So it's that time again for me to renew my Cisco Certifications. As a result, this post is based on my preparation for the CCNP Route Exam (300-101).
In this post I will be focusing on Configuring and Verifying EIGRP,
while Peering into the EIGRP Packets
The topology used in this lab is the topology used in the earlier post on DMVPN, GRE, NHRP
Topology
This topology consists of one internet router, HQ and 2 Branches.
Internet Router:
- Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
- Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
- Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
- Interface lo7 - Loopback for testing - IP 7.0.0.1/32
- Interface lo8 - Loopback for testing - IP 8.0.0.1/32
HQ
- Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
- Interface lo1 - Loopback for testing - IP 1.0.0.1/32
- Interface lo2 - Loopback for testing - IP 2.0.0.1/32
- Default Gateway - 3.0.0.1
DMVPN IP
- 192.168.0.1/24
Branch-1
- Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
- Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
- Default Gateway - 5.0.0.1
203 Server on Branch 1 - LAN
eth0 - 10.0.0.2/24
Default Gateway - 10.0.0.1
DMVPN IP
- 192.168.0.2/24
Branch-2
- Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
- Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
- Default Gateway - 4.0.0.1
Kali Host on Branch-2
eth0 - 172.16.0.2/24
Default Gateway - 172.16.0.1
DMVPN IP
- 192.168.0.3/24
This topology consists of one internet router, a HQ and 2 Branches.
Internet Router:
- Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
- Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
- Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
- Interface lo7 - Loopback for testing - IP 7.0.0.1/32
- Interface lo8 - Loopback for testing - IP 8.0.0.1/32
HQ
- Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
- Interface lo1 - Loopback for testing - IP 1.0.0.1/32
- Interface lo2 - Loopback for testing - IP 2.0.0.1/32
- Default Gateway - 3.0.0.1
DMVPN IP
- 192.168.0.1/24
Branch-1
- Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
- Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
- Default Gateway - 5.0.0.1
203 Server on Branch 1 - LAN
eth0 - 10.0.0.2/24
Default Gateway - 10.0.0.1
DMVPN IP
- 192.168.0.2/24
Branch-2
- Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
- Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
- Default Gateway - 4.0.0.1
Kali Host on Branch-2
eth0 - 172.16.0.2/24
Default Gateway - 172.16.0.1
DMVPN IP
- 192.168.0.3/24
Key Chain Configuration
This key chain is configured on HQ, Branch-1 and Branch-2 routers. This will be used by EIGRP for authentication of neighbors. It helps to reduce the probability of anyone adding a router to the infrastructure and either learning or injecting routes or our routing process
Interface ConfigurationInternet
HQ
While every command here is important, I am only focusing on Tunnel 0
"no ip split-horizon eigrp 1"
- For EIGRP to work properly we need to disable split-horizon. Since this is the hub
all EIGRP traffic which enters interface "tunnel 0" also will need to
leave "tunnel 0". By default this is not permissible.
"ip authentication mode eigrp 1 md5"
- Telling EIGRP to used md5 hashing for authentication credentials
"ip authentication mode key-chain eigrp 1 SecurityNik"
- Use the key-chain with name SecurityNik
Branch-1
Branch-2
Routing Process Configuration
HQ
Branch-1
Branch-2
Verifying EIGRP is working properly on HQ router
Looks like we 2 neighbors, both learned via interface Tunnel0
The topology looks good as there are currently no routes in "A" (Active)
Taking a look at the IP protocols ...
... we see the networks which are being routed and the routing information sources
Finally taking a look at the "show ip route"
Voilla!!
Obviously now the final test is to ensure that the hosts can actually communicate.
Verify the hosts can ping (and traceroute) each other
Ahhh, All is well now!!!
Peering into the EIGRP Packets
In a previous post, I stated that EIGRP uses 5 packets. Let's take a peek into 4 of these packets now.
Hello
From the above we see this is an "Hello" packet
Update
Above we see an update packet
Query
The above is a query packet
Ack
And finally we have an "ACK" packet
That's it!!
No comments:
Post a Comment