Exam: 642-902 Exam Objective: Configure OSPF routing. Contents • Introduction • Technology Background • Lab Scenario • Lab Objectives • Lab Solution Lab 1 Introduction OSPF is an open standard Link State Routing Protocol. The basic configuration of OSPF is covered in another lab. This one focuses on advanced OSPF features such as area types and authentication. Technology Background OSPF supports several types of areas, including standard areas, stub areas, totally stubby areas, and not-so-stubby (NSSA) areas. These special area types bring flexibility to OSPF network design, allowing OSPF to be molded according to needs and hardware. It should be remembered that an area is a part of the OSPF Routing Domain. Routes are exchanged between area through Area Border Routers(ABRs). Areas break up the OSPD domain small manageable blocks. Sometimes the design or hardware of routers in an area warrants less LSA information in. Imagine a s mall branch office router getting all LSAs from the Head Office router in a large OSPF domain. The router will soon exhaust its memory and/or CPU. OSPF provides for different type of Stub areas which limit the number of LSAs which are received into it. There are 3 rules which need to be remembered when configuring any type of Stub • All routers in an area should be confi gured for the same stub type • Area 0 cannot be a stub area • A Virtual link cannot traverse a stub area The different types of Stub Areas are: • Stub Area • Totally Stubby Area
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
OSPF is an open standard Link State Routing Protocol. The basic configuration of OSPF is covered in another lab. This one focuses on advanced OSPF features such as areaauthentication.
Technology Background
OSPF supports several types of areas, including standard areas, stub areas, totally stubby
areas, and not-so-stubby (NSSA) areas. These special area types bring flexibility to OSPF
network design, allowing OSPF to be molded according to needs and hardware.
It should be remembered that an area is a part of the OSPF Routing Domain. Routes are exchanged between area through Area Border Routers(ABRs). Areas break up the Osmall manageable blocks.
Sometimes the design or hardware of routers in an area warrants less LSA information in. Imagine a small branch office router getting all LSAs from the Head Office router in adomain. The router will soon exhaust its memory and/or CPU.
OSPF provides for different type of Stub areas which limit the number of LSAs which are received into it. There are 3 rules which need to be remembered when configuring any
• All routers in an area should be configured for the same stub type
The ABR of a Stub area will filter all external advertisements (LSA type 5) and replace them with a default route. Which means you will never see an E1 or E2 route in a Stub a
route injected by the ABR will have a next hop address of the ABR's interface. So all traffic destined to an external network will pass through the ABR. In Figure 1 if Area 1 is cothen the external routes being advertised by ASBR RouterA will not be seen on RouterD. RouterB, the ABR, would replace the External Routes with a default route.
Figure 1
The command to implement a stub area on an ABR is:
Router(config-router)#area <area-id> stub
Totally Stubby Area:
Totally stubby areas are areas where the ABR filters all inter-area and external advertisements and replaces them with a default route. The totally stubby option is Cisco proprinetwork the routing table's considerable size comes from other areas and external sources. Hence a totally stubby area would reduce the size of routing table a great deal. Foris configured as Totally Stubby in Figure 1, RouterC, the ABR, will not only filter the external routers from RouterA but also the Area 1 routes advertised by RouterB.
The area <area-id> stub no-summary command is only entered on the ABR of a totally
stubby area. The other routers in the totally stubby area are only configured with the
area <area-id> stub command.
Not-So-Stubby Area (NSSA):
A stub or a totally stubby Area does not have external routes. This means that these areas cannot have an ASBR also. NSSA is a stub area that allows an ASBR. The ASBR utype 5 LSAs are not permitted and so disguises the LSAs as type 7. The type 7 LSAs are converted to type 5 by the ABR and sent normally out to other Areas. NSSA external
NSSA is similar to a stub area in all other aspects.
Note that the ABR of an NSSA does not automatically generate a default route; the nosummary
or default-originate optional keywords must be appended to the area nssa <area-id> command on the ABR for that to happen.
The command to implement a stub or totally stubby NSSA ABR is
Router(config-router)#area <area-id> nssa
Remember that NSSA is a stub area so the ABR will not allow LSA type 5 to come into the Area.
Totally Not-So-Stubby Area (NSSA):
Similar to NSSA but the ABR of this area will not allow Inter Area routes to come into the area. This area is similar to Totally Stubby Area but will allow an ASBR and LSA type
ABR of this area will also not generate a default route unless the nosummary or default-originate keyword are not configured on it.
The command to configure an area as Totally NSSA is :
OSPF by default trusts any router. This can be dangerous if someone injects malicious routes. To prevent this from happening we can configure Authentication between OSPFtwo kinds of authentication available - clear text and MD5 hash.
Clear text passwords can be found out by anyone who can capture the packets. MD5 hash cannot be reversed and hence are secure.
Plain Text authentication can be enabled on per-interface basis using the following commands:
O*IA 0.0.0.0/0 [110/65] via 192.168.2.2, 00:01:48, Serial0/0
RouterD#ping 10.1.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/59/128 ms
The above outputs shown that Area 1 is stub, a default route is being injected into the area by the ABR and RouterD can reach the external routes on RouterF.
Next task requires us to configure Area 2 as NSSA:
O E2 192.168.4.0/24 [110/20] via 192.168.1.3, 00:03:18, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O E2 10.1.3.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
O E2 10.1.2.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
O E2 10.1.1.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:03:33, FastEthernet0/0
O IA 192.168.3.0/24 [110/74] via 192.168.1.3, 00:03:33, FastEthernet0/0
The above outputs shown that Area 2 is a NSSA and the ABR is injecting a default route. We also see that no E1/E2 routes are seen on RouterE but the RouterC has the N2 rshown as E2 on RouterA.
The Final task requires us to configure Authentication between RouterA, RouterB and RouterC:
O E2 10.1.2.0 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0
O E2 10.1.1.0 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:02:10, FastEthernet0/0
O IA 192.168.3.0/24 [110/74] via 192.168.1.3, 00:02:10, FastEthernet0/0
The above outputs show that authentication is enabled and routing table is correct after authentication has been applied. This means that the communication between the Rou