPF. Because Area 1 has been defined as an NSSA, the redistributed RIP routes wil be advertised ino Area 1 as OSPF type 7 routes. Inially we wil configure Area 1 as a normal OSPFThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks area in order to see the routes that are advertised. outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t redistribute connected subnets network 10.1.1.00.0.0.3 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 clockrate 64000 router ospt t redistribute rip subnets network 10.1.1.4 0.0.0.3 area 1 router Hip version 2 passive-interface Serial0 network 10.0.0.0, Router D Interface Loopbacko Ip address 156.26.32.1 255.255.255.0 Interface Loopback!This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 156.26.39.1 255.255.255.0 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 router rip version 2 network 10. 0 network 156.26.0.0 rho auto-summary Router Ais advertising Loopback0 as an OSPF type 5 extemal route because ths route was injected info OSPF through relstbuton Routers A and B are aso learning the redistributed RIP routes as extemal type 5 OSPF routes. ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruser tate route, 0- ODR Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnetsThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks © 10.1.1.0is drecty connected, Serial OIA. 10.1.1.4 110/128] via 10.1.42, 00:02:25, SeialOlt ‘tS #show ip route codes: connected, Sst, |-IGAP, R- RIP, M-moble, B= EGP D- EIGRP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI -OSPF NSSA extemal ype 1, N2-OSPF NSSA extemal ype 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 10.0.0.0790 i subnetted, 3 subnets OZ 10.1.1.8 [110120] via 10.1.1.6, 0:08:14, Serilt © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt Router Cis learning the network redistributed by Router A as an OSPF external type 5 route. ‘trC#show ip routeThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks codes: connected, Sst, |-IGAP, R- RIP, M-moble, B= EGP D- EIGRP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI -OSPF NSSA extemal ype 1, N2-OSPF NSSA extemal ype 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set '10.0:062s subnetied, 1 subnets (OER 1.1.1.1 [11020] via 10.1.1.5, 00:06:24, Seriald 8.010.024 is subnetie, 1 subnets © 3830is directly connected, Loopback 156.26.0.0724is subneted,2 subnets R156.26.520 [12011] via 10.1.1.8, 0:00:18, Sera R_156.26.98.0[120/1] via 10.1.1. 0:00:18, Sera 10.00.00 subnetted, 3 subnets © 10.1.1.8%s direct connected, Serilt OWA 10.1.1.01110/128] via 10.1.1.5, 00:06:24, Seralo © 10.1.1.41s drecty connected, Serialo Now modty the OSPF configurations on Routers B and Cin order to create the NSSA. Router 8This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer © router ospt 1 redistribute rip subnets network 10. 400.03 area Verily that Area 1 has been configured as an NSSA, ‘B¥show ip ospt Routing Process “osot 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border and autonomous system boundary router Redistbuting External Routes from, ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 5. Checksum Sum 0x32404 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 0 stub 1 nssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 1 times, ‘rea ranges are Number of LSA 3. Checksum Sum 0x20780 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0This document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks Number of interfaces in his areas 1 tis aNSSA area Perform fpe-7Aype'S LSA ransiation ‘rea has no authentication ‘SPF algorithm executed 22 times, ‘Area ranges are Number of LSA7. Checksum Sum 0326010 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 Now inspect the outing tables on Routers A,B, and Cto view the effect of configuring Area 1 as an NSSA. ‘eBshow ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP -EIGRP, EX- EIGRP extemal, O- OSPF, IA- OSPF ine area N1-OSPF NSSA external ype 1, {OOS NSSASSTSIEE 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets OE2 1.4.1.4 [110020] via 10.1.1.1, 00:08:55, Serio 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackOThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘The redistriouted FIP routes have been converted from OSPF E2 routes to OSPF N2 routes. This means tha the reistrouted RIP routes are now being advertised as type 7 routes instead of ype 5 routes. On Router A, these routes should sill be OSPF lype 5 routes because Router Bis converting them from type 7to type 5 ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.0is drecty connected, Serial OIA. 10.1.1.4 [110/128] via 10.1.42, 00:08:31, SeiaO't Finally, inspect the IP routing table on Router C. ‘trC#show ip routeThis document was created by an unregistered OhmMagic, please goto htp:/waneiserter.com to reise it. Thanks Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI -OSPFNSSA external ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts not set 8.010.024 is subnetie, 1 subnets © 3830is directly connected, Loopback 156.26.0.0724is subneted,2 subnets R156.26.820 [12011] via 10.1.8, 0:00:10, Sera R_156.26.58.0 [12011] via 10.1.1.8, 0:00:10, Sera 10.00.00 subnetted, 3 subnets © 10.1.1.8%s direct connected, Serilt (O14 10.1:.0 [110/125] via 10.1.15, 00:08:58, SevalO © 10.1.141s drecty connected, Serial0 ‘The 1.1.1.1 route that Router A was advertsing as an OSPF external type 5 route has been blocked from entering the NSSA area by Router 8, but he inter-area routes have been permitted. Also notice that unke a stub or otal stubby area there fs no default route advertised by the ABR or ASBA Modiy the configuration on Router B in order to generate a default route into the NSSA and to block OSPF inter-area routes. Router 8This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Verification Verily that a default route fs being advertised into the NSSA and that OSPF inter-area routes are being blocked by the ABR by inspecting the ‘outing table on Router C. ‘uC#show ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI -OSPFNSSA external ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, Gateway of last resorts 10.1.1.5 to network 0.0.0.0 30.0.0/24issubnetied, 1 subnets © 3830's rectly connected, Loopback0 186.260.0248 subnetted, 2 subnets R18626.520[120/] va 10.1.1 9, 00:0025, Seralt R18626.58.0 [120/] via 10.1.1 9, 00:00:25, Seralt 10..0.030is subneted, 2 subnets © 10.1.1.81s drecty connected, Seria © 10.1.14%s direct comeced, Seiad Troubleshooting ‘Step 1. Vey that there is a neighbor relationship between the OSPF routers by using theshow Ip ospf neighbor command.hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks ‘Step 2. Verily that every router in the NSSA has been configured withthe commandirea xnssa. ‘Step 3. The command option no-summary can only be used on the NSA ABR. Ensure tha this command has been configured fon the ABR, [- Free Open Study >hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks eae 2-8 area area-id range ip-address mask svi] onahs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks eae 2-9 area area-id range /p-address mask advertise svi] onaThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, faoaaar 2-10 area area-id range ip-address mask not-advertise ‘Syntax Description: (© area OSPF area ID. This value can be entered as a decimal number inthe range of 0 to 4,284,967,295 or in IP aderess form in the range 0.0.0.0 to 255.255.255.255, © ip-aciress—IP address ofthe summary route. © mask Subnet mask used to generate the summary. Purpose: OSPF can summarize OSPF routes from the backbone or Area Onto a non-zero OSPF area or trom 2 non-zero area into the backbone. OSPF route summarization can only occur on an ABR. An ABR isa router than has at least one interface in Area O and a least ‘one interface in a non-zero OSPF area. Commands 28 and 2-9 are equivalent. Using the keyword not-advertise wil suppress the advertisement ofthe summary route by the ABR. Initia Cisco 108 Software Release: 10.0 Configuration Example 1: Summarizing OSPF Routes from a Non-zero OSPF Area into the Backbone In Figure 2-q Router 8 will summarize the four Area 1 routes into Area 0. This example simulates four networks on Router B using loopback interfaces. These four networks will then be summarized into the backbone using the area range command, Figure 2-8. An ABR Can Summarize OSPF Routes from a Non-zero Area Into the Backbone or Area 0 156.26.92.0/28 156.26.92.16/28 156.26.32.92/28 156.26.32.48/28 Area 1This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, into Area 0 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Loopback! Ip address 156.26.52.1 255.255.255.240 Interface Loopback? Ip address 156.26.52.17 255.255.255.240 Interface Loopback’ Ip address 156.26.32.93 255.255.255.240 Interface LoopbackThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 156.26.52.49 255.255.255.240 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Before summarizing the routes, inspect the IP routing table on Router A to vert tat the four networks are being advertised, ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 156.26.0.0832is subnetted, 4 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, SerialThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘A 26 bit subnet mask is required to summarize the four loopback addresses being advertised by Router B Modly the configuration on Router Bin order to summarize the four loopback addresses. Router 8 “There are two important components to noice in the area range command. The firsts the area ID. This isthe area where the routes ‘fginated. In tis example, the originating area is Area 1. The second component isthe mask hati used wih the area range command. “The fomat ofthe maski the opposite ofthe format used with the OSPF network command. Verification Verily that the four loopback networks have been summarized by Router B by inspecting the IP routing table on Router A ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, LoopbiackoThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.8is drecty connected, Serial © 10.1.1.0%s drecty connected, Serial Configuration Example 2: Summarizing OSPF Routes from Area 0 into a Non-zero OSPF Area In Figure 2 ver 8 wil summarize the four Area O routes ito Area 1. This example simulates four networks on Router B using loopback interfaces. These four networks will hen be summarized into Area 1 from Area 0 using the area range command. The configuration changes ‘tom the previous example are highightedin the folowing listing Figure 2-9. An ABR Can Summarize OSPF Routes from the Backbone or Area 0 into a Non-Zero Area [ 156.26.22.028 156.26.32.16/28 — eS > 10.1.1.1/30 156.26.32.32/28 156.26.32.48/28 Area 156.26.32.0/26 eo". — Route summarization into Area outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Ser ort Ip address 10.4.1.1 255.255.255.252 clockrate 64000This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, router ospt 1 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Loopbackt Ip address 156.26.52.1 255.255.255.240 Interface Loopback? Ip address 156.26.52.17 255.255.255.240 Interface Loopback’ Ip address 156.26.32.93 255.255.255.240 Interface Loopback Ip address 156.26.52.49 255.255.255.240 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 router ospt 1This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks Before summarizing the routes, inspect the P routing table on Router to vert thatthe four networks are being advertised, ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 156.26.0.0832is subnetted, 4 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.8is directly connected, Serial0"0 © 10.1.1.0is drecty connected, Serial ‘A 26-bit subnet maskisrequited to summarize the four loopback addresses being advertised by Router B. Modiy the configuration on Router Bin order to summarize the four loopback addresses.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Verification Verily that the four loopback networks have been summatized by Router B by inspecting the IP routing table on Router A ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.8is directly connected, Serial0"0 © 10.1.1.0is drecty connected, Serial Configuration Example 3: Using a Static Route to Null 0 for the Summary Address the ABR has a deta staticaa tng tothe outer that i receiving the summary forthe four laopback adresses, then this could create a forwaring lop. nig he network 156.26 32.028 is dow. Also, Router 8 has a default static route pointing to Router A. Router Ais receiving a summary from Route 8 that contains the network 158.28.32.0/28.This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Figure 2-10. A Forwarding Loop Can Be Created If the Router Advertising the Summary Has a Default Static Route _—__ Default route 156.26.32.16/28 186,26.32.32/28 156.26.32.48/28 Area 156.26.32.0/26 Route summarization into Area 0 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt 1 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Loopbackt Ip address 156.26.52.1 255.255.255.240 ! Interface Loopback? Ip address 156.26.52.17 255.255.255.240 Interface Loopback’ Ip address 156.26.32.93 255.255.255.240 Interface Loopback Ip address 156.26.52.49 255.255.255.240 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 no Ip directed-broadcast router osptt network 10.1.4.000.0.0:3 area network 156.2620 0.00.63 area 0 1 When Router A sends trafic to Router B for host 196.26.92.1, Router B will not find this specific networkin the IP routing table. Router B will then use the default route and send the traffic back to Route A as seen inthe folowing ping trace. dtrAttrace 156.26.32.1 ‘Type escape sequence to abort. “Tracing the route to 156.26.92.1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 110.1.1.2 16 msee 18 msec 16 msec 210.1.1.1 28 mseo 28 msec 28 msec ‘To prevent ths situation, create a static route to Null for every summary thatthe ABR is advertising, In 1OS 12.X, OSPF will automatically creat the route to Null for the summary. Router 8 Ip route 0.0.0.0 0.0.0.0 Serialo Even ifthe ABR does not have @ detault rout, itis always a good idea to create a static route to Nuld for every summary that the ABR is ‘advertising. If you now perform a ping trace from Router A you can see that Router Bis discarding the trafic since the specific route for 156.26.32.1 is no longer in the IP routing table. Router B wil lookup the best maich forthe route, which is now Null. The traffic vill be discarded, dtrAttrace 156.26.32.1 ‘Type escape sequence to abort. “Tracing the route to 156.26.92.1 110.1.1.2 16 msee 18 msec 16 msec 210.1.1.21H IH * Troubleshooting ‘Step 1. Vey that here is a neighbor relationship between the OSPF routers by using theshow ip ospf neighbor command, ‘Step 2. The area area range command wil only work on an OSPF ABR, ‘Step 3. Vey that you are using the proper area ID in thaea area-d range command, ‘Step 4. Verily that you are using the correct IP address and mask with tharea range command,hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks a Per >] 2-11 area area-id stub ‘Syntax Description: (© areaid OSPF area ID. This value can be entered as a decimal number in the range a 0 to 4,284,967,295 or in IP address form in the range 0.0.0.0 to 255.255.255.255, Purpose: In igure 2-1) Area 1 has one et point. Routers in Area 1 do not need to know the spect external routes that ae being redistributed into OSPF by the ASBR. Therefore, Area 1 can be configured asa stub area and the ABR will advertise a default route into Area 1 Figure 2-11. An OSPF Stub Area with One Exit into OSPF In Figure 2-1 area 1 has two ext points. routing to the extemal networks that have been redistribute into OSPF by the ASBRcan be ‘sub-optimal, then Area 1 can be configured as a stub area, The outers in Area 1 willbe receiving a default route advertisement trom both ABRs. All outers in a stub area, including the ABR, must be configured withthe command area area-d stub Inter-area OSPF routes willbe ‘advertised into a stub area but external OSPF routes willbe blocked. The ABR forthe stub area wl nject a defaut route into the stub area,This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, “The backbone or Area O cannot be configured asa stub area, An ASBR cannot be part ofa stub area since the purpose of an ASBR isto inject external routes into OSPF. A stub area cannot be used as the transit area fora vital Ink Figure 2-12. An OSPF Stub Area with Multiple Exits Redistributing routes into OSPF Initial Cisco 10S Software Release: 10.0 Configuration Example: Configuring an OSPF Stub Area In Figure 219] Router Cis redistributing connected interaces into OSPF. These recistibuted routes are OSPF external routes. Figure 2-13. An OSPF Stub Area <— beefautt route <— oF inter-area routes (10:1.1.4) X<— oer externa roves (23.3.3) Areat weedThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.0 0.0.0.3 area 4 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Ser 1 Ip address 10.1.1.5 255.255.255.252 lock rate 64000This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt 1 redistribute connected subnets Before configuring Area 1 as a stub area, very thatthe redistrbuted routes are being advertised as OSPF extemal routes. ‘tA#show ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruser tate route, 0- ODR Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 i subnetted, 3 subnets © 10.1.1.8is directly connected, Serial0"0 © 10.1.1.0is drecty connected, Serial “There is one OSPF external route and one OSPF inter-area route inthe routing table on Router A. Configure Area 1 as a stub area by ‘maaitying the configurations on Routers & and B as shawn inthe following Ising outer A router ospt 1 network 10. Verification Verily that OSPF inter-area routes are being adverised into the stub area. Als, verity that extemal OSPF routes have been blacked from being advertised into the stub area and thatthe ABRs injecting a default route nt the stub area, ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP - EIGAP, EX- EIGAP extemal, O- OSPF, [ROSETTESThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGP 1-848, LI -IS1S vel, 2-15 eve!2, ESTES U- peruse state route, o- ODR, Gateway of last resorts 10.1.1.2 0 network 0.0.00 1.0.00132s subnete, 1 subnets © 1.14.1 isdrety connected, Loopback0 10.0.0.030is subneted, 3 subnets © 10.11.81s drecty comected, Serato © 10:11.0%s drecty connected, Sera” Verily that Area 1 isa stub area by using the commandshow ip ospf on Routers A and 8 ‘#show ip ospt Routing Process “osot 1" wih ID 1.1.1.1 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 1 stub Onssa ‘area BACKBONE(0) (Inactive) Number of interfaces inthis area is ‘rea has no authentication ‘SPF algorithm executed 2 timesThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘rea ranges are Number of LSA 1. Checksum Sum OxStES Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Wea Number of interfaces in his areas 1 Iisa stub area ‘rea has no authentication ‘SPF algorithm executed 6 mes ‘rea ranges are Number of LSA 9. Checksum Sum 0x38618 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 ‘B¥show ip ospt Routing Process “osot 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 3. Checksum Sum Ox14F43 [Number of DCbtless external LSA 0 [Number of DoNotAge eternal LSA 3 Number of areas inthis routers 2.1 normal 1 stub Onssa ‘Area BACKBONE(0)This document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 15 times, ‘rea ranges are Number of LSA 4. Checksum Sum 0x20ABC Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Wea Number of interfaces in his areas 1 Iisa stub area enerates stub default route wih cost 1 ‘rea has no authentication ‘SPF algorithm executed 18 times ‘rea ranges are Number of LSA 8. Checksum Sum OxS4E59 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotage LSA 0 Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers by using theshow Ip ospf neighbor command, ‘Step 2. Ensure that every router inthe stub rea and the ABR tothe siub area have the area configured as a stub using the router configuration command area area-id stl ‘Step 3. An ASBR should not be part ofa stub area. ‘Step 4. stub area cannot be used asthe transit area for avira inkhs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [: Free Oven Study 5 2-12 area area-id stub no-summary ‘Syntax Description: (© areaid OSPF area ID. This value can be entered as a decimal number in the range of 0 to 4,284,967,295 or in IP aderess form in the range 0.0.0.0 to 255.255.255.255, Purpose: Use of thene-summary Keyword on the stub area's ABR creates a totally stubby area. Ina totaly stubby area, both external and inter-area OSPF routes are blocked trom being advertised int the area, The backbone or Area 0 cannot be configured asa totally stubby area, An ASBR cannot be part ofa totaly stubby area, since the purpose of an ASBR isto inject extemal routes into OSPF. A totally stubby area cannot be used as the transit area fra virtual ink, Initia Cisco 108 Software Release: 10.0 Configuration Example: Configuring an OSPF Totally Stubby Area In Figure 2-14 Router Cis redistributing connected interfaces into OSPF. These redistributed routes are OSPF external outes. Figure 2-14. An OSPF Totally Stubby Area — botauit route ~~ 059 inter-area routes (10.1.1.4) x<— OSPF external routes (3.3.3.3) —~ Rover & Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.0 0.0.0.3 area 4 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.4 0.0.0.3 area 0 network 10.1.1.0 0.0.0.3 area outer © Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt 1 redistribute connected subnets Before configuring Area 1 asa totally stubby area, very thatthe redistributed routes and OSPF inter-area routes are being advertised into Area ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF extemal ype 1, EBSOSPESTSINE & EP {+1848 1-15-18 love, L2-IS-S lve 2, candidat deta U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial “There is one OSPF external route and one OSPF inter-area route inthe routing table on Router A. Configure Area 1 as a stub area byThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘maaitying the configurations on Routers and B as shawn inthe following Ising, outer A Verification Verily that the extemal OSPF routes have been blocked trom being advertised into the stub area. Aso vey that the ABR is injecting 2 detaul route into the tub area. suAdshow ip route Codes: C- connected, S tae, |-IGRP, R- IP, M-mabie, 8 - BGP D-EIGRP, EX- EIGRP extemal, O- OSPF, [AOSTA NI -OSPFNSSA external ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP {-1848, LI - ISS level, 2 ISS level2,*-canddate deta U- peruse state route, o- ODR, 1.0.0.0'32's subnetteg, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks © 1.1.1.1 sdirecty connected, Loopbiacko 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialt Mody the configuration on Router B, the ABR, to crete a totaly stubby area. Router 8 router ospt 1 Verity thatthe OSPF inter-area routes are no longer being advertised by the ABR into the stub area ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- per-user static route, 0- ODR Gateway of last resorts 10.1.1.2 0 network 0.0.00 1.0.00132s subnete, 1 subnets © 1.14.1 isdrety connected, Loopback0 10..0.030is subneted, 2 subnets © 10:11.0%s drecty connected, Sera” (0°1A.00.0.00 [110165] via 10.1.1.2, 00:00:17, Serialo’This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘You can also very that Router Bis blocking OSPF inter-area routes or summary LSAs by using the command show ip ospt. ‘B¥show ip ospt Routing Process "ospt 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of extemal LSA 3. Checksum Sum 0x14946 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 Number of areas inthis routers 2.1 normal 1 stub Onssa ‘rea BACKBONE(0) Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algothm executed 17 times, ‘Area anges are Number of LSA 4. Checksum Sum Ox2048F Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Wea Number of interfaces in his areas 1 {tis a sub area, no summary LSA in this area enerates stub default route wih cost 1 ‘Area has no authentication ‘SPF algorithm executed 25 times ‘Area anges are Number of LSA 7. Checksum Sum Ox424A1— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Number of DCbitless LSA 0 Number of nication LSA 0 Number of DoNotage LSA 0 Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers by using theshow ip ospf neighborcommand, ‘Step 2. Ensure that every router inthe stub area and the ABR tothe stub area have the area configured as astub by using the router configuration command area area-id stub. ‘Step 3. When creating a totaly stubby area, very tha the keyworcho-summary has been used on the ABR tothe stub area. ‘Step 4. An ASBR should not be part of totaly stubby area, ‘Step 5.A totaly stubby area cannot be used as the transit area fora virtual nk svi] moet iThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks Piece sua Per >] 2-13 area transit-area-id virtual-link router-id ‘Syntax Description: © ransit-areaid— The OSPF area ID ofthe area connecting the two ABRs thatthe vitual ink wil cross. This value can be entered 28a decimal number in the range of 0 to 4,284, 967,295 or in IP address frm inthe range 0.0.0.0 to 255.255.255.255, © routerid OSPF router ID of the router atthe remote end of the virtual ink. Purpose: All non-zero OSPF areas must have a connection to the backbone or Area 0 and Area 0 must be contiguous. A vitual ink is used to repaira segmented backbone orto connect a non-zero area that has been disconnected rom Area 0. The transit area cannot be a stub area, Virtual links are used to repair a dscontiguous backbone orto temporarily attach a isconnected non-zero area tothe backbone. A Virtual ink should nat be part ofan intial OSPF design. Initial Cisco 10S Software Release: 10.0 Configuration Example: Creating an OSPF Virtual Link In Figure 2-19] area 2 does not have a direct connection to Area 0 A virtual links needed to repai this situation. Initially, you wll configure the routers in igure 2-19 without using a vital ink Figure 2-15. OSPF Virtual Link outer AThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.4 0.0.0.3 area 1This document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt t network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 It you inspect the IP routing table on Router B, you will see that the 3.3.8.3 network rom Router Cis not present ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- OD Gateway of last resorts not set 1.0.00132s subnete, 1 subnets 1K 1.1.1.1 [110865] via 10.1.1.1, 0:01:01, Serio 20.0.0/32issubnetied, 1 subnets © 2222s drecty connected, LoopbackO 10..0.030is subneted, 2 subnets © 10.1.1.0%s drecty connected, SerialoThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks © 10.1.1.4%s drecty connected, Serialt ‘Area 2on Router C does not have adrect connection to Area 0. viral Ink needs to be configured to corec ths situation, The transit areain this case is Area 1. You also need the outer IDs ofthe two ABRs tobe able to construct the virtual nk. The fist methad to determine the router ID i to use the show ip ospf neighbor command. This wll splay the router ID ofthe remate end ofthe vital nk ‘tiBéshow Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface ttt 1 FULL 00:0032 10.1.1.1 Serio ‘trC#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface outer &has an ID of 2.2.2.2 and Router Chas an ID ot 3.33. The local router ID canbe found by using the show ip ospf command. ‘B¥show ip ospt outing Process "osp! 1° with ID 22.22 ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘rea has no authentication ‘SPF aigotthm executed 8 times ‘rea ranges are Number of LSA 3. Checksum Sum Ox1FD00 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 rea t Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 2 times ‘rea ranges are Number of LSA 5. Checksum Sum 0128171 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotage LSA 0 ‘tC#show ip ospt outing Process "osp! 1° wih ID3.3.3.3 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa eatThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks Number of interfaces inthis areas 1 ‘rea has no authentication SPF algorithm executed 12tmes ‘rea ranges are Number of LSA 5. Checksum Sum 0128171 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 rea 2 Number of interfaces inthis areas 1 ‘rea has no authentication SPF algorithm executed 1 imes ‘rea ranges are Number of LSA 1. Checksum Sum OxDDEO Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 ‘We now have the information we need to configure the vifual nk. On Route 8, the frm ofthe command is: area tanst-aea-idvrtualink router C-1D ‘And on Router C the commana takes the form: area tanst-aea-idvirtualink router 8-0 Moai he coniguraons on Ravers B and Gto construct te vital ink Router 8 router ospt t network 2.2.2.2 0.0.0.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks network 10. 0.0.03 area 0 network 10.1.1.4 0.0.0.3 area 1 Verification Verily that Router Chas a connection to Area 0, ‘eCHshow ip ospt outing Process “oso 1" with ID 38:33 ‘Supports only single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Mrimum LSA intewal sees. Minimum LSA aval t secs "Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge extemal LSA 0 [Number of reas in his routers 3, 3 normal 0 stub O nssaThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks rea t Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigorthm executed 14 times ‘rea ranges are Number of LSA 10. Checksum Sum 0x4A88D Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 rea 2 Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 8 times ‘rea ranges are Number of LSA 5. Checksum Sum 0128425 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotage LSA 0 Router C now has an interace in Area 0 and this inerace isthe vitual Ink. Veiy thatthe vitual nk is active on Rauters B and C. ‘trBéshow ip ospf virtual-links un as demand cicuit DoNotAge LSA allowed Transit area 1, va interface Serial, Cost of using 64This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Transmit Delay is 1 seo, Sate POINT_TO_POINT, Timer intervals configured, Helo 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) ‘trC#show ip ospf virtual-tinks un as demand cicuit DoNotAge LSA allowed Transmit Delay is 1 seo, Sate POINT_TO_POINT, Timer intervals configured, Helo 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:00 ‘Adjacency State FULL (Hello suppressed) Finally, very that the loopback interfaces for Routers A, Band C are being advertised to all OSPF neighbors. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, SerialtThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey that there is @ neighbor relationship between the OSPF routers using theshow ip ospf neighbor command. ‘Step 2. Verily tha the transit area ID used in theareavirtualtink command isthe proper area, ‘Step 3. Vey that the router IDs used inthearea virablink are conc.hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Strhs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks eae 2-14 area transit-area-id virtual-link router-id authentication authentication-key password eaehs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks eae 2-15 area transit-area-id virtual-link router-id authentication message-digest Free Open Study |This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [ice ous Shays 2-16 area transit-area-id virtual-link router-id authentication null NOTE Command 215 Use ofthe area transi-areaidvitual-link router-o message-digestkey key-idimaS password ‘command (seeSecton 2-2 ‘Syntax Description: © transiarea-id— The OSPF area ID of the area connecting the two ABRS thatthe virtual ink wil cross. This value can be entered ‘8a decimal number i the range of 0 to 4,294,967,285 arin IP address frm inthe range 0.0.0.0 to 255.255.255.255. The trans area cannot be a stub area. © routerid— OSPF router ID of the router atthe remote end of the virtual ink. © key-id— Key to use to encrypt a password. The range of values is 1 to 255. Both ends ofa virtual link must use the same key and password. © password Password tobe used for authentication inthe selected area on the selected interface or viral lnk. The password is ‘an alphanumeric string from 1 to 8 characters. Purpose: n Cisco IOS Software Releases prior o 120, f authentication was enabled in Area O, then all virtual links had to be configured withthe same authentication type. This command allows the configuration of authentication over a vita nk tha is ferent rom the authentication type being used in rea 0. I authentication is used, then both ends ofthe virtual lnk must be configured wih the same ‘authentication method. Als, the same password or key and password must be configured on both ends ofthe virtual ink. Initia Cisco 108 Software Release: 12.0 Configuration Example 1: Simple Password Authentication Over a Virtual Link routers in does not have a direct connection to Area 0. Avitual ink is needed to repair this station. Start by configuring the itnout using authentication over the virtual ink. Figure 2-16. The Authentication Type Used on an OSPF Virtual Link Can Be Different from the ‘Type Used in Area 0This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, : ‘password or MOS, z outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt 1 network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface SerialtThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t area Virlualink 3.3.3.3 network 10.1.1.00.0.0.3 area 0 network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.4 0.0.0.3 area 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt t area Virlualink 2.2.2.2 network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 ‘Area 2on Router C does not have adrect connection to Area 0. viral Ink needs to be configured to corec ths situation, The transit areain this case is Area 1. You also need the outer IDs ofthe two ABRs tobe able to construct the virtual nk. The fist methad to determine the router ID i to use the show ip ospf neighbor command. This wll splay the router ID ofthe remate end ofthe vital nk ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface ttt 1 FULL 00:0032 10.1.1.1 SerioThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘trC#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface outer &has an ID of 2.2.2.2 and Router Chas an ID ot 3.33. The local router ID canbe found by using the show ip ospf command. ‘B¥show ip ospt ees ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 ‘rea has no authentication ‘SPF algorithm executed 3 imes ‘Area ranges are Number of LSA 3. Checksum Sum OxtF000 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 eatThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 2 times ‘rea ranges are Number of LSA 5. Checksum Sum 0128171 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotage LSA 0 ‘tC#show ip ospt outing Process "osp! 1° wih ID3.3.3.3 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa rea Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 12 times, ‘rea ranges are Number of LA 5. Checksum Sum 028171 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0This document was created by an unregistered ChmMagic, please go to hitp:/vmwwbisenter.com to register it. Thanks rea 2 Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 1 times ‘rea ranges are Number of LSA 1. Checksum Sum OxDDEO Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 ‘You want to add simple password authentication tothe virtual Ink but you do not want to configure authentication over anyother linkin Area (0. Moat the coniguraons on Routers B and C to enable simple password authentication over he virtua lnk using the password cisco, Router 8 router ospt 1 Verification outer C now has an interface in Area O and ths interface isthe Viual link. Vert that the vitual ink is active on Routers B and C.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks {BAshow ip ospf virtualtinks Virtual Lik OSPF._VLO to router3.33:3is up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Serial, Cost fusing 64 Transmit Delays | seo, State POINT_TO_POIT, Timer intervais conigured, Hello 10, Dead 40, Wat 40, RetansmitS Helo due in 00:00:09 ‘Adjacency State FULL (Hello suppressed) ‘Cshow ip ospt virtuattinks Virtual Lik OSPF. VL! to router2.2.2.2is up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Seiad, Cost fusing 64 Transmit Delays | seo, State POINT_TO_POIT, Timer intervais conigured, Hello 10, Dead 40, Wat 40, RetansmitS Helo due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) ‘Also, vey thatthe loopback interfaces fr Routers A,B, and C are being advertised to all OSPF neighbors. ‘teéshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defautThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- per-user static route, 0- ODR Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Configuration Example 2: MD5 Authentication Over a Virtual LinkThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Modiy the configurations on Routers 8 and C by adding MDS password authentication tothe viral lnk. Fr this example, use the password Router 8 router ospt 1 outer © router ospt 1 Verification Verily that the viral links still active and that MDS authentication is enabled ‘trBéshow ip ospf virtual-links un as demand cicuit DoNotAge LSA allowed Transit area 1, va interface Serial, Cost of using 64 Transmit Delay is 1 seo, Sate POINT_TO_POINT,This document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:01 ‘Adjacency State FULL (Hello suppressed) ‘Message digest authenicaion enabled Youngest key idis ‘trC#show ip ospf virtual-tinks Miral Link OSPF_VL4 to router2.2.22is up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:02 ‘Adjacency State FULL (Hello suppressed) ‘Message digest authenicaion enabled Youngest key idis ‘Also, vey thatthe loopback interfaces fr Routers A,B, and C are being advertised to all OSPF neighbors. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not setThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0..0730 subnetted,2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2- OSPF NSSA external ype 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0..0730 subnetted,2 subnets © 10.4.1.0%s drecty connected, SeriaidThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Configuration Example 3: Changing Keys and Passwords For addtional security you may choose to periodicaly change the key and password, With clear-ext authentication, when you change passwords there wil be a loss of OSPF connectivity trom the time you change the password on one end ofthe vital nk until you change the password a the otner end ofthe virtual ink. With MDS authentication, you can configure a new key and password on a virtual nk while leaving the old key and password in place. The old key and password wil continue to be used until the new key and password are configured ‘on the other end ofthe vitual ink. Modify the key and password onthe viral lnk between Routers B and C. First add a new key andThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks password to Router B in order to observe the behavior when the new key and password have been configured on only one end of he virtual link, Router 8 router ospt 1 area virlual-ink 3.3.3.3 authentication message-digest area virlualink 3.3.3.3 message-digest-key 1 md5 cisco Examine the effec of adding a new key and password on only one end ofthe virtual ink. riBshow ip ospt vitualtinks Virtual Link OSPF_VLS 0 router 38.335 up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seilt, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) en oe Ee a Notice that both keys ate being used for authentication. Configure the new key and password on Router C while leaving the old key and password in place. outer © router ospt 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks area virlualink 2.2.2.2 authentication message-digest area virlualink 2.2.2.2 message-digest-key 1 md5 cisco Verily that Router Cs now using the new key and password. ‘trC#show ip ospf virtual-tinks Virtual Link OSPF_VL4 to router 22.22is up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) en oe Ee a ‘You can now remove the od key and password from Routers B and C. Router 8 router ospt 1 outer © router ospt 1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Verification Verily that Routers B and C are using the new key and password, ‘tBshow ip osptvirtual-links Vitual Lik OSPF. VL3 to router3.83:3is up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Serial, Cost fusing 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo due in 00:00:08 ‘Adjacency State INIT (Hello suppressed) ‘eC#show ip ospt virtualtinks Vitual Lik OSPF. VL to router2.2.2.2is up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Seiad, Cost fusing 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo due in 00:00:08 ‘Adjacency State FULL (Hello suppressed)This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Configuration Example 4: Null Authentication I authentication, ether clear text or md5, is configured for Area 0, then authentication must be enabled onal virtual inks. f authentication is not required ona viral LL authentication can be employed to override the authentication that has been configured for Area 0. Configure the routers in Figure 2-14 with simple password authentication on Area 0 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ! Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 when authentication is enabied for Area 0, then the same authentication type is automatically enabled forthe virtual ink. Because the virtual link snot using authentication, routing updates will not be accepted over the vital link. This can be seen by enabling OSPF debugging on ether Router B or C.This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, stiBidebug ip ospt ad] (OSPF adjacency events debugging is on cod 28:19:18: OSPF: Rov pk from 10.1.1.6, Serialt : Mismatch Authentication type. | nput packet speciied type 0, we use type 1 ‘hisstaon an be fed ether conguing the are autentcaton ype onthe via in (non ane or by expity coréguig eva rk tue NUL auenalon oay be congualane on oaen 8 and os NTL aueriaon on al m Router 8 router ospt 1 area 0 authentication outer © router ospt 1 network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 Verification Verily that al OSPF routes are being advertised ‘trAshow ip routeThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets © 1.1.1.1 sdirecty connected, Loopbiacko 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR,This document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| 10.0.0.0790 is subnetted, 2 subnets © 10.1..0[110128] va 10.1.1.5, 00:05:34, Seralo © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey tha there isa neighbor relationship between the OSPF routers by using theshow Ip ospfneighbor command, ‘Step 2. Verily tha the transit area ID used in thearea virtuaHlink command is proper. ‘Step 3. Vey that the router IDs used in thearea virtuaFlinkare correct ‘Step 4. fusing simple pascword authentication, vey thatthe same password is being used on each side ofthe virtual ink. ‘Step 5. fusing MDS authentication, verity that the same key and password are being used on each side of the vital ink svi] moet ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks 2-17 area transit-area-id virtual-link router-id authentication-key password ‘Syntax Description: (© ransit-areaid— The OSPF area ID ofthe area connecting the two ABRs thatthe viral link wil cross. This value can be entered ‘aa decimal number inthe range of 0 to 4,294,967,285 or in IP address frm inthe range 0.0.0.0 to 255.255.255.255, The transit area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © password Password tobe used for authentication inthe selected area on the selected interface or viral lnk. The password is ‘an alphanumeric string from 1 to 8 characters. Purpose: I simple password authentication is enabled in Area 0 then al vital links need to be configured with the same authentication ‘ype. This command is used to configure simple password authentication link. In Cisco IOS Software Release 120 and later, Virtual ink authentication can be configured independently of Area 0 (see ection 2-1. Initia Cisco 108 Software Release: 10.0 Configuration Example 1: Simple Password Authentication Over a Virtual Link In Figure 2-17] simple password authentication has been enabled for Area 0. Intaly, authentication is nt enabled over the virtual ink so you cam see the effect of enabling authentication in Area. O but not over the vital Ink Figure 2-17. Prior to Cisco 10S Software Release 12.0, if Authentication Is Enabled in Area 0 Then the Same Authentication Must Be Enabled Over the Virtual Link ‘road simple pasword __ motion o w= i) mA outer AThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt 1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Verily that authentication has been enabled for Area 0. ‘teéshow ip ospt Routing Process "ost 1" with ID 1.4.1.1 ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Mrimum LSA intewal sees. Minimum LSA aval t secs "Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge extemal LSA 0 [Number ot reas in this routers 1. 1 normal 0 stub O nssaThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘rea BACKBONE(0) Number of interfaces inthis area is 2 ‘Area has simple password autheiiation ‘SPF algorithm executed 2 imes ‘rea ranges are Number of LSA 6. Checksum Sum 0x38837 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 3 ‘B¥show ip ospt Routing Process “osot 1" with ID 22.2.2 ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 3 ‘Area has simple password autheiiation ‘SPF algorithm executed 8 imes ‘rea ranges are Number of LSA 6. Checksum Sum 0x38837 Number of DCbitless LSA 0This document was created by an unregistered ChmMagic, please go to hitp:/vmwwbisenter.com to register it. Thanks Number of indication LSA 0 Number of DoNotAge LSA 3 rea t Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 4 times ‘rea ranges are Number of LSA 6. Checksum Sum Ox384E1 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 ‘When authenteaion is enabled in Area 0, then this authentication type wl be apelied to alinteraces in Area O including vital inks. Ary ‘outing updates trom neighbors in Area O wil be rejected the authentication type ard password do not match. Because val inks considered tobe in Area 0, routing undates passing over the vital nk willbe rejected. This can be verified by examining the IP routing table (on Router B, ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.00132s subnete, 1 subnets © 1.14.1 (11065) va 10.1.1.1, 00:06:88, Serial 20.0.0/32issubnetied, 1 subnets © 2222s rectly connected, Loopback0 10.0.0.0790 is subnetted, 2 subnetsThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt Router 8 has leamed the routes being advertised by Router A but not the routes advertised by Router C. Simple password authentication ‘needs tobe enabled on the virtual ink so that routing updates can be exchanged between routers B and C. You can also use a diferent ‘authentication type onthe vitual nk using command 2-14, 2-15, or 2-16. In this case, configure the same authentication type that is being sed in Area 0. Change the password over the vital link to demonstrate that the passwords for cfferent interfaces do nat need tobe the ‘same, Remember tha! the password for a common lnk must be the same at oth ends of the link. Mody the configurations on Routers B and to enable simple password authentication over the vital lnk using the password bosco. Router 8 router ospt 1 area 0 authentication outer © router ospt 1 Notice that the command area 0 authentication was used on Router C because the Virtual links in Area 0 Verification Verily that authentication has been enabled over the vital ink ‘trC#show ip osptThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks Routing Process "os 1" wih ID38.33 ‘Supports only single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Mrimum LSA intewal sees. Minimum LSA aval t secs "Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge extemal LSA 0 "Number of areas inthis outers 3. $ normal 0 stub 0 nssa Number of interfaces in his areas 1 ‘Area has simple password autheiiation ‘SPF algorithm executed 4 imes ‘rea ranges are Number of LSA 8. Checksum Sum Ox3CFAD Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 8 rea Number of interfaces in his areas 1 ‘rea has no authentication ‘SPF algorithm executed 22 times, ‘rea ranges are Number of LSA 10. Checksum Sum Ox4ACBB Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 wea? Number of interfaces inthis area is 1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘rea has no authentication ‘SPF algorithm executed 18 times ‘rea ranges are Number of LSA 5. Checksum Sum 012386 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotage LSA 0 Verily that al OSPF routes are now being exchanged. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa'tThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut— was created by an unregistered ChmMagic, please goto hitpimew.bisenter.com to register i su U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers using theshow ip ospf neighbor command. ‘Step 2. Verily tha the transit area ID used in theare virtualtink command is proper. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Verily that the same password is being used on each side ofthe viral lnk svi] a ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks 2-18 area transit-area-id virtual-link router-id dead-interval seconds ‘Syntax Description: (© ransit-areaid— The OSPF area ID ofthe area connecting the two ABRs thatthe vital ink wil cross. This value can be entered 2a decimal number in the range of Oto 4,284,967, 295 or in IP address form inthe range 0.0.0.0 to 258.255.255.255. The transi area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © seconds— I Hello packets from a neighbor are not received during a period of time equal tothe dead interval, then the neighbor willbe declared down. The range of values s 1~8192 seconds. The default value is 40 seconds, Purpose: When an OSPF router receives a Hello packet from an OSPF neighbor, the receiving router assumes thatthe neighbor's active. “The dead interval is used to determine when an OSPF neighbor has become inactive. Ifa Hello packet has not been recelved during the time set forthe dead interval, then the neighbor wil be declared down. By default, the dead interval is four times the Hell interval. The dead interval should always be greater than the Hello interval, Initial Cisco 10S Software Release: 10.0 Configuration Example: Modifying the Dead Interval Over a Virtual Link Configure the networkin Figure 2-1]to observe the detaul tier values over the virtual nk. You wilthen experiment with adjusting the values of the dead interval Figure 2-18. The Dead Interval Must Be Configured with the Same Value at Both Ends of an OSPF Virtual Link The dead Interval default value le 40 seconds: ‘reat outer AThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 2.2.2.2 0.0.0.0 area 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks network 10. 400.03 area outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 ‘Verily tha the virtual links active and that all OSPF routes are being exchanged. ‘trBéshow ip ospf virtual-links un as demand cicuit DoNotAge LSA allowed Transit area 1, va interface Serial, Cost of using 64 Transmit Delay is 1 seo, Sate POINT_TO_POINT, ‘Adjacency State FULL (Hello suppressed) ‘trC#show ip ospf virtual-tinksThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, ‘Timer intervals configured, Helo 10, Dead 40, Wat 40, Retransmi S Helo due in 00:00:06 ‘Adjacency State FULL (Hello suppressed) ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 10.0.0.0790 is subnetted, 2 subnets © 101.1.0[110128] va 10.1.1.5, 00:02:26, Serialo Notice that the default Hello interval is 10 seconds and the default dead interval is 40 seconds. Modiy the configuration an Router 8 to change the dead interval to 41 seconds while leaving the value for the dead interval on Router C set othe default of 40 seconds.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Is the vitual ink sll active? ‘B#show ip ospf vituabtinks Vitual Lik OSPF _VLO to router 38.3.3 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Serial, Cost of using 64 Transmit Delays 1 se, State POINT_TO_POINT, Timer intervals configured, Helo 10, ERI, Wait 40, Revansmit Hello due in 00:00:07 “The vital links up. Now check to see ithe OSPF routes are being exchanged, ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not setThis document was created by an unregistered ChmMagic, please go to hit: bisenter.com to register it. Thanks 1.0.00132s subnete, 1 subnets © 1.1.4.1 (11065) va 10.1.1. 0:07:48, Serial 20.0.0/32issubnetied, 1 subnets © 2222s rectly connected, Loopback0 10..0.030is subneted, 2 subnets © 10.1.1.0%s drecty connected, Seiad © 10.1.1.4%s drecty connected, Seria Router 8 has learned the routes being advertised by Router A but not the routes advertised by Router C. Because the dead interval ime on Router 8 does not match the dead interval on Router C, routes will not be exchanged over the vitual link. Moly the dead interval ime on Router C to match the dead interval time on Route B Verification Verily thatthe dead interval on Router © matches the dead interval on Router B ‘eC#show ip ospt virtual-tinks Vitual Lik OSPF _VL7 to router 22228 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Seral0, Cost of using 64 Transmit Delays 1 se, State POINT_TO_POINT, Timer intervals configured, Helo 10, RRM, Wat 4, Revansmit Hello due in 00:00:00This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘Adjacency State FULL (Hello suppressed) Verily that al OSPF routes are now being exchanged. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGPThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers using theshow ip ospf neighbor command. ‘Step 2. Verily tha the transit area ID used in theareavirtualtinkcommand isthe proper area. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Vey tha the dead interval is being used on both ends ofthe vital ink svi] a iThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, a Per >] 2-19 area transit-area-id virtual-link router-id hello-interval seconds ‘Syntax Description: © transitareaid— The OSPF area ID ofthe area connecting the two ABRS that the virtual nk wl cross. This value can be entered ‘sa decimal number inthe range of 0 to 4,294, 967,285 or in IP address frm inthe range 0.0.0.0 to 255.255.255.255, The transit area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © seconds— The time in seconds between sending Hello packeis over the viral link. The range of values is 1-8192 seconds. The default value is 10 seconds (30 seconds on a nonbroadcast muliaccess [NBMA] network) Purpose: OSPF Hello packets ae used to initially establish the neighbor relatonship. Once the neighbor relationship is established, the packets are used as a keepalive mechanism to determine if the neighbor atthe other end of the virtual ink i ill active. The Helo interval ‘shouldbe less than the dead interval (see Command 2-1) Initia Cisco 108 Software Release: 10.0 Configuration Example: Modifying the Hello Interval Over a Virtual Link Configure the network inFigure 2-1qto observe the default imer values over the viral link. You wil then experiment with adjusting the Values of the Helo interval Figure 2-19. The Hello Interval Must Be Configured with the Same Value at Both Ends of an OSPF Virtual Link a nea ~~ yom transit area a, esi -o \ }This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.4 0.0.0.3 area 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 ‘Verily that the virtual links active and that all OSPF routes are being exchanged. ‘trBéshow ip ospf virtual-links un as demand cicuit DoNotAge LSA allowed Transit area 1, va interface Serial, Cost of using 64 Transmit Delay is 1 seo, Sate POINT_TO_POINT, ‘Adjacency State FULL (Hello suppressed) ‘trC#show ip ospf virtual-tinksThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, ‘Timer intervals configured, Helo 10, Dead 40, Wat 40, Retransmi S Helo due in 00:00:06 ‘Adjacency State FULL (Hello suppressed) ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.41s drecty connected, SerialoThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Notice that the default Hello interval is 10 seconds and the detault dead interval 40 seconds. Madly the configuration on Rater to change the Hello interval to 11 seconds wile leaving the value forthe Hello interval on Router C sett the default of 10 seconds. Router 8 router ospt 1 Is the vitual ink stil active? ‘rB#show ip ospf virtual-tinks Virtual Link OSPF_VLO to router 38.33is up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seilt, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, HBIBIIH. Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:07 ‘The vital links up. Now check to see ifthe OSPF routes are being exchanged, ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not setThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 1.0.00132s subnete, 1 subnets © 1.1.4.1 (11065) va 10.1.1. 0:07:48, Serial 20.0.0/32issubnetied, 1 subnets © 2222s rectly connected, Loopback0 10..0.030is subneted, 2 subnets © 10.1.1.0%s drecty connected, Seiad © 10.1.1.4%s drecty connected, Seria Router 8 has leaned the routes being advertised by Router A but not the routes advertised by Router C. Because the Hello interval me on Router 8 does not match the Hello interval on Router C, routes wil not be exchanged over the virtual nk. Mody the Hello interval time on Router C to match the Helo interval time on Router B, Verification Verily that the Helo interval on Router C matches the dead interval on Router B. ‘eC#show ip ospt virtual-tinks Virtual Lik OSPF._VL7 to router2.22.2s up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Seiad, Cost fusing 64 Transmit Delay is 1 seo, Sate POINT_TO_POINT,This document was created by an unregistered ChmMagic please goto hitpu/ww.bisenter.com to register it. Thanks Timer intervals configured, ERIBIIN, Deas 41, Wat 40, Retransmt 8 Helo due in 0:00.00 ‘Adjacency State FULL (Hello suppressed) Verily that al OSPF routes are now being exchanged. ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘tiBéshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGP D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter areaThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets— was created by an unregistered ChmMagic, please goto hitpimew.bisenter.com to register i su 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers by using thehow Ip ospfneighbor command, ‘Step 2. Verily tha the transit area ID used inthe area virtualtink command isthe proper area. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Verily that the Helo interval is being used on both ends ofthe vital ink svi] a iThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, faoaaar 2-20 area transit-area-id virtual-link router-id message-digest-key key-id md5 password ‘Syntax Description: © ransitareaid— The OSPF area ID ofthe area connecting the two ABRs tha the virtual nk wil cross. This value can be entered ‘aa decimal number inthe range of 0 to 4,294,967,285 or in IP address frm inthe range 0.0.0.0 to 255.255255.255, The transit area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © key-id— Key o use to encrypt a password, The range of values is 1 1 255. Both ends ofa virtual link must use the same key and password. © password Password tobe used for authentication inthe selected area on the selected interface or viral lnk. The password is ‘an alphanumeric string from 1 to 8 characters. Purpose: if message digest authentication fs enabledin Area 0 then all vitual inks need tobe configured wth the same authentication type. ‘This command is used to configure message digest puerta link. In Cisco IOS Software Release 12.0 and later, virtual ection 21 lnk authentication can be configured independent of Area 0 (see| Initia Cisco 108 Software Release: 11.0 Configuration Example 1: Message Digest Authentication Over a Virtual Link ee the effect of enabing authentication in Area 0 but not over th Figure 2-20. Prior to Cisco 10S Software In Figure 2-21] message authentication has been enabled for Area 0. Inia, authentication isnot enabled over the virtual ink so you can vital ink Release 12.0, if Message Digest Authentication Is Enabled in Area 0 Then Message Digest Authentication Must Be Enabled Over the Virtual Link “Area 0 message digest “|, wthentication a aN Ly me i, en }This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, 1011.20 101.1630 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt 1 network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 ! Interface Serial0 Ip address 10.1.1.2 255.255.255.252 ! Interface Serialt Ip address 10.1.1.5 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks clockrate 64000 router ospt 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 Verily that authentication has been enabled for Area 0 ‘wAtshow ip ospt Routing Process “osp 1" wih 1D 1.1.1.1 ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Minimum LSA interval 5 secs. Minimum LSA artval 1 seesThis document was created by an unregistered ChmMagic, please goto http: bisenter.com to register it. Thanks [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 Area has message digest authentication ‘SPF algorithm executed 8 imes ‘rea ranges are Number of LSA 6. Checksum Sum Ox44G3C Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 3 ‘trBéshow ip ospt Routing Process “oso 1" wth ID 22.22 ‘Supports ony single TOS(TOSO) routes itis an area border router ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 2.2 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 3 Area has message digest authentication ‘SPF algorithm executed 14 timesThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘rea ranges are Number of LSA 6. Checksum Sum OxAGSC Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 3 rea t Number of interfaces inthis areas 1 ‘rea has no authentication ‘SPF aigotthm executed 4 times ‘rea ranges are Number of LSA 8. Checksum Sum OxSAED7 Number of Dcbiess LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 ‘When authenteation is enabled in rea 0, then this authencaton ype wil be applied to all interaces in Area 0 nclucng vital inks. Any ‘outing updates trom neighbors in Area O wil be rejected the authentication type and password donot match. Because val inks considered tobe in Area 0, routing undates passing over the vital nk willbe rejected. This can be verified by examining the IP routing table (on Router B, ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnetsThis document was created by an unregistered ChmMagic, please goto htp:/lwww_bisenter.com to reistr it. Thanks © 1.4.1.1 [110165] via 10.1.1.1, 0:06:34, Seialo 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt Router 8 has leamed the routes being advertised by Router A, but not the routes advertised by Router C. You must enable message digest ‘authentication on the virtual ink so tha routing updates can be exchanged between Routers B and C. You can aso use a diferent ‘authentication type onthe vitual Ink using command 2-14, 2-15, o 2-16. In this case, you wil configure the same authentication ype that is boeing used in Area 0. Change the key and password used over the virtual Ink to demonstrate thatthe keys and passwords for diferent interfaces do not need to be the same. Remember that the key and password for a common lnk must be the same at both ends ofthe nk. Mody the configurations on Routers B and C to enable message cist authentication over the virtual lnk using a key of 2 andthe password sco Router 8 router ospt 1 area 0 authentication outer © router ospt 1 Notice tha the command area 0 authentication message-digestwas used on Router C because the vitual ink is in Area 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Verification Verily that message digest authentication has been enabled over the virtual ink ‘trC#show ip ospf virtual-tinks Virtual Link OSPF_VL7 to router 22.22is up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:06 ‘Adjacency State FULL (Hello suppressed) ‘Message digest authenicaion enabled Youngest key idis 2 Verily that al OSPF routes are now being exchanged ‘wAtshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnetsThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, SerialtThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Configuration Example 2: Changing Keys and Passwords For addtional security you may choose to periodical change the key and password, With cleartext authentication, when you change passwords there wil be a loss of OSPF connectivity trom the time you change the password on one end ofthe vitual nk until you change the password a the other end ofthe vial ink. With MDS authentication you can configure a new key and password ona val ink while Jeaving the old key and password in place. The old key and password wil continue to be used until the new key and password are configured ‘on the other end ofthe vital ink Modify the key and password onthe viral ink between Routers B and C. Fist, add a new key and password o Router B in order to observe the behavior when the new key and password have only been configured on one end of the virtual link,This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Router 8 router ospt 1 area 0 authentication message-digest area virlual-ink 3.3.3.3 message-digest-key 2 md5 bosco Examine the effec of adding a new key and password on only one end ofthe virtual ink. riBshow ip ospt vitualtinks Virtual Link OSPF_VL1 to router 38.33is up un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seilt, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) ‘Message digest authenicaion enabled Youngest key idis 3 Rollover in progress, 1 neighbors) using the old key(s): heyia2 Notice that both keys are being used for authentication. Configure the new key and password on Router C while leaving the old key and password in place. outer © router ospt 1 area 0 authentication message-digestThis document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register Thanks area virlual-ink 2.2.2.2 message-digest-key 2 mdS bosco Verily that Router Cs now using the new key and password. ‘eC#show ip ospt virtualtinks Virtual Lik OSPF._VL7 to router2.22.2s up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Seiad, Cost fusing 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo due in 00:00:08 ‘Adjacency State FULL (Hello suppressed) ‘You can now remove the old key and password trom Routers B and C. Router 8 router ospt 1 outer © router ospt 1— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Verification Verily that only the new key and password are being used over the vital ink, ‘tBshow ip osptvirtual-links Virtual Lik OSPF._VLO to router3.33:3is up un as demand ecut DoNctAge LSA alowed ‘Transit area 1, via interace Serial, Cost fusing 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo cue in 00:00:01 ‘Adjacency State INIT (Hello suppressed) Troubleshooting ‘Step 1. Vey that there is @ neighbor relationship between the OSPF routes using the show ip ospfneighbor command, ‘Step 2. Verily tha the transit area ID used in theareavirtualtinkcommand isthe proper area. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Vey that the same key and password are being used on each sie ofthe vitual nk. svi] re iThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks a Per >] 2-21 area transit-area-id virtual-link router-id retransmit-interval seconds ‘Syntax Description: © transitareaid— The OSPF area ID ofthe area connecting the two ABRS that the virtual nk wl cross. This value can be entered ‘sa decimal number inthe range of 0 to 4,294, 967,285 or in IP address frm inthe range 0.0.0.0 to 255.255.255.255, The transit area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © seconds— The range of values is 1-8192 seconds. The default vale is 5 seconds. Purpose: When a router advertises alink-sate advertisement (LSA) over a viral lnk, the LSA is added to retransmission ist forthe virual Ink. The LSA willbe retransmitted uni the LSA is acknowledged. The number of seconds between the advertisements is called the retransmit interval, Initia Cisco 108 Software Release: 10.0 Configuration Example: Modifying the Retransmit Interval Over a Virtual Link Configure the networkin igure 221 Values of the retransmit interval to observe the default timer values over the vitual Ink. You wil hen experiment with agusting the Figure 2-21. The Retransmit Interval Is the Time Between Resending Unacknowledged LSAs outer AThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 2.2.2.2 0.0.0.0 area 0This document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks network 10. 400.03 area outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 ‘Verily that the virtual links active and that all OSPF routes are being exchanged, ‘trBéshow ip ospf virtual-links un as demand cicuit DoNotAge LSA allowed Transit area 1, va interface Serial, Cost of using 64 Transmit Delay is 1 seo, Sate POINT_TO_POINT, ‘Adjacency State FULL (Hello suppressed) ‘trC#show ip ospf virtual-tinksThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks un as demand circuit DoNotAge LSA alowed Transit area 1, viaintriace Seial0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, ‘Timer intervals configured, Helo 10, Dead 40, Wat 40, Retransmi S Helo due in 00:00:06 ‘Adjacency State FULL (Hello suppressed) ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.41s drecty connected, Serialo Notice tha the default retransmit interval i § seconds. Macity the configuration on Router B to change the retransmit interval to 6 seconds hile leaving the value fo the retransmit interval on Router C sett the default of 5 seconds.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Is the vitual Ink stl active? ‘B#show ip ospf vituabtinks Vitual Lik OSPF _VLO to router 38.3.3 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Serial, Cost of using 64 Transmit Delays 1 se, State POINT_TO_POINT, Timer intervals confgued, Helo 10, Deas 40, Wat 40, ESRI Hello due in 00:00:07 “The vital links up. Now check to see ifthe OSPF rautes are being exchanged, ‘Btshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not setThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets © 22.22isdirecty connected, LoopbackO 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0%s drecty connected, Serialo © 10.1.1.4%s drecty connected, Serialt 8 has leamed the routes ised by Router A and the routes advertised by Router C. Unke the Hell interval (sqBection] ‘and the dead interval (seeBecton 2-18), the vitual Ink does not need to have the same retransmit interval configured on both ends of the link Verification ‘Verily that the new retransmit interval has been configured on Router C. ‘uO#show ip ospf vituabtinks Vitual Lik OSPF _VL7 to router 22228 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Seral0, Cost of using 64 Transmit Delays 1 se, State POINT_TO_POINT, Timer intervals confgued, Helo 10, Deas 40, Wat 40, ESRI Helo due in 0:00.00 ‘Adjacency State FULL (Hello suppressed) Verily that al OSPF routes are now being exchanged ‘trAshow ip route Codes: C- connected, S static, -IGAP, R- RIP, M- mobile, B- BGPThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks D-EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area NI - OSPF NSSA external ype 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external ype 2, E- EGP 1-ISAS, Lt “ISAS level, L2 -1S-1S level2,*- candidate defaut U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0.0.0790 is subnetted, 2 subnets © 10.1.1.0is drecty connected, Serial OIA 10.4.1.4 [110/128] via 10.1.42, 00:08:04, Seriaa't ‘eBshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not setThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/92s subnetted, 1 subnets 10.0..0730 subnetted,2 subnets © 10.4.1.0%s drecty connected, Seriaid © 10.1.1.4%s drecty connected, Serialt ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2- OSPF NSSA external ype 2 E1- OSPF extemal ype 1, £2 - OSPF extemal type 2, E- EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets 10.0..0730 subnetted,2 subnets— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| © 10.1.4.0(110128] via 10.1.1.5, 00:11:11, Seralo © 10.1.1.41s drecty connected, Serialo Verification ‘The retransmitnterval can be ved by using the show ip ospf vrtualinks command. ‘Cshow ip ospt virtuattinks Vitual Lik OSPF _VL7 to router 22228 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Seral0, Cost of using 64 Transmit Delays 1 se, State POINT_TO_POINT, Timer intervals configured, Helo 10, Deas 40, Wat 40, STIS Helo due in 00.00.04 ‘Adjacency State FULL (Hello suppressed) Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers using the show ip ospf neighbors command. ‘Step 2. Verily tha the transit area ID used in theareavirtualtinkcommand isthe proper area. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Vey that the desired retransmit interval nas been configured by using the commansthow ip ospf virtuablinks. svi] re iThis document was created by an unregistered ChmMagic, please go to http:/wwu.bisenter.com to register it. Thanks [fee Open Suey fa) 2-22 area transit-area-id virtual-link router-id transmit-delay seconds ‘Syntax Description: © ransitareaid— The OSPF area ID ofthe area connecting the two ABRs thatthe vital ink wil cross. This value can beentered ‘a decimal number inthe range of Oto 4,294, 967,285 or in IP address frm inthe range 0.0.0.0 to 255.255,255.255, The transit area cannot be a stub area. © routerid OSPF router ID of the router atthe remote end of the virtual ink. © seconds—The range of values is 1-8192 seconds. The default value is 1 second, Purpose: When an LSA is created, the router wl set the LS age field to. The transmit delay value fs added tothe age field ofthe LSA. This intial value represents the time delay f propagating the LSA over the vital ink Initia Cisco 108 Software Release: 10.0 Configuration Example: Modifying the Transmit Delay Value for a Virtual Link Configure the networkin Figure 2-24 and set the transmit delay value to 2 seconds. Figure 2-22. Transmit Delay Represents the LSA Propagation Delay Over a Virtual Link aa ™; yo NY i7 7 wm = no A - _-* Sa _ ats S outer AThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 10.1.1.00.0.0.3 area 0 network 2.2.2.2 0.0.0. network 10.1.1.4 0.0.0.3 area 1This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Verification Verily that the transmit delay value has been modified, that the virtual inks active, and that all OSPF routes ate being exchanged, ‘uBshow ip ospfvirtual-inks Vitual Lik OSPF _VLO to router 38.3.3 up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Serial, Cost of using 64 ERRDEEWEZEE sate PonT_To_ Pow, Tier intervals configured, Helo 10, Dead 40, Wat 4, Revansmit6 Helo due in 0:00.01 ‘Adjacency State FULL (Hello suppressed)This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘uO#show ip ospf vituabtinks Virtual Link OSPF_VL7 to router 22.22is up unas demand cut DoNctAge LSA alowed Transit area 1, via ineface Seral0, Cost of using 64 ERRDEEWEZEE sate PonT_To_ Pow, Tie intervals configured, Helo 10, Dead 40, Wat 4, RevansmitS Helo due in 00.0008, ‘Adjacency State FULL (Hello suppressed) ‘eC#show ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- ODR, Gateway of last resorts not set 1.0.0.0'32's subnetteg, 1 subnets 2.0.0.0/92is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets © 88.80 is directly connected, LoopbackO 10.0.0.0790 is subnetted, 2 subnets— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| © 10.1.1.41s drecty connected, Serialo Troubleshooting ‘Step 1. Vey that there isa neighbor relationship between the OSPF routers by using theshow ip ospfneighbor command, ‘Step 2. Verily tha the transit area ID used in theareavirtualtinkcommand isthe proper area. ‘Step 3. Vey tha the router IDs used inthearea viruablink are correct. ‘Step 4. Verily tha the desired transmit delay value hasbeen configured by using the commandshow ip ospt vitu svi] moet ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks aoa Chapter 3. Auto Cost Becton 3-1. auto-cost reference-bandwict bandit [foncncan) fn Fie Open SuaThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks [: Free Oven Study 5 foes 3-1 auto-cost reference-bandwidth bandwidth ‘Syntax Description: (© bandwviath— Value to use asthe reference bandwidth when calculating the cos of an OSPF route. Range of values is 1 to 4,294,967 Mbps. The detaut value is 100 Mbps. Purpose: By detaut, OSPF calculates the cost ofan interlace by dividing the bandwiath ofthe interface into 100,000,000[Fable Sis the costs for various interface types. Using the default value when your network has interfaces wih a bandwidth greater than 100,000,000 is not recommended. OSPF will not be abe to ciferentiate between a 100-Mibps interface and any interface with a banciwicth greater than 100 Mops. This command allows you to change the OSPF reference value globally so the calulated castor every interface is updated. The cost {or individual interfaces canbe adjusted using the interace command Ip ospf cost (see[Secton 19-9). The use ofthe Ip ospf cost inertace ‘command is nat recommended, Table 3-1. Default OSPF Cost for Selected Interfaces Interface Type Interface Bandwidth OSPF Cost Loopback 8,000,000,000 1 serial 56,000 1785 n 1,544,000 ea Ethemet 10,000,000 10 Fast Ethernet 100,000,000 1 Gigabit Ethernet 1,000,000,000 1 ooas 2,500,000,000 1 Initial Cisco 108 Software Release: 11.2 Configuration Example: Globally Modifying OSPF Interface Costs Configure the routers inFigure &-Jusing the defauit reference value of 100,000,000 to investigate the costs ofthe various interfaces.This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Figure 3-1. OSPF Cost Is Based on the Interface Bandwidth e9| ATION cosa yg 2188228 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Ethernet0/0 Ip address 172.16.1.1 255.255.255.0 router ospt 1 network 1.1.1.1 0.0.0.0 network 172.16.1.0 0.0.0.255 area 0 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Ethernet Ip address 172.16.1.2 255.255.255.0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Serialt Ip address 10.1.1.5 255.255.255.252 clockrate 64000 router ospt t network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.4 0.0.0.3 area 1 network 172.16.1.0 0.0.0.255 area 0 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 router ospt t network 3.3.3.3 0.0.0.0 areat network 10.1.1.4 0.0.0.3 area 1 Verily that Routers A, B, and C have established OSPF neighbor relationships. ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULLIBDR 00:00:30 172.16.1.2 _Ethernet0/0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 141.1 FULUDR 00:00:38 172.16.1.1. Ethernet 3333 1 FULL’- 000038 10.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000034 10.1.1.5 Serial Now inspect the outing tables on Routers A,B, and Cto determine the OSPF cost ofthe routes. ‘teéshow ip route Codes: C- connected, Sst, |-IGAP, R- FIP, M- mobile, 8 -BGP - EIGAP, EX-EIGAP extemal, O- OSPF, IA- OSPF inter area N1- OSPF NSSA extemal ype 1, N2-OSPF NSSA external pe 2 1 OSPF extemal ype 1, £2-OSPF extemal ype 2,E-EGP 1-184, Lt -16 18 level, L2- 1618 leve2, - candidate default U- peruse state route, o- OD Gateway of last resorts not set 1.0.0.92%8 subnet, t subnet © 1.1.1.1 is drt comected, LoopbackO 20.0092is suneteg, 1 subnets © 22221110 va 172.18.1.2,00:4920,Ethernet00 30.0092is suneteg, 1 subnets 1K 3333111088 via 1721612, 0:48:20, themeO0

Mand and Configuration Handbook Ccie Professional Development

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mand and Configuration Handbook Ccie Professional Development

Uploaded by

Copyright:

Available Formats

You might also like