Routers R1, R2, and R3 will be connected both via ethernet links to SW1 and serial links between each other. In my topology, I am using a NM-4A/S module on R2, so my link from R2 to R1 will be designated as S1/0 and from R2 to R3 will be S1/1. All clocking will be configured on R2's serial links for simplicity. PPP PAP authentication will be configured between R1 and R2, and PPP CHAP authentication between R2 and R3.
R1-3 will be configured to utilize OSPF authentication with MD5 on the 10.0.0.0/8 network.
In this lab, we will manually configure R2 to be the DR for the ethernet network, and R1 to be the BDR. The neighbors connected via serial link will become full neighbors as they are on a point to point type link.
The start of this lab will assume that all physical cabling has been completed, hostnames will be correctly configured on the routers and IP addresses on the serial, Ethernet, and loopback adapters have been set. Verify connectivity by pinging all remote interfaces.
First, we will establish PPP connectivity on the serial links. Starting at R1:
R1(config)#username R2 password pass!
R1(config)#int s0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
You should see the line protocol on s0/0 drop at this point. Lets resolve this problem by configuring PPP on R2's S1/0 link.
R2(config)#username R1 password pass!
R2(config)#int s1/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
Verify with a ping to IP address 192.100.254.1 from R2 that you have successfully configured CHAP.
Next, lets setup PPP with PAP on the serial link from R2 to R3.
R2(config)#username R3 password password!
R2(config-if)#int s1/1
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication pap
R2(config-if)#ppp pap sent-username R2 password password!
R3(config)#username R2 password password!
R3(config)#int s0/0
R3(config-if)#encapsulation ppp
R3(config-if)#ppp authentication pap
R3(config-if)#ppp pap sent-username R3 password password!
At this point, you should be able to ping between R2 and R3.
Now that our PPP links have been configured, its time to configure OSPF on our routers.
Starting at R1 (and remember, the process id does not have to match with OSPF as it is purely a local concept, unlike EIGRP, but the area must match.) Also, OSPF uses wildcard masks for the interfaces. Pay close attention to the configuration. A shortcut I use in determining the wildcard mask is to take the incremental value, and subtract is by one. So for example, a /30 network has a incremental value of 4. So the wildcard mask must be 0.0.0.3
R1(config)# router ospf 1
R1(config-router)#router-id 11.11.11.11
R1(config-router)#network 10.0.0.0 0.255.255.255 area 1
R1(config-router)#network 172.30.1.0 0.0.0.255 area 1
R1(config-router)#network 192.100.254.0 0.0.0.3 area 1
R2(config)# router ospf 1
R2(config-router)# router-id 12.12.12.12
R2(config-router)# network 10.0.0.0 0.255.255.255 area 1
R2(config-router)# network 172.30.2.0 0.0.0.255 area 1
R2(config-router)# network 192.100.254.0 0.0.0.3 area 1
R2(config-router)# network 192.100.254.4 0.0.0.3 area 1
R3(config)#router ospf 1
R3(config-router)#router-id 2.2.2.2
R3(config-router)#network 10.0.0.0 0.255.255.255 area 1
R3(config-router)#network 172.30.3.0 0.0.0.255 area 1
R3(config-router)#network 192.100.254.4 0.0.0.3 area 1
It is important to configure the RID first, if you want manual control over the election process. Otherwise, the OSPF enabled router will use its loopback adapater as its RID. If this were to happen, R3 would be the LAN's DR, and R2 would be the BDR.
At this point, our OSPF configuration should be complete. Let's use some verification commands to ensure that things are operating the correctly.
Assuming a ping is successful between all devices, lets see what running show ip ospf neighbor reveals on each device.
As you can see, R2 is in fact the DR, and R1 is the BDR for the 10.0.0.0 network. R3 is listed as a FULL/DROTHER.
Next, lets configure authentication between the three routers on the 10.0.0.0 network.
R1(config)#int fa0/0
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 Pass!
R2(config)#int fa0/0
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 Pass!
R3(config)#int fa0/0
R3(config-if)#ip ospf authentication message-digest
R3(config-if)#ip ospf message-digest-key 1 md5 Pass!
While entering these commands, you may lose a neighbor, but after succesfully entering all three sets of commands, you should re-establish your neighbor relationships. If you haven't, ensure that you've spelt the key correctly amongst the devices, and enabled authentication on the correct interfaces.
At this point, the lab is complete according to the specifications set in the beginning. You can verify your configuration with the remaining commands:
show ip ospf interface -this is useful for verifying timers, neighbors, DR and BDR's and the OSPF area
show ip protocols - this command is useful for verifying the current timers
show ip route ospf- lists out all routes learned by the OSPF routing protocol
Tony, isn't a good practice set the areas to 0? I mean this area is the backbone in OSPF. Well I know that probably you set this to 1 because this was only a test laboratory. Anyway I like you blog it's very interesting! I'll take my CCNA next December.
ReplyDeleteIf you were to have multiple areas, they would have to be bridged by the backbone with area 0. Since this was just a test lab with a single area I went with 1, but you can use whatever area number you would like.
ReplyDeleteThanks for the comment and good luck on your CCNA, I just passed mine last week-I have some more posts to make now that my time has freed up!