CCIE Lab Preparation

Just another CCIE blog

  • Category

  • Archives

  • Advertisements

IEWB-DYN Lab 6 – IGP Highlights

Posted by Jo on February 5, 2008

I had some time at work a couple of days ago and picked a lab at random to work through. I chose lab 6 which is rated a 7.

Doing the Volume I labs has actually helped with my speed for the core sections. I worked though the core of this lab in about 3.5 hours and to my surprise actually knew most of the material. I completed all core sections of this lab and did IPv6 and Multicast. I will finish it off over the coming weekend.

This lab is very OSPF focussed in the IGP section, with multiple OSPF areas on one side of the network that dont necessarily link directly to area 0. Good practice on virtual-link configuration. They also threw in area 0 message digest authentication – so had to remember that virtual-links are part of area 0.

OSPF Area Authentication

Area’s are authenticated under the OSPF process as follows:

router ospf 1
area 0 authentication message-digest
area 45 authentication
area 45 virtual-link message-digest-key 1 md5 CISCO

The md5 keys are specified under the interface:

interface Serial1/0
ip ospf message-digest-key 1 md5 CISCO

And standard authentication keys are applied as follows:

interface Ethernet0/1.45
ip ospf authentication-key CCIE

OSPF Default Route

We all know that you can originate a default route route into the OSPF domain using the default-information originate command. You can also use this with a route-map so the default route is only originated when the condition of the route-map is true.

First, create an ip prefix-list to match the routes you want to match.

ip prefix-list VLAN32 seq 5 permit
ip prefix-list VLAN363 seq 5 permit

Next, create the route-map to use the ip prefix-lists

route-map BB-LINK permit 10
match ip address prefix-list VLAN363
route-map BB-LINK permit 20
match ip address prefix-list VLAN32

Finally, apply the route-map to the default-information originate command

default-information originate route-map BB-LINK

route-map BB-LINK permit 10
match ip address prefix-list VLAN363
route-map BB-LINK permit 20
match ip address prefix-list VLAN32

OSPF Area Filtering

In this lab area 27 is connected between R2 and SW1. The requirement was to ensure that SW1 only had a default route advertised in from R2 (the ABR).

Earlier in the lab we had to redistribute interface lo0 into area 27, so this ruled out the totally-stubby area type, so the alternative was to make it a not so stubby totally stubby area – but with the extra no-redistribution keyword attached so we dont advertise the redistributed lo0 interface from R2 on SW1.


router ospf 1
area 27 nssa no-redistribution no-summary


router ospf 1
area 27 nssa

Rack1SW1#sh ip ro is subnetted, 4 subnets
C is directly connected, Vlan777
C is directly connected, FastEthernet1/8
C is directly connected, Vlan7
C is directly connected, Vlan77 is subnetted, 1 subnets
C is directly connected, Loopback0
O*IA [110/2] via, 00:36:08, FastEthernet1/8


The EIGRP config in this lab was minimal. The only task of note was to filter the link from BB1 so that only could send EIGRP updates. Easy – create an ACL to specifically match the EIGRP traffic from BB1 and deny all other EIGRP traffic, then finally let all other traffic flow as normal.

ip access-list extended BB1
permit eigrp host any
deny eigrp any any
permit ip any any


Filtering RIP routes without using distribute-list or offset-list. In this example all routes with an odd first octet are accepted into R3.

First, create an ACL to match the routes – remember we are only interested in the first octet.

access-list 20 permit

Next, under the RIP process set routes from a destination (and matching the ACL) to 255 – this will make them unreachable and thus not entered into the routing table.

router rip
version 2
distance 255 20


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: