Passive Interface in EIGRP

In EIGRP the passive-interface command stops sending outgoing hello packets, hence the router can not form any neighbor relationship via the passive interface. This behavior stops both outgoing and incoming routing updates.

Config:
======
R3#    sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            23.23.23.2      YES manual up                    up
FastEthernet0/1            unassigned      YES unset  administratively down down
Loopback0                  100.100.100.100 YES manual up                    up
Loopback1                  110.110.110.110 YES manual up                    up
Loopback2                  120.120.120.120 YES manual up                    up


R2#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            23.23.23.1      YES manual up                    up
FastEthernet0/1            unassigned      YES unset  administratively down down
Loopback0                  10.10.10.10     YES manual up                    up
Loopback1                  11.11.11.11     YES manual up                    up
Loopback2                  22.22.22.22     YES manual up                    up
Loopback3                  33.33.33.33     YES manual up                    up

We have loopback interfaces on R3 and R2 to make it look like we have networks connected to the routers. We also disable auto summarization on both R2 and R3 to make it look like the loopback interfaces are connected to the bove networks.

Now we make fa0/0 on R2 passive interface and capture the traffic on fa0/0 on R3.

R2(config)#router eigrp 1
R2(config-router)#passive-interface fa0/0
R2(config-router)#
*Mar  1 02:27:15.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 23.23.23.2 (FastEthernet0/0) is down: interface passive
R2(config-router)#^Z
R2#


Here is the output from the wireshark:





You will notice that as soon as we make fa0/0 on R2 a passive interface it stops sending hello packets.
The adjecency drops immediately. It doesn't wait for hold time to expire.

Policy Based Routing Troubles

Objective:
=========
1. All http traffic from R2 to R5 should go through R1
2. All telnet traffic from R2 to R5 should go through R3
3. Rest of the traffic should loadbalance between R1 and R3.

Config:
=====
On R2
R2#sh access-lists
Extended IP access list TELNET
    10 permit 23 any 45.45.45.0 0.0.0.255
R2#sh route-map
route-map PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists): TELNET
  Set clauses:
    ip next-hop 23.23.23.2
  Policy routing matches: 0 packets, 0 bytes
!
interface Serial0/0
 description R2 to R1
 ip address 12.12.12.2 255.255.255.252
 ip policy route-map PBR
 clock rate 2000000
end
!
interface Serial0/1
 description R2 to R3
 ip address 23.23.23.1 255.255.255.252
 ip policy route-map PBR
 shutdown
 clock rate 2000000
end

Problem:
======

When I telnet from R2 to R5 it connects. Then to test the route map I shut the se1/0 on R2 which goes to R3. So as per the policy the telnet should not work as the next hop is disabled but I am still able to telnet!! See output below:

R2(config)#do telnet 45.45.45.2
Trying 45.45.45.2 ... Open


User Access Verification

Password:
R5>exit

[Connection to 45.45.45.2 closed by foreign host]
R2(config)#int se1/0
R2(config-if)#shut           ! I have shut the port!
R2(config-if)#do telnet 45.45.45.2
Trying 45.45.45.2 ... Open


User Access Verification

Password:
R5>exit               ! It still connect!!!!

[Connection to 45.45.45.2 closed by foreign host]

EIGRP Lab: Redistribution, Route-maps and Tagging

Overview:
========
 This lab is an extension fo the previous lab, EIGRP over frame-relay. In this lab I added R4 to the topology and configured the R4<>R1 link in EIGRP AS1. I also created loopbacks on R4 and advertised them into EIGRP AS2.
Objective:
=========
1. Redistribute EIGRP AS1 routes into EIGRP AS2 routes( Simple)
2. Use route map to redistribute loopback routes into EIGRP AS1 and tag the /24 or lesser subnets with 2000.
Config:
======
R1#sh run int se0/1
Building configuration...
Current configuration : 86 bytes
!
interface Serial0/1
 ip address 14.14.14.2 255.255.255.252
 clock rate 2000000
end
!
R4#sh run int se0/0
Building configuration...
Current configuration : 86 bytes
!
interface Serial0/0
 ip address 14.14.14.1 255.255.255.252
 clock rate 2000000
end
!
router eigrp 1
 redistribute eigrp 2 route-map AS2TOAS1
 network 14.14.14.0 0.0.0.255
 default-metric 100 100 100 100 100
 no auto-summary
router eigrp 2
 redistribute eigrp 1 metric 100 100 100 100 100
 network 40.0.0.0
 no auto-summary

R4#sh route-map
route-map AS2TOAS1, permit, sequence 10
  Match clauses:
    ip address prefix-lists: LOW
  Set clauses:
    tag 2000
  Policy routing matches: 0 packets, 0 bytes
route-map AS2TOAS1, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

R4#             sh ip prefix-list det
Prefix-list with the last deletion/insertion: LOW
ip prefix-list LOW:
   count: 1, range entries: 1, sequences: 5 - 5, refcount: 3
   seq 5 permit 40.0.0.0/8 le 24 (hit count: 6, refcount: 1)

EIGRP over frame-relay

Story:
=====
The basic idea of this lab was to create a frame relay network using EIGRP. We have three routers R1, R2 and R3 connected to a frame relay switch. R1 is the hub.

I felt that the lab will be easy but I am going wrong somewhere. I created the frame relay network and configured EIGRP over it and I am able to ping one spoke router from another spoke router. But then I created loopbacks on R2 and advertised them using EIGRP but R1 is not learning those addresses.

Config:

On R1:
======
!
interface Serial0/0
 ip address 10.10.10.10 255.255.255.0
 encapsulation frame-relay
 no ip split-horizon eigrp 1
 clock rate 2000000
 frame-relay map ip 10.10.10.10 101
 frame-relay map ip 10.10.10.30 101 broadcast
 frame-relay map ip 10.10.10.20 102 broadcast
 no frame-relay inverse-arp
end
!
R1#sh run | sec eigrp
 no ip split-horizon eigrp 1
router eigrp 1
 network 0.0.0.0
 no auto-summary
R1#

On R2:
======
!
interface Serial0/0
 ip address 10.10.10.20 255.255.255.0
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 10.10.10.20 203
 frame-relay map ip 10.10.10.30 203
 frame-relay map ip 10.10.10.10 203
 no frame-relay inverse-arp
end
!
R2#sh run | sec eigrp
router eigrp 1
 network 0.0.0.0
 no auto-summary
R2#

On R3:
======
!
interface Serial0/0
 ip address 10.10.10.30 255.255.255.0
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 10.10.10.30 202
 frame-relay map ip 10.10.10.20 202
 frame-relay map ip 10.10.10.10 202
 no frame-relay inverse-arp
end
!
R3#sh run | sec eigrp
router eigrp 1
 network 0.0.0.0
 no auto-summary
R3#

OSPF Lab1

Click on the diagram to enlarge

Overview: I created this lab today for basic OSPF concepts.
Objectives:
1. Create POINT_TO_POINT OSPF on the link between R1 and R2.
2. Create loopback interfaces on R1 and advertise them into area 1. Configure the loopbacks to reflect networks subnets( this can be done by configuring the ospf network under these loopsbacks as POINT_TO_POINT links)
3. Create a BROADCAST network between R2, R3 and R4 and put it under area2
4. Create a loopback on R3 and configure it in area2 (easy one).
5. Create a loopback on R4 and configure it in area3. Try to ping lo on R3 and lo on R4 from R1. Ping to lo of R4 fails.
6.  Create a virtual link between R4 and R2 over trasit area2. Perfom ping test mentioned above again.
The ping to lo  on R4 from R1 should be successful.

Verification:
sh ip route
sh ip ospf
sh ip ospf nei
sh ip ospf adj
sh ip ospf route
sh ip ospf database
debug ip ospf packet
debug ip ospf adj

Also use wireshark to learn about the LSA types. You will mostly see LSA1 and LSA2s in this lab.