#########EIGRP Authentication########
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filtered#########EIGRP AUthentication########
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filetered (denied)
(denied)
No comments:
Post a Comment