Just another Cisco blog
Which Exams for CCIP?
I’ve been talking to people about the BGP and MPLS exams. From what I’m hearing, it sounds like the composite (BGP+MPLS) is actually easier than doing each exam individually. I’m finding this a bit hard to believe, but people seem pretty adamant about it. I’m hearing that there are less sims on the composite.
I’ve been focusing on BGP mostly, but MPLS has been part of the labs I’ve been using. I might just try out the composite and see how it goes since my employer is paying for two attempts per exam…
Anyone have thoughts or suggestions on the matter?
Related Posts:
| Print article | This entry was posted by Colby on February 5, 2010 at 11:03 am, and is filed under Personal. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
No trackbacks yet.
Free CCNA Practice Questions
about 7 years ago - No comments
Steve over at Networking Forum came up with another great idea. He’s offering free CCNA practice questions. He’s asked the members to assist with providing the questions and answers. So far, there are about 30 questions posted, with more to come. They’re all multiple choice, but we’ve included some drag and drop type questions and some troubleshooting/simulation type questions as well (as much as we could while keeping them multiple choice). I’ll post a couple sample question below.
Related Posts:
CCNA Scholarship
about 8 years ago - 2 comments
Steve is doing another generous offering over at Networking Forum. He’s planning to give away a “scholarship” for the CCNA. He will essentially pay someone’s way through the CCNA if this person agrees to log his or her progress on the forum. We, the staff and member base, are also offering our guidance and support throughout the process. Here’s a snippet from the forum:
What’s going on?
networking-forum.com is offering a scholarship to one person who would like to earn a Cisco Certified Network Associate (CCNA) certification. The scholarship will provide the CCNA Official Exam Certification Library, a separate forum specifically dedicated to the candidate for his or her use during their studies with feedback from the site’s members, and reimbursement of the exam fees after they pass their exam(s).
How is the recipient chosen?
To qualify for the scholarship, candidates will need to write an essay about why they want to earn their CCNA certification and why they make a good candidate for the scholarship. All essays must be received by October 8th, 2010 and posted in this thread. The essays will be judged by our crack(head) staff and a few prominent members. The recipient will be announced in this thread and notified via a site private message on October 15th, 2010.
I encourage everyone to check this out and apply for the scholarship or join in to help guide the chosen pursuer.
Click here for more details!
Related Posts:
Educational IOS Petition
about 8 years ago - 4 comments
Greg at Etherealmind has created a petition for an educational IOS version. Details:
We the undersigned ask you to sign our petition.
We are the people who are learning about Data networking and Cisco IOS software. As students and practitioners, we need to learn theory and knowledge and then to take that knowledge and practice on Cisco IOS software.
We want to be able to practice that knowledge, and demonstrate our competence. We know that you are considering the value. This petition is to show our need for this solution. Wendel Odom discusses the possibility Cisco Considers IOS for Certifcation Self Study and we are calling for Cisco to make an option available.
This experience and knowledge we gain gives us the capability to make the most of Cisco equipment for our employers, your customers. We help drive the best return on investment, and keep the network performing in the way that your customers expect.
We can test configurations prior to making and be better prepared. We can develop more complex configurations than would otherwise be possible, and not blame the equipment afterwards.
We resolve problems more quickly, we make better designs and we have greater confidence in our work. We raise less support cases (and reduce your costs) by being to perform our own testing and validation.
Whether we are resellers, consultants, students or just interested in learning, we all need an practical method to access IOS and practice.
Therefore, we are asking Cisco Systems to make a version of IOS available for educational and testing purposes.
Greg Ferro
I encourage everyone reading this to sign it!
Related Posts:
Studying ITILv3
about 8 years ago - 8 comments
Sorry for the horrible lack of updates lately. I had to shift focus a bit to meet a job requirement. It’s come down from the top that everyone in the North American Network group within my company needs to get the ITILv3: Foundations cert by September of this year (ugh!). I’ve been cramming it like crazy and hope to knock the exam out in the next couple weeks. If that all works out I can get back to Cisco stuff and hopefully some decent posts.
If anyone is curious about ITIL, it’s terrible, lol. Supposedly it’s a valuable cert, so I can’t complain too much, but it’s just so boring. I love networking, so Cisco certs are actually fun for me. ITIL is just painful.
Anyway, check out my blogroll to get your networking fix.
Related Posts:
OSPF Summarization
about 8 years ago - 10 comments
This post is about OSPF Summarization. We’ll be using a familiar topology and going over two ways to summarize with OSPF.
There are two conventional ways to summarize networks in OSPF, we can use the “area range” command and the “summary-address” command. “Area range” is used on the ABR to summarize networks between areas. The “summary-address” command is used on the ASBR to summarize external networks.
Here’s the topology:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. On R1 I’ve added Lo11-14 and used “ospf 100 area 0″ under the respective interfaces. On R2 I’ve added Lo15-18 and used “redistribute connected subnets”. Let’s look at the RIBs on a couple routers:
First we’ll check out “sh ip route” on R1:
R1#sh ip route
...
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.123.2, 01:13:32, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.123.3, 01:12:38, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.123.3, 01:03:47, FastEthernet0/0
172.30.0.0/24 is subnetted, 4 subnets
O E2 172.30.6.0 [110/20] via 10.1.123.2, 00:06:11, FastEthernet0/0
O E2 172.30.7.0 [110/20] via 10.1.123.2, 00:06:11, FastEthernet0/0
O E2 172.30.5.0 [110/20] via 10.1.123.2, 00:06:11, FastEthernet0/0
O E2 172.30.8.0 [110/20] via 10.1.123.2, 00:06:11, FastEthernet0/0
C 192.168.4.0/24 is directly connected, Loopback14
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.34.0 [110/74] via 10.1.123.3, 01:12:39, FastEthernet0/0
C 10.1.123.0 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Loopback11
C 192.168.2.0/24 is directly connected, Loopback12
C 192.168.3.0/24 is directly connected, Loopback13 |
Lots of routes here. The ones to note are the 172s showing as External Type 2, which are R2′s loopbacks. Also notice our connected loopbacks.
Now let’s check out the RIB on R4:
R4#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
172.30.0.0/24 is subnetted, 4 subnets
O E2 172.30.6.0 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
O E2 172.30.7.0 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
O E2 172.30.5.0 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
O E2 172.30.8.0 [110/20] via 10.1.34.3, 00:01:26, Serial0/0
O IA 192.168.4.0/24 [110/75] via 10.1.34.3, 00:01:26, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:01:26, Serial0/0
O IA 192.168.1.0/24 [110/75] via 10.1.34.3, 00:01:26, Serial0/0
O IA 192.168.2.0/24 [110/75] via 10.1.34.3, 00:01:26, Serial0/0
O IA 192.168.3.0/24 [110/75] via 10.1.34.3, 00:01:26, Serial0/0 |
Here we see the loopbacks from R1 as Inter-Area, and the loopbacks from R2 as External Type 2.
Now we’ll configure the “area range” command to summarize R1′s loopbacks on R3 (ABR):
R3(config)#router ospf 100 R3(config-router)#area 0 range 192.168.0.0 255.255.248.0 |
Seems almost too easy. We use “area 0 range [IP] [Summary Mask]“.
Let’s verify on R4:
R4#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
172.30.0.0/24 is subnetted, 4 subnets
O E2 172.30.6.0 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
O E2 172.30.7.0 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
O E2 172.30.5.0 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
O E2 172.30.8.0 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:04:51, Serial0/0
O IA 192.168.0.0/21 [110/75] via 10.1.34.3, 00:00:13, Serial0/0 |
It worked! We shrunk all those loopbacks from R1 into a single summary route.
Now we’ll summarize on R2 (ASBR) using the “summary-address” command.
R2(config)#router ospf 100 R2(config-router)#summary-address 172.30.0.0 255.255.240.0 |
Again, pretty easy stuff, we used the “summary-address [IP] [Summary Mask]” command on R2 (ASBR) to summarize its loopbacks.
Let’s look at R4′s RIB now:
R4#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:37:55, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:02:15, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:04:01, Serial0/0
172.30.0.0/20 is subnetted, 1 subnets
O E2 172.30.0.0 [110/20] via 10.1.34.3, 00:02:15, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:37:55, Serial0/0
O IA 192.168.0.0/21 [110/75] via 10.1.34.3, 00:33:17, Serial0/0 |
It worked this time too. We see two summaries now, one Inter-Area summary for R1′s loopbacks, which we summarized on R3 (ABR) and also a External Type 2 summary for R2′s loopbacks which we configured on R2 (ASBR) itself.
Something to note before I end this one, when we create summary routes the router will install a “discard route” to null locally. This helps prevent routing loops. It will not interfere with the networks we summarize for as they are longer matches. Here are the two examples:
R2#sh ip route | i Null O 172.30.0.0/20 is a summary, 00:09:02, Null0 R3#sh ip route | i Null O 192.168.0.0/21 is a summary, 00:39:27, Null0 |
That’s OSPF Summarization in a nutshell. There are some other tricks you can use when summarizing, I may go into them in another post. Or you guys could talk about them in the comments. 
Related Posts:
OSPF Area Types: Not So Totally Stubby
about 8 years ago - 1 comment
This is the last post in a series about OSPF Area Types. Today we’ll go over Not So Totally Stubby Areas. We’ll be using the same topology as the NSSA post, but this time we will inject a specific route (40.40.40.0/24) from the ASBR (R4) instead of a default.
Quick refresher, OSPF Not So Totally Stubby Areas have intra-area routes (Type 2 LSAs) and also external routes in the form of Type 7 LSAs, which are converted to Type 5 LSAs by the ABR. No inter-area routes (Type 3 LSAs) are permitted in a Not So Totally Stubby Area and a default route will be injected by the ABR.
(For more detailed information on LSAs and Area Types, check out this post.)
Here’s the topology:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve redistributed loopbacks on each router (“redistribute connected subnets” under the OSPF process) to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. I’ve also added a static route on R4 (40.40.40.0/24) which I’m injecting into OSPF with the “redistribute static subnets” command. Let’s look at some show commands BEFORE we make area 34 a Not So Totally Stubby Area:
First we’ll check out “sh ip route ospf” on R3:
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.123.1, 00:04:20, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.123.2, 00:04:20, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.34.4, 00:03:33, Serial0/0
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.40.40.0 [110/20] via 10.1.34.4, 00:02:57, Serial0/0 |
Here we see all the loopbacks and the static (40.40.40.0/24) come through as external type 2, which is the default.
Now let’s check out the RIB on R4:
R4#sh ip route
...
Gateway of last resort is not set
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:04:51, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:04:51, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
40.0.0.0/24 is subnetted, 1 subnets
S 40.40.40.0 is directly connected, Null0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.34.0 is directly connected, Serial0/0
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:04:51, Serial0/0 |
We see one intra-area route (O – LSA 2) to 34.34.34.34/32, one inter-area route (O IA – LSA 3) to 10.1.123.0/23 and three external type 2 (O E2 – LSA 5) routes to the respective loopbacks. Also notice the static (40.40.40.0/24) to null0, which we’re injecting into the OSPF domain.
Now we’ll configure area 34 as not so totally stubby:
R3(config)#router ospf 100 R3(config-router)#area 34 nssa no-summary R4(config)#router ospf 100 R4(config-router)#area 34 nssa |
Easy stuff, we configure area 34 with “nssa no-summary” on R3 (ABR), then we configure R4 (ASBR) with “nssa” for area 34.
Let’s examine the new RIB on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:01:50, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O N2 3.3.3.3 [110/20] via 10.1.34.3, 00:01:50, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.34.3, 00:01:50, Serial0/0 |
We now have only three OSPF routes, our O (LSA 2) for the 34.34.34.34/32 network, our O*IA default route, which is injected from R3 (ABR) and the N2 (LSA 7) route for R3′s loopback, which is being redistributed with the “redistribute connected subnets” command on R3.
Here’s R4′s OSPF Database:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 255 0x80000006 0x00A1D5 3
4.4.4.4 4.4.4.4 252 0x80000009 0x0025E4 2
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 3.3.3.3 272 0x80000001 0x00DE4B
Type-7 AS External Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Tag
3.3.3.3 3.3.3.3 271 0x80000001 0x00E69F 0
4.4.4.4 4.4.4.4 256 0x80000001 0x0090B4 0
40.40.40.0 4.4.4.4 256 0x80000001 0x00A339 0 |
We see the router LSAs for R3 and R4, which are normal. Next we see the Type 3 LSA for the default route R3 is injecting and finally we see three Type 7 LSAs, one for each external network injected into area 34.
Last we’ll look at R1′s RIB so we can see how Not So Totally Stubby Areas affect the OSPF domain:
R1#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O IA 34.34.34.34 [110/11] via 10.1.123.3, 00:14:31, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.123.2, 00:15:24, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.123.3, 00:14:31, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.123.3, 00:05:40, FastEthernet0/0
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.40.40.0 [110/20] via 10.1.123.3, 00:05:40, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.34.0 [110/74] via 10.1.123.3, 00:14:31, FastEthernet0/0 |
The table looks normal. The important thing to note here is that the external routes from R4 are showing up as O E2 (LSA 5s), which we know is caused by R3 converting them from the Type 7s which only exist in NSSAs to Type 5s, which are allowed in normal areas.
Not So Totally Stubby Areas sound odd, and I’ve never seen them in the real world, but they are fair game on the CCIE lab, and you may come across them in a real network. The key concepts are simply that LSA Type 5s are not allowed in Not So Totally Stubby Areas, external routes will show as N (LSA 7s) in the RIB and are converted to Type 5s on the ABR before leaving the area. Also remember that the ABR injects a default route like a normal Totally Stubby Area.
Related Posts:
OSPF Area Types: NSSA
about 8 years ago - 3 comments
Today we’ll go over Not So Stubby Areas (NSSA). We will be using a slightly different topology here, we will make R4 an ASBR with a connection to the internet.
Quick refresher, OSPF NSSAs have inter and intra-area routes (Type 2 and Type 3 LSAs) and also external routes in the form of Type 7 LSAs, which are converted to Type 5 LSAs by the ABR.
(For more detailed information on LSAs and Area Types, check out this post.)
Here’s the topology:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve also redistributed loopbacks on each router (“redistribute connected subnets” under the OSPF process) to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. I’ve also added a static default route on R4 which I’m injecting into OSPF with the “default-information originate” command. Let’s look at some show commands BEFORE we make area 34 an NSSA:
First we’ll check out “sh ip route ospf” on R3:
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.123.1, 00:03:42, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.123.2, 00:03:42, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.34.4, 00:04:22, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.34.4, 00:03:59, Serial0/0 |
Here we see all the loopbacks and the default come through as external type 2, which is the default.
Now let’s check out the RIB on R4:
R4#sh ip route
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:06:39, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:06:02, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:06:02, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:06:39, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.34.0 is directly connected, Serial0/0
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:06:39, Serial0/0
S* 0.0.0.0/0 is directly connected, Null0 |
We see one intra-area route (O – LSA 2) to 34.34.34.34/32, one inter-area route (O IA – LSA 3) to 10.1.123.0/23 and three external type 2 (O E2 – LSA 5) routes to the respective loopbacks. Also notice the static default to null0, which we’re injecting into the OSPF domain.
Now we’ll configure area 34 as an NSSA:
R3(config)#router ospf 100 R3(config-router)#area 34 nssa R4(config)#router ospf 100 R4(config-router)#no default-information originate R4(config-router)#area 34 nssa default-information-originate |
Pretty basic config, we configure area 34 as NSSA on R3 (ABR), then we remove the “default-information originate” command from R4 (ASBR) and use “area 34 nssa default-information-originate” to change the area to an NSSA and inject the default route.
Let’s examine the new RIB on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:02:56, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O N2 3.3.3.3 [110/20] via 10.1.34.3, 00:02:56, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:02:56, Serial0/0 |
We see some cool stuff here, our O and IA routes are still present, but we also have an N2 (LSA 7) route now for R3′s loopback, which is being redistributed.
Here’s R4′s OSPF Database:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 300 0x80000005 0x00A3D4 3
4.4.4.4 4.4.4.4 299 0x80000004 0x002FDF 2
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
10.1.123.0 3.3.3.3 492 0x80000002 0x005A3F
Type-7 AS External Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 4.4.4.4 304 0x80000001 0x008ADD 0
3.3.3.3 3.3.3.3 491 0x80000001 0x00E69F 0
4.4.4.4 4.4.4.4 304 0x80000001 0x0090B4 0 |
First we see the router LSAs for R3 and R4, which are normal. Next we see the Type 3 LSA for 10.1.123.0 and finally we see three Type 7 LSAs, one for each external network injected into area 34.
Last we’ll look at R1′s RIB so we can get a full picture of how NSSAs affect OSPF domains:
R1#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O IA 34.34.34.34 [110/11] via 10.1.123.3, 00:20:46, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.123.2, 00:22:14, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.123.3, 00:20:46, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.123.3, 00:08:16, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.34.0 [110/74] via 10.1.123.3, 00:20:46, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.123.3, 00:08:16, FastEthernet0/0 |
The table looks normal. The important thing to note here is that the external routes from R4 are showing up as O E2 (LSA 5s), which we know is caused by R3 converting them from the Type 7s which only exist in NSSAs to Type 5s, which are allowed in normal areas.
NSSAs are interesting, I’ve never seen one used in production, but I can see how they may be needed in some situations. The key concepts are simply that LSA Type 5s are not allowed in NSSA, external routes originated in the NSSA will show as N (LSA 7s) in the RIB and are converted to Type 5s on the ABR before leaving the area.
Related Posts:
OSPF Area Types: Totally Stubby
about 8 years ago - 4 comments
This is the first post in a series about OSPF Area Types. Today we’ll go over Totally Stubby areas. We’ll be using the same topology as the Stub post. I’m also reposting the first portion of that here since it will be the same.
Quick refresher, OSPF Totally Stubby Areas allow only intra-area routes and a default route generated by the ABR (Type 2 LSAs – the default route comes through as a Type 3 LSA, but no other Type 3s are allowed). Inter-area and External routes (Type 5 LSAs) are not allowed in totally stubby areas.
(For more detailed information on LSAs and Area Types, check out this post.)
Here’s the topology:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve also redistributed loopbacks on each router (“redistribute connected subnets” under the OSPF process) to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. Let’s look at some show commands BEFORE we make area 34 totally stubby:
First we’ll check out “sh ip route ospf” on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:01:17, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:01:17, Serial0/0 |
As expected, we see everything. 34.34.34.34/32 has come through as an intra-area route (O – LSA 2). We see our loopbacks from each router come through as external (O E2 – LSA 5, something to note is E2 routes do not increment cost as they traverse the network, so we see a cost of 20, which will be the same throughout the OSPF domain). Last we see 10.1.123.0/24 as an inter-area route (O IA – LSA 3).
Now let’s check out the OSPF Database on R4:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 3 0x8000000C 0x00EF87 3
4.4.4.4 4.4.4.4 2 0x8000000D 0x00ABEB 1
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
10.1.123.0 3.3.3.3 113 0x80000003 0x00B2EB
Summary ASB Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 3.3.3.3 119 0x80000001 0x0057CA
2.2.2.2 3.3.3.3 119 0x80000001 0x0029F4
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.1 1.1.1.1 1293 0x80000001 0x009BFC 0
2.2.2.2 2.2.2.2 1303 0x80000001 0x004F41 0
3.3.3.3 3.3.3.3 119 0x80000004 0x00FC88 0
4.4.4.4 4.4.4.4 3 0x80000004 0x00B0CC 0 |
Lots of output, but nothing crazy. We see our LSAs for area 34, and our redistributed loopbacks as external LSAs.
Now we’ll configure area 34 totally stubby:
R3(config)#router ospf 100 R3(config-router)#area 34 stub no-summary R4(config)#router ospf 100 R4(config-router)#area 34 stub |
There isn’t much to the config at all, as we can see. The command is “area n stub no-summary”, this tells the ABR not to send Type 3s into the area. On the non-ABR(s) we simply specify the area as a stub, the “no summary” keyword is only needed on the ABR.
Let’s examine the new RIB on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:02:04, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.34.3, 00:02:04, Serial0/0 |
Very small table. Here we see that all the external routes are gone, but intra-area route to 34.34.34.34 is still in the table. Our only other OSPF route is the default generated by R3.
Finally we’ll look at the OSPF Database:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 665 0x8000000B 0x000A72 3
4.4.4.4 4.4.4.4 300 0x8000000A 0x00957D 2
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 3.3.3.3 1214 0x80000001 0x0057DA |
It is much smaller now. We see the router LSAs and a single inter-area LSA, the default route from R3.
Totally Stubby areas are pretty basic once you understand Stub areas and LSAs in general. The key concepts are simply that LSA Type 3s and Type 5s are not allowed in totally stubby areas, and also that a default route is generated by the ABR.
Related Posts:
OSPF Area Types: Stub
about 8 years ago - 5 comments
This is the first post in a series about OSPF Area Types. Today we’ll go over Stub areas. This one will be somewhat short on config, but should have a good amount of show commands.
Quick refresher, OSPF Stub Areas allow inter- and intra-area routes (Type 2 and Type 3 LSAs). External routes (Type 5 LSAs) are not allowed in stub areas.
(For more detailed information on LSAs and Area Types, check out this post.)
We’ll be using the same topology we used for OSPF Authentication:
I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve also redistributed loopbacks on each router to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. Let’s look at some show commands BEFORE we make area 34 a stub:
First we’ll check out “sh ip route ospf” on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:01:17, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 10.1.34.3, 00:01:17, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:01:17, Serial0/0 |
As expected, we see everything. 34.34.34.34/32 has come through as an intra-area route (O – LSA 2). We see our loopbacks from each router come through as external (O E2 – LSA 5, something to note is E2 routes do not increment cost as they traverse the network, so we see a cost of 20, which will be the same throughout the OSPF domain). Last we see 10.1.123.0/24 as an inter-area route (O IA – LSA 3).
Now let’s check out the OSPF Database on R4:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 3 0x8000000C 0x00EF87 3
4.4.4.4 4.4.4.4 2 0x8000000D 0x00ABEB 1
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
10.1.123.0 3.3.3.3 113 0x80000003 0x00B2EB
Summary ASB Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 3.3.3.3 119 0x80000001 0x0057CA
2.2.2.2 3.3.3.3 119 0x80000001 0x0029F4
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.1 1.1.1.1 1293 0x80000001 0x009BFC 0
2.2.2.2 2.2.2.2 1303 0x80000001 0x004F41 0
3.3.3.3 3.3.3.3 119 0x80000004 0x00FC88 0
4.4.4.4 4.4.4.4 3 0x80000004 0x00B0CC 0 |
Lots of output, but nothing crazy. We see our LSAs for area 34, and our redistributed loopbacks as external LSAs.
Now we’ll configure area 34 as a stub:
R3(config)#router ospf 100 R3(config-router)#area 34 stub *Mar 1 00:13:39.675: %OSPF-5-ADJCHG: Process 100, Nbr 4.4.4.4 on Serial0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset R4(config)#router ospf 100 R4(config-router)#area 34 stub *Mar 1 00:03:25.923: %OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on Serial0/0 from LOADING to FULL, Loading Done |
Simple configuration, we configured area 34 as a stub under the OSPF process. Notice that the neighbors go down and reform once they match.
Let’s examine the new RIB on R4:
R4#sh ip route ospf
34.0.0.0/32 is subnetted, 1 subnets
O 34.34.34.34 [110/65] via 10.1.34.3, 00:01:33, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.123.0 [110/74] via 10.1.34.3, 00:01:33, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 10.1.34.3, 00:01:33, Serial0/0 |
Here we see that all the external routes are gone, but intra- and inter-area routes are still in the table. The inter-area route to 10.1.123.0/24 is still there, and we also have a default route, which is showing as an inter-area route as well.
Finally we’ll look at the OSPF Database:
R4#sh ip ospf d
OSPF Router with ID (4.4.4.4) (Process ID 100)
Router Link States (Area 34)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 259 0x8000000E 0x000475 3
4.4.4.4 4.4.4.4 258 0x80000010 0x008983 2
Summary Net Link States (Area 34)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 3.3.3.3 308 0x80000001 0x0057DA
10.1.123.0 3.3.3.3 308 0x80000004 0x00CED0 |
It is much smaller now. We see the router LSAs and only two inter-area LSAs, the default route and the route to 10.1.123.0/24.
I was planning on putting a debug in here as well, but I didn’t really get anything interesting enough to add.
OSPF Stub Areas are relatively simple, but can be confusing when first digging into OSPF. The key concepts are simply that LSA Type 5s are not allowed in stub areas, and also that a default route is generated by the ABR. I very much expect to see stub areas of some sort on the CCIE lab.
Related Posts:
OSPF Authentication
about 8 years ago - 3 comments
This post is about the different OSPF authentication methods. It will be part of a series outlining OSPF commands/technologies.
We can configure OSPF to use authentication for an entire area, or just for a single interface. Today we’ll go over both. Here’s the topology:
First we’ll setup authentication for all of area 0:
R1(config)#interface FastEthernet0/0 R1(config-if)#ip ospf message-digest-key 1 md5 cisco R1(config-if)#ip ospf 100 area 0 R1(config-if)# R1(config-if)#router ospf 100 R1(config-router)#area 0 authentication message-digest R2(config)#interface FastEthernet0/0 R2(config-if)#ip ospf message-digest-key 1 md5 cisco R2(config-if)#ip ospf 100 area 0 R2(config-if)# R2(config-if)#router ospf 100 R2(config-router)#area 0 authentication message-digest R3(config)#interface FastEthernet0/0 R3(config-if)#ip ospf message-digest-key 1 md5 cisco R3(config-if)#ip ospf 100 area 0 R3(config-if)# R3(config-if)#router ospf 100 R3(config-router)#area 0 authentication message-digest |
Nothing crazy here, we configure OSPF and an MD5 key under our area 0 interfaces, then we specify that all of area 0 should use MD5 authentication. Note that the commands differ slightly if we want to use clear-text, it would be “ip ospf authentication-key [key]” and “area 0 authentication” under the OSPF 100 process.
Let’s verify:
R1#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:32 10.1.123.2 FastEthernet0/0
3.3.3.3 1 FULL/DROTHER 00:00:35 10.1.123.3 FastEthernet0/0
R1#sh ip ospf int fa0/0
...
Message digest authentication enabled
Youngest key id is 1 |
Everything is working, our neighbors are up and we see that authentication is enabled with the key we specifcied. Note, if we leave off a key, the neigbhors will still form and MD5 will still be enabled, but it will say key 0:
R1(config)#int fa0/0
R1(config-if)#no ip ospf message-digest-key 1 md5 cisco
R2(config)#int fa0/0
R2(config-if)#no ip ospf message-digest-key 1 md5 cisco
R2#sh ip ospf int fa0/0
...
Message digest authentication enabled
No key configured, using default key id 0 |
We see that no key is being used, but MD5 is still working. Not critical knowledge, but may be useful sometime.
Next we’ll configure MD5 between routers R3 and R4:
R3(config)#interface Serial0/0 R3(config-if)#ip ospf authentication message-digest R3(config-if)#ip ospf message-digest-key 2 md5 cisco R3(config-if)#ip ospf 100 area 34 R4(config)#interface Serial0/0 R4(config-if)#ip ospf authentication message-digest R4(config-if)#ip ospf message-digest-key 2 md5 cisco R4(config-if)#ip ospf 100 area 34 |
Notice that here we have not made any changes under the OSPF process, this is all at the interface level. We use the “ip ospf authentication message-digest” command to run MD5 on this interface, then we specify a key the same way as earlier.
We’ll verify this config:
R3#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
4.4.4.4 0 FULL/ - 00:00:36 10.1.34.4 Serial0/0
R3#sh ip ospf int s0/0
...
Message digest authentication enabled
Youngest key id is 2 |
As expected, everything is working.
That’s OSPF authentication. Both ways could be asked on the CCIE Lab, so this is good stuff to know.
Related Posts:
about 9 years ago
Cleared my CCIP few days back.
My path was Composite, BGP+MPLS & QoS.
Composite paper was more like 50% for each BSCI and BCMSN and i encountered about 4 labs if i remember correctly.
As for BGP+MPLS paper i had about 3 Labs once again if i remember correctly and the paper is rather easy. Completed the paper about 30mins. Know the fundamental and you wont go wrong :D.
about 9 years ago
When I said “composite” I was talking about BGP+MPLS. I’m already done with the CCNP, so I don’t have to worry about BSCI, thankfully.
30 minutes for BGP+MPLS? Wow, that’s insane. I’ve read that there are only ~50 questions on it, which is less than I can remember on a Cisco exam. Thanks for the info!
BGP+MPLS is looking more appealing, especially since I’m not paying, lol.
about 9 years ago
Ah, Not paying for it? Lucky you.
If i rememeber correctly it was only 42 – 45 questions for BGP+MPLS including of lab.
All the best!
about 9 years ago
I’ve heard the same thing, and had the same debate.
I’m personally going the two exam option because I don’t *want* the easy way out. The CCIP is CCIE prep for me, so the goal is to get as familiar with BGP and MPLS as I possibly can. CCIP is just something I pick up along the way to CCIE, not an end goal in and of itself.
about 9 years ago
I hear you, though I’m ok with taking the easier path as getting the cert doesn’t mean I stop learning. If you’re against taking the easy way out, maybe you should limit the amount of study materials you have access to, or quit labbing as a learning tool, or hell, may as well poke one of your eyes out. Doing all this with one eye would be even less easy.:D
Regardless of getting the cert, I’ll still be studying, learning and labbing. I can’t get enough of this stuff. The CCIE is my end goal as well, but I need something to fill the time until I’m ready to revisit that road.
The benefit of the cert is that I’ll (hopefully) get a little bump at work, or have an easier time finding a new job.
about 9 years ago
Ah, you misunderstand me hehe
I have to learn enough to do the hard versions of the exams anyway, so I’d prefer to use them as my check. The knowledge is what’s important to me, and the more questions I can answer that ‘count’, the better off I think it is for me.
Of course I have no incentive to take the easier path, work doesn’t care what certs I do, they won’t pay for any training, and so on, and management probably doesn’t realize it yet, but my coworkers certainly do – once I pass the CCIE, I’m most likely gone. I don’t think management will be willing to pay the salary to keep two CCIE’s on staff, so I’m in no rush. I’m pretty much on a 2 year plan as it is.
I’ve just never been a big fan of composite exams, I prefer to be able to focus my studies. Of course I might as well get used to the prospect, since the CCIE Written is really just one big Composite exam.
about 9 years ago
My current employer is the first to pay for anything, it’s very, very nice. They won’t pay for training (at least not so far), but they will pay for Cisco exams, thankfully.
My manager probably realizes that if (or when, hopefully) I get the IE they’ll either have to give me a big bump or I’ll seek other employment. I doubt I’ll get the bump, lol.
I completely agree with you on composite exams, I didn’t dare try to take the BSCI+BCMSN composite, it was just too much stuff to cram in. I feel a little better about BGP+MPLS since a lot of it is complementary and it’s really just two technologies, albeit very, very deep technologies. I’m ok with giving this one a shot, especially after what I’m hearing. I’ll know next week whether it was a mistake or not, hah.
Ps. I like your blog, I’m adding a link to it on here.