This is the first EIGRP post I’ll be doing for CCIE lab preparation.

I’ve tried to include a lot in this one without making it too long. Here’s the topology:

Click here for the initial configs

Here is task one:
1. Advertise all connected loopbacks into EIGRP AS 100. Ensure that only interfaces connected to other routers will form adjacencies. Do not allow EIGRP to summarize automatically.

Simple stuff:

R1(config)#router eigrp 100
R1(config-router)#passive-interface default
R1(config-router)#no passive-interface Virtual-Template12
R1(config-router)#no passive-interface Virtual-Template13
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
 
R1(config)#interface Virtual-Template12
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface Virtual-Template13
R1(config-if)#ip address 10.1.13.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface Serial0/0.102 point-to-point
R1(config-subif)#frame-relay interface-dlci 102 ppp Virtual-Template12
R1(config-subif)#
R1(config-fr-dlci)#interface Serial0/0.103 point-to-point
R1(config-subif)# frame-relay interface-dlci 103 ppp Virtual-Template13

This EIGRP config is basic, we’ve started the EIGRP 100 process, added our passive interface and network statements. We also disable auto-summarization. I’m only showing R1 here as the config is nearly identical across the board. We’ve also configured PPP on the FR links with Virtual Templates, this will be needed later in the config (leak maps).

Task two:
2. Configure strong authentication between R1 and R3 using the password “cisco”. Change the Hold and Hello timers between R1 and R2 to twice the default. Change the SIA timers on R4 to three times the default.

Config:

R1(config)#key chain EIGRP
R1(config-keychain)# key 1
R1(config-keychain-key)#key-string cisco
R1(config)#
R1(config)#interface Virtual-Template13
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#
R1(config-if)#interface Virtual-Template12
R1(config-if)#ip hello-interval eigrp 100 10
R1(config-if)#ip hold-time eigrp 100 30
 
R4(config)#router eigrp 100
R4(config-router)#timers active-time 9

First we configure the key chain on R1 with the string “cisco”, then we assign it to our virtual-template interface connected to R3 (note, this will bounce the neighbors). Next we configure our hello and hold timers on R1. We change the hello and hold timers to twice the default (default hello is 5 seconds, default hold is 15). Last we configure the SIA timer on R4 to nine minutes, three times the default.

Task three:
3. Configure 50.0.0.0 to be the candidate default originated by R1 for the EIGRP AS. Prevent any routes over eight hops from being added to R3′s RIB.

Config:

R1(config)#ip route 50.0.0.0 255.0.0.0 Null0
R1(config)#ip default-network 50.0.0.0
R1(config)#
R1(config)#router eigrp 100
R1(config-router)#redistribute static
 
R3#sh ip route | i Gate
Gateway of last resort is 10.1.13.1 to network 50.0.0.0
R3#sh ip route | i \*
       ia - IS-IS inter area, * - candidate default, U - per-user static route
D*EX 50.0.0.0/8 [170/2585600] via 10.1.13.1, 00:02:30, Virtual-Access1
 
R3(config)#router eigrp 100
R3(config-router)#metric maximum-hops 8

Here we configure a static route for 50.0.0.0, then we add the default-network statement and redistribute static on R1. We verify on R3 that 50.0.0.0 is our candidate default. Next we configure the maximum-hops statement on R3.

Task four:
4. Configure loopback IPs 172.30.1.1/24, 172.30.2.1/24, and 172.30.3.1/24 on R5, advertise these networks into EIGRP. Configure R4 as a stub, but ensure that all R5′s connected networks are present in R1, R2 and R3′s routing tables with the exception of 172.30.2.0/24.

Config:

R5(config)#interface Loopback1
R5(config-if)#ip address 172.16.1.1 255.255.255.0
R5(config-if)#interface Loopback2
R5(config-if)#ip address 172.16.2.1 255.255.255.0
R5(config-if)#interface Loopback3
R5(config-if)#ip address 172.16.3.1 255.255.255.0
R5(config-if)#
R5(config-if)#ip access-list standard Match-172
R5(config-std-nacl)#permit 172.16.1.0 0.0.0.255
R5(config-std-nacl)#permit 172.16.2.0 0.0.0.255
R5(config-std-nacl)#permit 172.16.3.0 0.0.0.255
R5(config-std-nacl)#
R5(config-std-nacl)#route-map Redist-Conn permit 10
R5(config-route-map)#match ip address Match-172
R5(config-route-map)#
R5(config-route-map)#router eigrp 100
R5(config-router)#redistribute connected route-map Redist-Conn
 
R4(config)#ip access-list standard Match-Leak
R4(config-std-nacl)#deny 172.16.2.0 0.0.0.255
R4(config-std-nacl)#permit any
R4(config-std-nacl)#
R4(config-std-nacl)#route-map Leak-172 permit 10
R4(config-route-map)#match ip address Match-Leak
R4(config-route-map)#
R4(config-route-map)#router eigrp 100
R4(config-router)#eigrp stub leak-map Leak-172
 
R3#sh ip route eigrp
D    5.0.0.0/8 [90/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0
     172.16.0.0/24 is subnetted, 3 subnets
D EX    172.16.1.0 [170/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0
D EX    172.16.3.0 [170/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0

We start on R5 by configuring the loopbacks, we then match them in an ACL and redistribute. Then on R4 we configure an ACL to block only the 172.16.2.0/24 network, we match it in a route-map and configure R4 as an EIGRP stub while using the leak-map to allow all routes other than 172.16.2.0/24 to be advertised. We verify that it’s working on R3.

Task five:
5. Configure loopback IPs 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24 and 192.168.4.1/24 on R1. Inject the most specific summary possible into the EIGRP AS. Inject the full 192.168.3.0/24 route into EIGRP, do this all on R1. Originate a default route on R1. Do not use the “ip default-network” command to accomplish this.

Config:

R1(config)#interface Loopback0
R1(config-if)#ip address 1.1.1.1 255.0.0.0
R1(config-if)#interface Loopback1
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#interface Loopback2
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#interface Loopback3
R1(config-if)#ip address 192.168.3.1 255.255.255.0
R1(config-if)#interface Loopback4
R1(config-if)#ip address 192.168.4.1 255.255.255.0
R1(config-if)#
R1(config-if)#ip access-list standard Match-192
R1(config-std-nacl)#permit 192.168.1.0 0.0.0.255
R1(config-std-nacl)#permit 192.168.2.0 0.0.0.255
R1(config-std-nacl)#permit 192.168.3.0 0.0.0.255
R1(config-std-nacl)#permit 192.168.4.0 0.0.0.255
R1(config-std-nacl)#
R1(config-std-nacl)#route-map Redist-Conn permit 10
R1(config-route-map)#match ip address Match-192
R1(config-route-map)#
R1(config-route-map)#router eigrp 100
R1(config-router)#redistribute connected route-map Redist-Conn
R1(config-router)#
R1(config-router)#ip prefix-list EIGRP_Leak seq 10 permit 192.168.3.0/24
R1(config)#
R1(config)#route-map Leak-192.168.3.0 permit 10
R1(config-route-map)#match ip address prefix-list EIGRP_Leak
R1(config-route-map)#
R1(config-route-map)#interface Virtual-Template12
R1(config-if)#ip summary-address eigrp 100 192.168.0.0 255.255.248.0 5 leak-map Leak-192.168.3.0
R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5
R1(config-if)#
R1(config-if)#interface Virtual-Template13
R1(config-if)#ip summary-address eigrp 100 192.168.0.0 255.255.248.0 5 leak-map Leak-192.168.3.0
R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5
 
R3#sh ip route eigrp
D EX 192.168.3.0/24 [170/2713600] via 10.1.13.1, 00:33:21, Virtual-Access1
D*   0.0.0.0/0 [90/2585600] via 10.1.13.1, 00:33:21, Virtual-Access1
D    192.168.0.0/21 [90/2713600] via 10.1.13.1, 00:33:21, Virtual-Access1

First we add our loopbacks, next we match them in an ACL and redistribute them into EIGRP. Then we configure a prefix list to match the route we want to leak, next we match the prefix list in our route-map. Finally we add our summaries to the interfaces and use the “leak-map” command to reference our route-map. We verify that we’re seeing the default, 192 summary and leaked route on R3.

Task six:
6. Set the “bandwidth” command to 1000 on the R1′s link to R2 and 500 on R1′s link to R3. Configure EIGRP to load balance across these two links.

Config:

R1(config)#interface Virtual-Template12
R1(config-if)#bandwidth 1000
R1(config-if)#
R1(config-if)#interface Virtual-Template13
R1(config-if)#bandwidth 500
R1(config-if)#
R1(config-if)#router eigrp 100
R1(config-router)#variance 2
 
R1#sh ip route eigrp
D EX    172.16.30.0 [170/7705600] via 10.1.13.3, 00:37:14, Virtual-Access2
                    [170/5148160] via 10.1.12.2, 00:37:14, Virtual-Access1

This one is pretty basic, we set the bandwidth commands and then configure variance under EIGRP. This tells EIGRP to unequally load balance across links using a multiple of 2. We have verified that R1 has added both routes to the RIB.

Task seven:
7. Prevent R4 from learning the 10.1.13.0/24 prefix from R3. Configure a static route for 172.16.30.0/24 on R3, redistribute this into EIGRP with the metric set to 50mbps, 100ms delay, maximum reliability, minimum load, and 1500 byte MTU. Do not use the “default-metric” command to accomplish this.

Config:

R3(config)#ip access-list standard Filter-10.1.1.13.2
R3(config-std-nacl)#deny 10.1.13.0 0.0.0.255
R3(config-std-nacl)#
R3(config-std-nacl)#ip route 172.16.30.0 255.255.255.0 Null0
R3(config-std-nacl)#
R3(config)#ip access-list standard Match-172
R3(config-std-nacl)#permit 172.16.30.0 0.0.0.255
R3(config-std-nacl)#
R3(config-std-nacl)#route-map Redist-Static permit 10
R3(config-route-map)#match ip address Match-172
R3(config)#router eigrp 100
R3(config-router)#$redistribute static metric 50000 100 255 1 1500 route-map Redist-Static
R3(config-router)#distribute-list Filter-10.1.1.13.2 out

First we configures a filter for the 10.1.13.0/24 network, next we added a route for 172.16.30.0/24 pointing to null0, then we match this route in an ACL and match the ACL in a route-map. Next we redistribute static routes using the route-map we configured, we also set the metric for these routes to match the task. Finally we use a distribute-list to filter the 10.1.13.0/24 route.

This one is a bit longer than the others, but I think it has some good information. Please let me know if you have any thoughts or spot any mistakes, I did this one pretty fast and recklessly.

Here’s the .net file:
The Dynagen/GNS3 .net file
(you will need to change the paths to make it work)

Colby

Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts