EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

This is the first EIGRP post Ill be doing for CCIE lab preparation. Ive tried to include a lot in this one without making it too long. Heres the topology:

Click here for the initial configs Here is task one: 1. Advertise all connected loopbacks into EIGRP AS 100. Ensure that only interfaces connected to

1 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

other routers will form adjacencies. Do not allow EIGRP to summarize automatically. Simple stuff:

R1(config)#router eigrp 100 R1(config-router)#passive-interface default R1(config-router)#no passive-interface Virtual-Template12 R1(config-router)#no passive-interface Virtual-Template13 R1(config-router)#network 1.0.0.0 R1(config-router)#network 10.0.0.0 R1(config-router)#no auto-summary R1(config)#interface Virtual-Template12 R1(config-if)#ip address 10.1.12.1 255.255.255.0 R1(config-if)# R1(config-if)#interface Virtual-Template13 R1(config-if)#ip address 10.1.13.1 255.255.255.0 R1(config-if)# R1(config-if)#interface Serial0/0.102 point-to-point R1(config-subif)#frame-relay interface-dlci 102 ppp Virtual-Template12 R1(config-subif)# R1(config-fr-dlci)#interface Serial0/0.103 point-to-point R1(config-subif)# frame-relay interface-dlci 103 ppp Virtual-Template13

This EIGRP config is basic, weve started the EIGRP 100 process, added our passive interface and network statements. We also disable auto-summarization. Im only showing R1 here as the config is nearly identical across the board. Weve also configured PPP on the FR links with Virtual Templates, this will be needed later in the config (leak maps). Task two: 2. Configure strong authentication between R1 and R3 using the password cisco. Change the Hold and Hello timers between R1 and R2 to twice the default. Change the SIA timers on R4 to three times the default. Config:

R1(config)#key chain EIGRP R1(config-keychain)# key 1 R1(config-keychain-key)#key-string cisco R1(config)# R1(config)#interface Virtual-Template13 R1(config-if)#ip authentication mode eigrp 100 md5 R1(config-if)# R1(config-if)#interface Virtual-Template12 R1(config-if)#ip hello-interval eigrp 100 10 R1(config-if)#ip hold-time eigrp 100 30 R4(config)#router eigrp 100 R4(config-router)#timers active-time 9

First we configure the key chain on R1 with the string cisco, then we assign it to our virtualtemplate interface connected to R3 (note, this will bounce the neighbors). Next we configure our hello and hold timers on R1. We change the hello and hold timers to twice the default (default hello is 5 seconds, default hold is 15). Last we configure the SIA timer on R4 to nine minutes, three times the default.

2 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

Task three: 3. Configure 50.0.0.0 to be the candidate default originated by R1 for the EIGRP AS. Prevent any routes over eight hops from being added to R3 s RIB. Config:

R1(config)#ip route 50.0.0.0 255.0.0.0 Null0 R1(config)#ip default-network 50.0.0.0 R1(config)# R1(config)#router eigrp 100 R1(config-router)#redistribute static R3#sh ip route | i Gate Gateway of last resort is 10.1.13.1 to network 50.0.0.0 R3#sh ip route | i \* ia - IS-IS inter area, * - candidate default, U per-user static route D*EX 50.0.0.0/8 [170/2585600] via 10.1.13.1, 00:02:30, VirtualAccess1 R3(config)#router eigrp 100 R3(config-router)#metric maximum-hops 8

Here we configure a static route for 50.0.0.0, then we add the default-network statement and redistribute static on R1. We verify on R3 that 50.0.0.0 is our candidate default. Next we configure the maximum-hops statement on R3. Task four: 4. Configure loopback IPs 172.30.1.1/24, 172.30.2.1/24, and 172.30.3.1/24 on R5, advertise these networks into EIGRP. Configure R4 as a stub, but ensure that all R5 s connected networks are present in R1, R2 and R3 s routing tables with the exception of 172.30.2.0/24. Config:

R5(config)#interface Loopback1 R5(config-if)#ip address 172.16.1.1 255.255.255.0 R5(config-if)#interface Loopback2 R5(config-if)#ip address 172.16.2.1 255.255.255.0 R5(config-if)#interface Loopback3 R5(config-if)#ip address 172.16.3.1 255.255.255.0 R5(config-if)# R5(config-if)#ip access-list standard Match-172 R5(config-std-nacl)#permit 172.16.1.0 0.0.0.255 R5(config-std-nacl)#permit 172.16.2.0 0.0.0.255 R5(config-std-nacl)#permit 172.16.3.0 0.0.0.255 R5(config-std-nacl)# R5(config-std-nacl)#route-map Redist-Conn permit 10 R5(config-route-map)#match ip address Match-172 R5(config-route-map)# R5(config-route-map)#router eigrp 100 R5(config-router)#redistribute connected route-map Redist-Conn R4(config)#ip access-list standard Match-Leak R4(config-std-nacl)#deny 172.16.2.0 0.0.0.255 R4(config-std-nacl)#permit any R4(config-std-nacl)# R4(config-std-nacl)#route-map Leak-172 permit 10 R4(config-route-map)#match ip address Match-Leak R4(config-route-map)# R4(config-route-map)#router eigrp 100 R4(config-router)#eigrp stub leak-map Leak-172 R3#sh ip route eigrp

3 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

D 5.0.0.0/8 [90/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0 172.16.0.0/24 is subnetted, 3 subnets D EX 172.16.1.0 [170/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0 D EX 172.16.3.0 [170/2300416] via 10.2.2.4, 00:08:48, FastEthernet0/0

We start on R5 by configuring the loopbacks, we then match them in an ACL and redistribute. Then on R4 we configure an ACL to block only the 172.16.2.0/24 network, we match it in a route-map and configure R4 as an EIGRP stub while using the leak-map to allow all routes other than 172.16.2.0/24 to be advertised. We verify that its working on R3. Task five: 5. Configure loopback IPs 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24 and 192.168.4.1/24 on R1. Inject the most specific summary possible into the EIGRP AS. Inject the full 192.168.3.0/24 route into EIGRP, do this all on R1. Originate a default route on R1. Do not use the ip default-network command to accomplish this. Config:

First we add our loopbacks, next we match them in an ACL and redistribute them into EIGRP. Then R1(config)#interface Loopback0 we configure a prefix list to match the route we want to leak, next we match the prefix list in our R1(config-if)#ip address 1.1.1.1 255.0.0.0
R1(config-if)#interface Loopback1 route-map. Finally we add our summaries to the interfaces and use the leak-map command to R1(config-if)#ip address 192.168.1.1 255.255.255.0 reference our route-map. We verify that were seeing the default, 192 summary and leaked route on R1(config-if)#interface Loopback2

R3. R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#interface Loopback3 R1(config-if)#ip address 192.168.3.1 255.255.255.0 Task six: R1(config-if)#interface Loopback4 R1(config-if)#ip address 192.168.4.1 255.255.255.0 6. Set the bandwidth command to 1000 on the R1 s link to R2 and 500 on R1 s link to R3. R1(config-if)# Configure EIGRP to load balance across these two links. R1(config-if)#ip access-list standard Match-192 R1(config-std-nacl)#permit 192.168.1.0 0.0.0.255 R1(config-std-nacl)#permit 192.168.2.0 0.0.0.255 Config: R1(config-std-nacl)#permit 192.168.3.0 0.0.0.255 R1(config-std-nacl)#permit 192.168.4.0 0.0.0.255 R1(config-std-nacl)# R1(config-std-nacl)#route-map Redist-Conn permit 10 R1(config)#interface Virtual-Template12 R1(config-route-map)#match ip address Match-192 R1(config-if)#bandwidth 1000 R1(config-route-map)# R1(config-if)# R1(config-route-map)#router eigrp 100 R1(config-if)#interface Virtual-Template13 R1(config-router)#redistribute connected route-map Redist-Conn R1(config-if)#bandwidth 500 R1(config-router)# R1(config-if)# R1(config-router)#ip prefix-list EIGRP_Leak seq 10 permit R1(config-if)#router eigrp 100 192.168.3.0/24 R1(config-router)#variance 2 R1(config)# R1(config)#route-map Leak-192.168.3.0 permit 10 R1#sh ip route eigrp R1(config-route-map)#match ip address prefix-list00:37:14, D EX 172.16.30.0 [170/7705600] via 10.1.13.3, EIGRP_Leak R1(config-route-map)# Virtual-Access2 R1(config-route-map)#interface Virtual-Template1200:37:14, [170/5148160] via 10.1.12.2, R1(config-if)#ip summary-address eigrp 100 192.168.0.0 255.255.248.0 Virtual-Access1 5 leak-map Leak-192.168.3.0 R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5 R1(config-if)# R1(config-if)#interface Virtual-Template13 This one is pretty basic, we set the bandwidth commands and then configure variance under EIGRP. R1(config-if)#ip summary-address eigrp 100 192.168.0.0 255.255.248.0 5 leak-map to unequally load This tells EIGRP Leak-192.168.3.0 balance across links using a multiple of 2. We have verified that R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5

R1 has added both routes to the RIB.

R3#sh ip route eigrp

D EX 192.168.3.0/24 [170/2713600] via 10.1.13.1, 00:33:21, VirtualTask seven: Access1 7. Prevent R4 from [90/2585600] 10.1.13.0/24 prefix from R3. Configure a static route for D* 0.0.0.0/0 learning the via 10.1.13.1, 00:33:21, Virtual-Access1 D 192.168.0.0/21 [90/2713600] into EIGRP with the metric set to 50mbps, 100ms delay, 172.16.30.0/24 on R3, redistribute thisvia 10.1.13.1, 00:33:21, Virtual-

maximum reliability, minimum load, and 1500 byte MTU. Do not use the default-metric

Access1

4 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

command to accomplish this. Config:

R3(config)#ip access-list standard Filter-10.1.1.13.2 R3(config-std-nacl)#deny 10.1.13.0 0.0.0.255 R3(config-std-nacl)# R3(config-std-nacl)#ip route 172.16.30.0 255.255.255.0 Null0 R3(config-std-nacl)# R3(config)#ip access-list standard Match-172 R3(config-std-nacl)#permit 172.16.30.0 0.0.0.255 R3(config-std-nacl)# R3(config-std-nacl)#route-map Redist-Static permit 10 R3(config-route-map)#match ip address Match-172 R3(config)#router eigrp 100 R3(config-router)#$redistribute static metric 50000 100 255 1 1500 route-map Redist-Static R3(config-router)#distribute-list Filter-10.1.1.13.2 out

First we configures a filter for the 10.1.13.0/24 network, next we added a route for 172.16.30.0/24 pointing to null0, then we match this route in an ACL and match the ACL in a route-map. Next we redistribute static routes using the route-map we configured, we also set the metric for these routes to match the task. Finally we use a distribute-list to filter the 10.1.13.0/24 route. This one is a bit longer than the others, but I think it has some good information. Please let me know if you have any thoughts or spot any mistakes, I did this one pretty fast and recklessly. Heres the .net file: The Dynagen/GNS3 .net file (you will need to change the paths to make it work)

Colby
Colby Glass has been in IT since 2002. He is currently a network engineer with a Cisco Gold partner and holds the CCNP, CCDP, CCIP, CCNA: Voice, CCNA, JNCIA-ER and ITILv3: Foundations certifications. More Posts

Related Posts:
RIP Lab #1 New Troubleshooting Lab Topology Troubleshooting Lab #5 Troubleshooting Lab #4 Troubleshooting Lab #3 CCIE, Certification, Cisco, Dynagen, Dynamips, EIGRP, GNS3, Lab
This entry was posted by Colby on May 3, 2010 at 8:57 am, and is filed under Labs. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

5 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

#1 written by JCB about 2 years ago

Colby when are you going for the CCIE Lab? Im intending on using your labs after I finish up with Wireless/CWNA learning. JCB

Same answer as before, Im not sure. If work was paying for two attempts Id do the first on in the next couple months. But, theyre only paying for one, so Id like to have a damn good shot at passing the first time around.

Search

May 2012

S
6 13 20

M
7 14 21 Mar

T
1 8 15 22

W
2 9 16 23

T
3 10 17 24

F
4 11 18 25

S
5 12 19 26

6 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

S
27

M
28 Mar

T
29

W
30

T
31

Announcement (8) Commands (5) Informational (12) Juniper (3) Labs (20) Open Ended Questions (12) PeerIX (1) Personal (20) Quick Challenge (1) Troubleshooting Labs (7) Tutorials (50) Useful Links (8)

ASA

AToM

BCMSN

BGP
CCNA
CCVP

bootcamp

experience

CCNP
Crypto

CCIE

CCIP

Certification

Cisco

Commands

Dynamips
EtherChannel

Dynagen
EIGRP

Firewall

GRE

Juniper JUNOS Lab Narbik NAT Nexus

ONT

HowTo
Script

GNS3
IOS IPSEC

MPLS OEQ
QoS STP

OSPF Personal
Security
Voice VPN

RIP

Troubleshooting

Tunnel

Tutorial

CCIE Data Center Nexus Port Profiles Nexus Configuration Syncronization OSPF Quiz

7 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

ASA Bridge Groups

Daniel's CCIE Blog Darren's CCIE Mission Evil Routers Fragmentation Needed GNS3 Labs IOS Hints and Tricks My 802.11 Networking Forum Blog NF RSS Aggregator PacketLife Packets Analyzed Packets Dropped Router Jockey Routing-Bits The Network Arcanum

Networking Forum Tech Exams Forum [H]ard|Forum

Rick Finnie on Policy-Based Routing Tutorial Policy-Based Routing THREE0SIX on Policy-Based Routing Tutorial Mike on CCIE Data Center Chandler on CCIE Data Center Colby on CCIE Data Center Mike Reavey on CCIE Data Center Johan on CCIE Data Center

Copyright 2012 AlwaysTheNetwork | Log in RSS FEEDS TOP

8 of 9

27-05-2012 18:10

EIGRP Lab #1

http://blog.alwaysthenetwork.com/labs/eigrp-lab-1/

9 of 9

27-05-2012 18:10