Asalamu alikom war7mato allah wbarakatoh
I was working on my EIGRP lab using the configuration shown in the diagram.
BSCI - EIGRP Lab
This lab started with three routers, HQ and two branch offices (R2 and R3). At some point I’ve decided to add another router that will have no direct access to HQ, just for fun.
Step I:
Configuring all the interfaces as the diagram show. For the exam it is always good to remember that a no shutdown is required on every interface. Always assume that an interface is administratively down.
I’ve done a typo or was not focused enough and this popped:
*Mar 1 00:17:25.599: %IP-4-DUPADDR: Duplicate address 10.1.40.2 on Ethernet1/0, sourced by cc06.0a7c.0010
In this case Interface E1/0 on R3 had the same IP as Interface E1/0 of R2.
Step II:
After completing the interfaces configuration I used ping to test the connections (I test every connection, one ping per interface).
When I was sure that all the connections are working it was time to start EIGRP on all the routers using the following:
router eigrp 1
network 10.0.0.0
At this point messages popped all over the place stating the discovery of new neighbors
*Mar 1 00:01:47.611: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.34.2 (Serial0/1) is up: new adjacency
Step III:
Running show commands to verify EIGRP is running and neighbors can communicate. These are the outputs from my HQ router:
HQ#sh ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(10.1.30.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status
P 10.1.30.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.1.20.0/24, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.1.40.0/24, 2 successors, FD is 2195456
via 10.1.20.3 (2195456/281600), Serial0/1
via 10.1.30.2 (2195456/281600), Serial0/0
P 10.1.60.0/24, 1 successors, FD is 2172416
via 10.1.30.2 (2172416/28160), Serial0/0
via 10.1.20.3 (2174976/30720), Serial0/1
P 10.1.50.0/24, 1 successors, FD is 2172416
via 10.1.20.3 (2172416/28160), Serial0/1
via 10.1.30.2 (2174976/30720), Serial0/0
HQ#sh ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.1.20.3 Se0/1 12 00:00:35 471 2826 0 9
0 10.1.30.2 Se0/0 12 00:01:09 398 2388 0 14
HQ#sh ip eigrp traffic
IP-EIGRP Traffic Statistics for AS 1
Hellos sent/received: 52/29
Updates sent/received: 8/10
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 8/2
Input queue high water mark 3, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 182
PDM Process ID: 162
At this point my EIGRP network was up and running.
You can check my show run configuration for HQ and R3 (why R3? we’ll get there in a minute), the other two routers has similar configuration.
Step IV:
Using the key chain command I built an authentication process between HQ and R3. These are the commands I used on global configuration for both routers:
key chain ROFI
key 1
key-string s3cr3t
access-lifetime 01:00:00 Mar 1 2002 02:00:00 Mar 1 2002
send-lifetime 01:00:00 Mar 1 2002 02:00:00 Mar 1 2002
And this is the commands per Serial interface (also identical on both routers):
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 ROFI
I noticed that the neighbor status changed to down while configuring HQ, which make sense because R3 was not configured yet but when the configuration on R3 completed and the neighbors still could not communicate I used the debug eigrp packet command to look for the problem
R3#debug eigrp packet
EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
*Mar 1 00:51:22.755: EIGRP: Sending HELLO on Serial0/0
*Mar 1 00:51:22.755: AS 1, Flags 0×0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar 1 00:51:24.227: EIGRP: Serial0/0: ignored packet from 10.1.20.1, opcode =5 (missing authentication)
*Mar 1 00:51:27.631: EIGRP: interface Serial0/0, No live authentication keys
*Mar 1 00:51:32.139: EIGRP: Sending HELLO on Ethernet1/0
*Mar 1 00:51:32.139: AS 1, Flags 0×0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar 1 00:51:28.383: EIGRP: Received HELLO on Ethernet1/0 nbr 10.1.40.2
This debug output show both the failed authentication on S0/0 and a successful connection on E1/0.
The reason my authentication failed was the lifetime parameters that did not match due to unsynchronized clocks.
To resolve it I added the command ntp master to the HQ router and the command ntp server 10.1.20.1 to router R3. The errors cleared right away and the authentication completed successfully.
Mar 1 01:01:07.433: EIGRP: Sending HELLO on Serial0/0
Mar 1 01:01:07.433: AS 1, Flags 0×0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar 1 01:01:07.993: EIGRP: received packet with MD5 authentication, key id = 1
Mar 1 01:01:07.997: EIGRP: Received HELLO on Serial0/0 nbr 10.1.20.1
Step V:
I wanted to check how eigrp 1 network converge when Interface S0/0 on R3 fail (using shutdown command).
This is a trace from HQ router to R4:
HQ#trace 10.1.50.4
Type escape sequence to abort.
Tracing the route to 10.1.50.4
1 10.1.20.3 128 msec 152 msec 80 msec
2 10.1.50.4 936 msec 416 msec *
And after the shutdown command on R3
HQ#trace 10.1.50.4
Type escape sequence to abort.
Tracing the route to 10.1.50.4
1 10.1.30.2 144 msec 204 msec 124 msec
2 10.1.60.4 344 msec 292 msec *
While testing the Serial shutdown the routers popped all the options the book explained…
*Mar 1 00:31:45.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.50.3 (FastEthernet0/1) is down: holding time expired
*Mar 1 00:33:23.779: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.50.3 (FastEthernet0/1) is up: new adjacency
*Mar 1 00:35:36.915: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.30.1 (Serial0/0) is resync: peer graceful-restart
*Mar 1 00:36:30.443: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.60.4 (FastEthernet2/0) is down: Interface Goodbye received
*Mar 1 00:38:43.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.60.4 (FastEthernet2/0) is up: new adjacency
This lab was fun, I also played a bit with eigrp stub and auto-summary. There are many more configurations options but I feel that I’ve covered the basics and understand the way EIGRP work
Manqool
المفضلات