Home > Articles > Certification > Cisco Certification > CCIE

This chapter is from the book

Section 2: IP IGP Protocols (28 Points)

Section 2.1: RIP (16 Points)

  • On all RIP router, ensure that version 2 is used under the process.

Add version 2 under the RIP process. You receive no points here; this just ensures your routers behave correctly during the lab.

You should have at this point also enabled RIP for your networks using the network command and as a matter of good practice configured router interfaces that are not part of the RIP domain as passive using the command passive-interface under the RIP process of each router.

  • Ensure that VLSM is supported on advertisements between all RIP routers.

This is just a case of manually configuring the RIP routers to disable auto summarization mainly for the benefit of R3, which would otherwise receive a classfull network 10.0.0.0/8 route from R2. If you have configured this correctly as shown in Example 1-9 on all RIP routers with the resulting routing table shown for R3 in Example 1-10, you have scored 2 points.

Example 1-9 RIP VLSM Configuration on R1, R2, R3, R4, and R6

router rip
 no auto-summary

Example 1-10 R3 RIP Routing Table Output

R3#sh ip route

C    172.16.0.0/16 is directly connected, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 9 subnets, 3 masks
R       10.100.100.0/28 [120/2] via 172.16.0.1, 00:00:24, FastEthernet0/0
R       10.99.99.0/29 [120/4] via 172.16.0.1, 00:00:24, FastEthernet0/0
R       10.90.90.0/28 [120/1] via 172.16.0.1, 00:00:24, FastEthernet0/0
R       10.80.80.0/24 [120/2] via 172.16.0.1, 00:00:24, FastEthernet0/0
R       10.60.60.0/29 [120/4] via 172.16.0.1, 00:00:26, FastEthernet0/0
R       10.40.40.0/28 [120/3] via 172.16.0.1, 00:00:26, FastEthernet0/0
R       10.6.6.0/29 [120/4] via 172.16.0.1, 00:00:26, FastEthernet0/0
R       10.4.4.0/29 [120/3] via 172.16.0.1, 00:00:26, FastEthernet0/0
R       10.1.1.0/28 [120/2] via 172.16.0.1, 00:00:26, FastEthernet0/0

  • Add a loopback interface with the address of 60.60.60.1/24 onto R3 and advertise this out to R2 but ensure that it is not seen by the rest of your network; do not perform any configuration on R2 or R1.

Add the loopback as Lo0 on R3 and enable the 60.60.60.0/24 network under RIP; this automatically advertises network 60.60.60.0/24 out to R2 and the rest of your RIP network over the 172.16.0.0/16 network, which you should have already configured according to the IGP diagram. The usual method to stop the propagation of this network would be via distribute lists, but the question states that R2 must see the network so you can not put a distribute list out on R3; the question also states that you can not configure R2 or R1 so you will have to configure R3. You need to get back to basics here and recall that RIP has a maximum hop count of 15 with 16 hops marked as unreachable so you will need to ensure that when network 60.60.60.0/24 egresses R3 the hop count is already set at 14. This way when R2 sees the route it knows that it has a hop count of 15 to reach it; it, in turn, will then advertise network 60.60.60.0/24 with a hop count of 16, which is, of course, unreachable and, hence, it will not be included in the routing table of R1 and beyond. To achieve the artificial hop count, an offset-list is required for network 60.60.60.0/24 on R3. If you have configured this correctly as in Example 1-11 with validation shown in Example 1-12 and Example 1-13, you have scored 4 points.

You could have also gained full marks for advertising the loopback interface on R3 within RIP as a connected interface and assigned a metric of 15 to this route, which provides exactly the same result.

Example 1-11 R3 Hop Count Configuration

interface Loopback0
 ip address 60.60.60.1 255.255.255.0
!
router rip
 version 2
 offset-list 1 out 14 FastEthernet0/0
 network 60.0.0.0
 network 172.16.0.0
!
access-list 1 permit 60.60.60.0

Example 1-12 R2 Routing Entry for 60.60.60.0/24

R2#show ip route 60.60.60.0
Routing entry for 60.60.60.0/24
  Known via "rip", distance 120, metric 15
  Redistributing via rip
  Last update from 172.16.0.2 on FastEthernet0/0, 00:00:15 ago
  Routing Descriptor Blocks:
  * 172.16.0.2, from 172.16.0.2, 00:00:15 ago, via FastEthernet0/0
      Route metric is 15, traffic share count is 1

Example 1-13 R1 RIP debug

R1#debug ip rip
2w1d: RIP: received v2 update from 10.90.90.1 on Serial0/0
2w1d:      60.60.60.0 in 16 hops (inaccessible)
2w1d:      172.16.0.0 in 1 hops

  • Configure R3 to unicast its RIP routing updates to R2. Do not use the neighbor command to achieve this but consider using other IP features to aid you.

Normally, you would use the neighbor command in conjunction with passive-interface to ensure that a router unicasts its routing updates instead of multicasting them in the usual manner. To achieve this without the neighbor command, you will need to use NAT to turn a multicast into a unicast; this is your additional IP feature. A simple NAT statement causing any packet with a destination address as a multicast to destination address 224.0.0.9 with the UDP port equal to that of RIP (520) to be converted into a destination address of 172.16.0.1 (R2 FastEthernet0/0) will cause R3 to now unicast its routing updates directly to R3.

If you have configured this correctly as in Example 1-14 and with the resulting output on R2 as shown in Example 1-15, you have scored 6 points.

Example 1-14 R3 NAT Configuration and debug

interface FastEthernet0/0
 ip address 172.16.0.2 255.255.0.0
 ip nat outside
!

ip nat outside source static udp 172.16.0.1 520 224.0.0.9 520 

R3#debug ip nat det
IP NAT detailed debugging is on
R3#clear ip route *
R3#

00:57:29: NAT: i: udp (172.16.0.2, 520) -> (224.0.0.9, 520) [0]
00:57:29: NAT: s=172.16.0.2, d=224.0.0.9->172.16.0.1 [0]  

Example 1-15 R2 RIP debug

R2#debug ip pack det
IP packet debugging is on (detailed)
R2#
00:54:56: IP: s=172.16.0.2 (FastEthernet0/0), d=172.16.0.1 (FastEthernet0/0), len 5
2, rcvd 3
00:54:56:     UDP src=520, dst=520

  • Ensure that VLAN2 is advertised to the RIP domain as a /28 network. Do not use either RIP or EIGRP features to accomplish this. You can, however, configure R6.

VLAN2 has a subnet mask of /24, and as such, the RIP domain would see this as network 10.80.80.0/24.

You could quite easily summarize network 10.80.80.0/24 within RIP or later within EIGRP to change the network to 10.80.80.0/28, but the question clearly states that no RIP or EIGRP feature must be used. The lab rules are also not static routes; policy routing won't help as the network should be present in all routing tables so the only way to get VLAN2 from a /24 into a /28 is to think laterally and add a secondary address on R6 FastEthernet0/0 within the /28 range (i.e., 10.80.80.14/28). This will then ensure the network 10.80.80.0/28 is advertised into the RIP domain.

NOTE

The new RIP advertisement of 10.80.80.0/28 will be received by R1, which already has a connected interface into the real 10.80.80.0/24 network. This is a longer match than its own connected interface and, hence, will cause suboptimal routing for R1 to communicate on VLAN2 within the range of the /24 subnet. A distribute-list must be used on R1 to filter this network. Remember that the RIP route for this network could arrive on both the Frame Relay interface and the BRI if the Frame Relay network fails later in the lab; as such the distribute-list is required in-bound on both interfaces.

If you have configured this correctly including filtering network 10.80.80.0/28 from entering R1 as in Example 1-16 and Example 1-17, you have scored 4 points. If you have only configured the distribute-list on the Frame Relay network, you have only scored 2 points.

Example 1-16 R6 Secondary Address Configuration

interface FastEthernet0/0
 ip address 10.80.80.14 255.255.255.240 secondary
 ip address 10.80.80.2 255.255.255.0

Example 1-17 R1 RIP Distribute-List Configuration

router rip
distribute-list 1 in Serial0/1.101
 distribute-list 1 in BRI0/0
!
access-list 1 deny   10.80.80.0 0.0.0.15 
access-list 1 permit any

Section 2.2: EIGRP (5 Points)

You should have configured EIGRP using AS10 as shown in Figure 1-13 on R5, R6, R7, and R8. R6 has RIP enabled on the Frame Relay network, so you can either use a network statement for each EIGRP required interface with an inverse mask or simply use the passive-interface command as required. All EIGRP routers should also have auto summarization disabled using the command no auto-summary. No extra points here in Lab 1, but you will find in later labs that you will earn points for the correct basic configuration.

NOTE

The IGP questions do not stipulate if R6 should advertise it's loopback interface via RIP or EIGRP because R6 runs both protocols, in this case it is prudent to do so in both instances.

  • R8 is very low on memory and CPU resource; accommodate this information within the configuration on R8.

EIGRP supports stub routing, which improves network stability, reduces resource, and simplifies configuration. R8 does not participate in any summary advertisements so it purely requires eigrp stub connected configured under its EIGRP process to ensure that its connected interfaces are successfully advertised out to its neighbors. If you have configured this correctly as in Example 1-18, you have scored 3 points.

Example 1-18 R8 EIGRP Stub-Routing Configuration and R6 EIGRP Neighbor Output

router eigrp 10
 network 10.0.0.0
 no auto-summary
 eigrp stub connected

R6#sh ip eigrp neighbors detail
IP-EIGRP neighbors for process 10
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq Type
                                            (sec)         (ms)       Cnt Num
2   10.99.99.2              Se0/0            167 05:30:02    4   200  0  2
   Version 12.2/1.2, Retrans: 6, Retries: 0
1   10.60.60.2              Fa0/1             12 05:30:02  340  2040  0  3
   Version 12.1/1.2, Retrans: 0, Retries: 0
0   10.80.80.3              Fa0/0             14 05:30:05    9   200  0  4
   Version 12.1/1.2, Retrans: 2, Retries: 0
   Stub Peer Advertising ( CONNECTED ) Routes

  • Configure R8 to have an EIGRP hello interval of 25 seconds on its FastEthernet0/0 interface.

The EIGRP hello interval is by default set at 5 seconds for FastEthernet. This is not a difficult question but you must ensure if you are changing any EIGRP interval that you should also configure that of your neighbors on the common subnet exactly the same otherwise your neighbor adjacencies will be fluctuating as will your routing table. You should also be aware that the EIGRP hold interval should be three times that of the hello interval otherwise you will experience difficulties in maintaining your neighbor relationship. You should, therefore, configure the ip hold-time eigrp interval on R8 under the FastEthernet0/0 as 75 seconds. Configure R6 under its FastEthernet0/0 with the same configuration as R8 as it is a neighbor to R8 on VLAN2. If you have configured this correctly as shown in Example 1-19, you have scored 2 points.

Example 1-19 R8 and R6 EIGRP Hello and Hold Interval Configuration

interface FastEthernet0/0
 ip hello-interval eigrp 10 25
 ip hold-time eigrp 10 75

Section 2.3: Redistribution (7 Points)

  • Redistribute IGP protocols to ensure full IP visibility between all routers.

You can see via the IGP diagram in Figure 1-13 that there will only be one redistribution point required, this being R6.

Mutual redistribution between RIP and EIGRP is required. Don't forget your default metrics under each process otherwise the different protocols will have no means of applying relevant metrics to the routes you wish to advertise. If you have configured your redistribution correctly as shown in Example 1-20 and Example 1-21 and have full IP visibility of all networks, you have scored 4 points.

Example 1-20 R6 EIGRP Redistribution to RIP Configuration

router rip
 version 2
 redistribute eigrp 10
 passive-interface default
 no passive-interface Serial5/0.103
 network 10.0.0.0
 default-metric 3
 no auto-summary

Example 1-21 R6 RIP Redistribution to EIGRP Configuration

router eigrp 10
 redistribute rip
 passive-interface default
 no passive-interface FastEthernet0/0
 no passive-interface ATM1/0.99
 no passive-interface FastEthernet4/0
 network 10.0.0.0
 default-metric 100000 0 255 1 1500
 no auto-summary

  • As a safety precaution, ensure that R6 can not learn the EIGRP routes it previously advertised into the RIP domain back from R4.

This question is just a straightforward practice of distribute lists and ensuring that the correct networks are filtered. In this scenario, R6 would ignore any routes back from RIP to which it had redistributed into RIP originally from EIGRP because of the external EIGRP route feature (any routes redistributed into EIGRP are subject to an increased Administritive Distance from 90 to 170). The redistributed RIP routes would simply be ignored. To answer the question as requested, though, you will need to configure a distribute-list within RIP on R6 Serial5/0.103, which blocks the EIGRP routes that R6 advertises out to the RIP domain. Do not include the connected interfaces on R6 in your ACL as these would be advertised within the RIP domain anyway and not redistributed into RIP from EIGRP. If you have configured this correctly as shown in Example 1-22, you have scored 3 points.

Example 1-22 R6 Distribution List Configuration

router rip
 distribute-list 1 in Serial5/0.103
!
access-list 1 deny   10.8.8.8
access-list 1 deny   10.5.5.4 0.0.0.3
access-list 1 deny   10.7.7.0 0.0.0.15
access-list 1 deny   10.50.50.0 0.0.0.7
access-list 1 permit any

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020