Saturday, January 10, 2015

Cisco CCNP - 300-101 - Configuring and Verifying EIGRP, Peering into the EIGRP Packets

So it's that time again for me to renew my Cisco Certifications. As a result, this post is based on my preparation for the CCNP Route Exam (300-101).

In this post I will be focusing on Configuring and Verifying EIGRP,

while Peering into the EIGRP Packets

The topology used in this lab is the topology used in the earlier post on DMVPN, GRE, NHRP


Topology



























This topology consists of one internet router, HQ and 2 Branches.

Internet Router:
    - Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
    - Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
    - Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
    - Interface lo7 - Loopback for testing - IP 7.0.0.1/32
    - Interface lo8 - Loopback for testing - IP 8.0.0.1/32
       

HQ
    - Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
    - Interface lo1 - Loopback for testing - IP 1.0.0.1/32
    - Interface lo2 - Loopback for testing - IP 2.0.0.1/32
    - Default Gateway - 3.0.0.1

    DMVPN IP
        - 192.168.0.1/24
       
       
Branch-1
    - Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
    - Default Gateway - 5.0.0.1
   
    203 Server on Branch 1 - LAN
        eth0 - 10.0.0.2/24
        Default Gateway - 10.0.0.1

    DMVPN IP
        - 192.168.0.2/24

       
Branch-2
    - Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
    - Default Gateway - 4.0.0.1

    Kali Host on Branch-2
        eth0 - 172.16.0.2/24
        Default Gateway - 172.16.0.1
       
    DMVPN IP
        - 192.168.0.3/24

This topology consists of one internet router, a HQ and 2 Branches.

Internet Router:
    - Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
    - Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
    - Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
    - Interface lo7 - Loopback for testing - IP 7.0.0.1/32
    - Interface lo8 - Loopback for testing - IP 8.0.0.1/32
       

HQ
    - Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
    - Interface lo1 - Loopback for testing - IP 1.0.0.1/32
    - Interface lo2 - Loopback for testing - IP 2.0.0.1/32
    - Default Gateway - 3.0.0.1

    DMVPN IP
        - 192.168.0.1/24
       
       
Branch-1
    - Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
    - Default Gateway - 5.0.0.1
   
    203 Server on Branch 1 - LAN
        eth0 - 10.0.0.2/24
        Default Gateway - 10.0.0.1

    DMVPN IP
        - 192.168.0.2/24

       
Branch-2
    - Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
    - Default Gateway - 4.0.0.1

    Kali Host on Branch-2
        eth0 - 172.16.0.2/24
        Default Gateway - 172.16.0.1
       
    DMVPN IP
        - 192.168.0.3/24



Key Chain Configuration




This key chain is configured on HQ, Branch-1 and Branch-2 routers. This will be used by EIGRP for authentication of neighbors. It helps to reduce the probability of anyone adding a router to the infrastructure and either learning or injecting routes or our routing process


Interface Configuration
Internet
























HQ
























While every command here is important, I am only focusing on Tunnel 0

"no ip split-horizon eigrp 1"
- For
EIGRP to work properly we need to disable split-horizon. Since this is the hub all EIGRP traffic which enters interface "tunnel 0" also will need to leave "tunnel 0". By default this is not permissible.
"ip authentication mode eigrp 1 md5"
- Telling EIGRP to used md5 hashing for authentication credentials

"ip authentication mode key-chain eigrp 1 SecurityNik"
- Use the key-chain with name SecurityNik





Branch-1
























Branch-2

























Routing Process Configuration

HQ








Branch-1








Branch-2









Verifying EIGRP is working properly on HQ router

Looks like we 2 neighbors, both learned via interface Tunnel0











The topology looks good as there are currently no routes in "A" (Active)

Taking a look at the IP protocols ...





























... we see the networks which are being routed and the routing information sources

Finally taking a look at the "show ip route"



Voilla!!

Obviously now the final test is to ensure that the hosts can actually communicate.

Verify the hosts can ping (and traceroute) each other




Ahhh, All is well now!!!


Peering into the EIGRP Packets 




In a previous post, I stated that EIGRP uses 5 packets. Let's take a peek into 4 of these packets now.

Hello

From the above we see this is an "Hello" packet


Update       


Above we see an update packet


Query


The above is a query packet

Ack


And finally we have an "ACK" packet


That's it!!

No comments:

Post a Comment