CCNP Lab 016: EIGRP Multi-Technology

Lab

Lab Objective:
The focus of this lab is to understand EIGRP implementation and
configuration in Cisco IOS routers. Additional technologies tested include
summarization and authentication.
Lab Topology:
The lab network topology is illustrated below:

IMPORTANT NOTE
If you are using the www.101labs.net racks, please bring up the LAN
interfaces connected to the routers by issuing the no shutdown command on
the connected switches. If you are using a home lab with no
Switches, you can bring up the LAN interfaces using the following
configurations on your routers:
interface fastethernet 0/0
no keepalive
loopback
no shutdown
Alternately, you can simply connect the interfaces to a hub or switch if you
have one available in your own lab.
Task 1
Configure hostnames and IP addresses on all routers as illustrated in the
network topology.
Task 2
Configure EIGRP for AS 1 as illustrated in the topology. However, do NOT
advertise the 150.2.2.0/24 and 150.3.3.0/24 subnets connected to R2 and R3
via EIGRP. Additionally, authenticate EIGRP protocol updates using the
password ‘CCNP’.
Task 3
Configure routers R2 and R3 to advertise ONLY the default route to R1 and
R4. Ensure that R2 and R3 can ping each others’ 150.x.x.x/24 subnets. Verify
that R1 and R4 can reach the 150.2.2.0/24 and 150.3.3.0/24 subnets even if
their own WAN links are down or unavailable.
Task 4
Configure the following secondary subnets on the LAN segment between R1
and R4:

Network: 192.168.0.0/24 - Assign 192.168.0.1/24 to R1 and

192.168.0.4/24 to R4
Network: 192.168.1.0/24 - Assign 192.168.1.1/24 to R1 and
192.168.1.4/24 to R4
Network: 192.168.2.0/24 - Assign 192.168.2.1/24 to R1 and
192.168.2.4/24 to R4
Network: 192.168.3.0/24 - Assign 192.168.3.1/24 to R1 and
192.168.3.4/24 to R4
Next, configure R1 and R4 to advertise only a single route for these subnets
to R2 and R3.
Task 5
Management has decided that packets sourced from the LAN interface of R2
(150.2.2.2) should use the R2-R3-R4 path to reach the 150.1.1.0/24 and
192.168.1.0/24 subnets. This should be completed without performing any
modifications on any other router except for R2. Verify your configuration
using the appropriate commands. Corporate IT policy states that NO static
routes are allowed. Complete this solution while adhering to this policy.
Lab Validation:
Task 1
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#no shutdown
R1(config-if)#ip address 150.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface serial 0/0
R1(config-if)#no shutdown
R1(config-if)#ip address 10.0.0.1 255.255.255.252
R1(config-if)#clock rate 2000000
R1(config-if)#exit
Router(config)#hostname R2
R2(config)#interface fastethernet 0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 150.2.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface serial 0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 10.0.0.2 255.255.255.252
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#no shutdown
R2(config-if)#ip address 10.0.0.9 255.255.255.252
R2(config-if)#exit
Router(config)#hostname R3
R3(config)#interface fastethernet 0/0
R3(config-if)#no shutdown
R3(config-if)#ip address 150.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface serial 1/1
R3(config-if)#no shutdown
R3(config-if)#ip address 10.0.0.10 255.255.255.252
R3(config-if)#clock rate 128000
R3(config-if)#exit
R3(config)#interface serial 1/2
R3(config-if)#no shutdown
R3(config-if)#ip address 10.0.0.13 255.255.255.252
R3(config-if)#clock rate 128000
R3(config-if)#exit
Router(config)#hostname R4
R4(config)#interface fastethernet 0/0
R4(config-if)#no shutdown
R4(config-if)#ip address 150.1.1.4 255.255.255.0
R4(config-if)#exit
R4(config)#interface serial 0/0
R4(config-if)#no shutdown
R4(config-if)#ip address 10.0.0.14 255.255.255.252
R4(config-if)#exit
Task 2
R1(config)#key chain EIGRP-AUTH
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CCNP
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#router eigrp 1
R1(config-router)#network 150.1.1.1 0.0.0.0
R1(config-router)#network 10.0.0.1 0.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#interface fastethernet 0/0
R1(config-if)#ip authentication mode eigrp 1 md5
R1(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R1(config-if)#exit
R1(config)#interface serial 0/0
R1(config-if)#ip authentication mode eigrp 1 md5
R1(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R1(config-if)#exit
R2(config)#key chain EIGRP-AUTH
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CCNP
R2(config-keychain-key)#exit
R2(config)#router eigrp 1
R2(config-router)#network 10.0.0.2 0.0.0.0
R2(config-router)#network 10.0.0.9 0.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#exit
R2(config)#interface serial 0/0
R2(config-if)#ip authentication mode eigrp 1 md5
R2(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip authentication mode eigrp 1 md5
R2(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R2(config-if)#exit
R3(config)#key chain EIGRP-AUTH
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string CCNP
R3(config-keychain-key)#exit
R3(config-keychain)#exit
R3(config router eigrp 1
R3(config-router)#no auto-summary
R3(config-router)#network 10.0.0.10 0.0.0.0
R3(config-router)#network 10.0.0.13 0.0.0.0
R3(config-router)#exit
R3(config)#interface serial 1/1
R3(config-if)#ip authentication mode eigrp 1 md5
R3(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R3(config-if)#exit
R3(config)#interface serial 1/2
R3(config-if)#ip authentication mode eigrp 1 md5
R3(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R3(config-if)#exit
R4(config)#key chain EIGRP-AUTH
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string CCNP
R4(config-keychain-key)#exit
R4(config-keychain)#exit
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 150.1.1.4 0.0.0.0
R4(config-router)#network 10.0.0.14 0.0.0.0
R4(config-router)#exit
R4(config)#interface fastethernet 0/0
R4(config-if)#ip authentication mode eigrp 1 md5
R4(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R4(config-if)#exit
R4(config)#interface serial 0/0
R4(config-if)#ip authentication mode eigrp 1 md5
R4(config-if)#ip authentication key-chain eigrp 1 EIGRP-AUTH
R4(config-if)#exit
Verify your configuration using the show ip eigrp neighbors command:
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 150.1.1.4 Fa0/0 10 00:01:22 3 200 0 4
0 10.0.0.2 Se0/0 14 00:06:40 3 200 0 11
R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.0.10 Se0/1 14 00:04:30 15 200 0 8
0 10.0.0.1 Se0/0 11 00:06:52 4 200 0 10
R3#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.0.14 Se1/2 10 00:01:36 21 1140 0 7
0 10.0.0.9 Se1/1 11 00:04:42 19 1140 0 10
R4#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.0.13 Se0/0 14 00:01:59 21 200 0 9
0 150.1.1.1 Fa0/0 12 00:02:10 1022 5000 0 9
Verify configured key chains using the show key chain [name] command:
R1#show key chain EIGRP-AUTH
Key-chain EIGRP-AUTH:
key 1 -- text “CCNP”
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Verify authentication using the show ip eigrp interfaces detail [name]
command:
R1#show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 1 0/0 3 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/2 Un/reliable ucasts: 1/4
Mcast exceptions: 1 CR packets: 1 ACKs suppressed: 1
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is “EIGRP-AUTH”
Use multicast
Se0/0 1 0/0 3 0/15 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 2/6
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 3
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is “EIGRP-AUTH”
Use unicast
Task 3
R2(config)#ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0
R2(config)#router eigrp 1
R2(config-router)#redistribute connected
R2(config-router)#distribute-list prefix DEFAULT-ONLY out serial 0/0
R2(config-router)#exit
R2(config)#interface serial 0/0
R2(config-if)#ip summary-address eigrp 1 0.0.0.0 0.0.0.0
R2(config-if)#exit
R3(config)#ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0
R3(config)#router eigrp 1
R3(config-router)#redistribute connected
R3(config-router)#distribute-list prefix DEFAULT-ONLY out serial 1/2
R3(config-router)#exit
R3(config)#interface serial 1/2
R3(config-if)#ip summary-address eigrp 1 0.0.0.0 0.0.0.0
R3(config-if)#exit
NOTE: You can also configure a static default route to Null0 and redistribute
into EIGRP. For example, you could complete this task as follows:
R2(config)#ip prefix-list DEFAULT-ONLY seq 5 permit 0.0.0.0/0
R2(config)#ip route 0.0.0.0 0.0.0.0 null 0
R2(config)#router eigrp 1
R2(config-router)#redistribute connected
R2(config-router)#redistribute static
R2(config-router)#distribute-list prefix DEFAULT-ONLY out serial 0/0
R2(config-router)#exit
Verify your configurations by looking at the routing tables of all routers:
R1#show ip route eigrp
10.0.0.0/30 is subnetted, 2 subnets
D 10.0.0.12 [90/2172416] via 150.1.1.4, 00:14:57, FastEthernet0/0
D* 0.0.0.0/0 [90/2172416] via 10.0.0.2, 00:05:17, Serial0/0
R2#show ip route eigrp
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.12 [90/2684416] via 10.0.0.1, 00:15:15, Serial0/0
150.1.0.0/24 is subnetted, 1 subnets
D 150.1.1.0 [90/2172416] via 10.0.0.1, 00:15:05, Serial0/0
150.3.0.0/24 is subnetted, 1 subnets
D EX 150.3.3.0 [170/2172416] via 10.0.0.10, 00:06:05, Serial0/1
D* 0.0.0.0/0 is a summary, 00:05:35, Null0
R3#show ip route eigrp
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.0 [90/21024000] via 10.0.0.9, 00:15:22, Serial1/1
150.1.0.0/24 is subnetted, 1 subnets
D 150.1.1.0 [90/20514560] via 10.0.0.14, 00:15:22, Serial1/2
150.2.0.0/24 is subnetted, 1 subnets
D EX 150.2.2.0 [170/20514560] via 10.0.0.9, 00:08:15, Serial1/1
D* 0.0.0.0/0 is a summary, 00:05:51, Null0
R4#show ip route eigrp
10.0.0.0/30 is subnetted, 2 subnets
D 10.0.0.0 [90/2172416] via 150.1.1.1, 00:06:14, FastEthernet0/0
D* 0.0.0.0/0 [90/2172416] via 10.0.0.13, 00:06:07, Serial0/0
Test R1 or R4 failover by shutting down the WAN interface and pinging R2
and R3 (remember to ‘no shut’ it after the test):
R1(config)#interface serial 0/0
R1(config-if)#shutdown
R1(config-if)#do ping 150.2.2.2 source 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R1(config-if)#do ping 150.3.3.3 source 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 150.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
R1(config-if)#do show ip route eigrp
10.0.0.0/30 is subnetted, 1 subnets
D 10.0.0.12 [90/2172416] via 150.1.1.4, 00:17:20, FastEthernet0/0
D* 0.0.0.0/0 [90/2174976] via 150.1.1.4, 00:00:47, FastEthernet0/0
Task 4
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 192.168.0.1 255.255.255.0 secondary
R1(config-if)#ip address 192.168.1.1 255.255.255.0 secondary
R1(config-if)#ip address 192.168.2.1 255.255.255.0 secondary
R1(config-if)#ip address 192.168.3.1 255.255.255.0 secondary
R1(config-if)#exit
R1(config)#router eigrp 1
R1(config-router)#network 192.168.0.0 0.0.3.255
R1(config-router)#exit
R1(config)#interface serial 0/0
R1(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.252.0
R1(config-if)#exit
R4(config)#interface fastethernet 0/0
R4(config-if)#ip address 192.168.0.4 255.255.255.0 secondary
R4(config-if)#ip address 192.168.1.4 255.255.255.0 secondary
R4(config-if)#ip address 192.168.2.4 255.255.255.0 secondary
R4(config-if)#ip address 192.168.3.4 255.255.255.0 secondary
R4(config-if)#exit
R4(config)#router eigrp 1
R4(config-router)#network 192.168.0.0 0.0.3.255
R4(config-router)#exit
R4(config)#interface serial 0/0
R4(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.252.0
R4(config-if)#exit
Verify your configuration by looking at the routing tables of all routers:
R1#show ip route eigrp
10.0.0.0/30 is subnetted, 2 subnets
D 10.0.0.12 [90/2172416] via 150.1.1.4, 00:26:41, FastEthernet0/0
D* 0.0.0.0/0 [90/2172416] via 10.0.0.2, 00:03:13, Serial0/0
D 192.168.0.0/22 is a summary, 00:02:43, Null0
R2#show ip route eigrp
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.12 [90/2684416] via 10.0.0.1, 00:03:47, Serial0/0
150.1.0.0/24 is subnetted, 1 subnets
D 150.1.1.0 [90/2172416] via 10.0.0.1, 00:03:47, Serial0/0
150.3.0.0/24 is subnetted, 1 subnets
D EX 150.3.3.0 [170/2172416] via 10.0.0.10, 00:18:06, Serial0/1
D* 0.0.0.0/0 is a summary, 00:03:50, Null0
D 192.168.0.0/22 [90/2172416] via 10.0.0.1, 00:01:44, Serial0/0
R3#show ip route eigrp
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.0 [90/21024000] via 10.0.0.9, 00:03:57, Serial1/1
150.1.0.0/24 is subnetted, 1 subnets
D 150.1.1.0 [90/20514560] via 10.0.0.14, 00:03:53, Serial1/2
150.2.0.0/24 is subnetted, 1 subnets
D EX 150.2.2.0 [170/20514560] via 10.0.0.9, 00:20:06, Serial1/1
D* 0.0.0.0/0 is a summary, 00:17:42, Null0
D 192.168.0.0/22 [90/20514560] via 10.0.0.14, 00:01:51, Serial1/2
R4#show ip route eigrp
10.0.0.0/30 is subnetted, 2 subnets
D 10.0.0.0 [90/2172416] via 150.1.1.1, 00:04:00, FastEthernet0/0
D* 0.0.0.0/0 [90/2172416] via 10.0.0.13, 00:03:57, Serial0/0
D 192.168.0.0/22 is a summary, 00:01:54, Null0
Additionally, test connectivity to these subnets using a simple ping:
R2#ping 192.168.0.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R2#ping 192.168.1.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R2#ping 192.168.2.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2#ping 192.168.3.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R3#ping 192.168.0.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
R3#ping 192.168.1.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
R3#ping 192.168.2.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
R3#ping 192.168.3.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
Task 5
This task requires that PBR be configured on R2 as it cannot be completed
with routing alone:
R2(config)#access-list 100 permit ip host 150.2.2.2 150.1.1.0 0.0.0.255
R2(config)#access-list 100 permit ip host 150.2.2.2 192.168.1.0 0.0.0.255
R2(config)#route-map R2-FA-0/0-PBR permit 10
R2(config-route-map)#match ip address 100
R2(config-route-map)#set ip next-hop 10.0.0.10
R2(config-route-map)#exit
R2(config)#route-map R2-FA-0/0-PBR deny 20
R2(config-route-map)#exit
R2(config)#ip local policy route-map R2-FA-0/0-PBR
R2(config)#exit
Verify your configuration for the 150.1.1.0/24 subnet by debugging PBR on
R2:
R2#debug ip policy
Policy routing debugging is on
R2#ping 150.1.1.1 source 150.2.2.2 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 150.2.2.2
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 16/18/20 ms
R2#
*May 6 00:03:23.379: IP: s=150.2.2.2 (local), d=150.1.1.1, len 100, policy
match
*May 6 00:03:23.379: IP: route map R2-FA-0/0-PBR, item 10, permit
*May 6 00:03:23.379: IP: s=150.2.2.2 (local), d=150.1.1.1 (Serial0/1), len
100, policy routed
*May 6 00:03:23.383: IP: local to Serial0/1 10.0.0.10
Verify your configuration for the 192.168.1.0/24 subnet by debugging PBR
on R2:
R2#ping 192.168.1.0 source 150.2.2.2 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.1.0, timeout is 2 seconds:
Packet sent with a source address of 150.2.2.2
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 32/32/32 ms
R2#
*May 6 00:04:46.951: IP: s=150.2.2.2 (local), d=192.168.1.0, len 100,
policy match
*May 6 00:04:46.951: IP: route map R2-FA-0/0-PBR, item 10, permit
*May 6 00:04:46.951: IP: s=150.2.2.2 (local), d=192.168.1.0 (Serial0/1),
len 100, policy routed
*May 6 00:04:46.951: IP: local to Serial0/1 10.0.0.10
You can also use the show route-map [name] command to view matches
against the configured statement(s) within the route map:
R2#show route-map R2-FA-0/0-PBR
route-map R2-FA-0/0-PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 10.0.0.10
Policy routing matches: 2 packets, 200 bytes
route-map R2-FA-0/0-PBR, deny, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes