Inter VRF routing using Static Routes

Static Routing on Router2

ip route 10.11.11.0 255.255.255.0 FastEthernet0/0 10.11.11.1

ip route 10.22.22.0 255.255.255.0 FastEthernet0/1 10.22.22.1

ip route vrf SITE1 192.1.12.0 255.255.255.0 Serial1/0 192.1.12.3 global

ip route vrf SITE2 192.1.12.0 255.255.255.0 Serial1/0 192.1.12.3 global

ROUTER1 

Interface fa 0/0

SITE1 VRF

Interface fa 0/1

SITE2 VRF

ROUTER2

Interface fa 0/0

SITE1 VRF

Interface fa 0/1

SITE2 VRF

Interface s 1/0

Global  

LDAP AUTHENTICATION USING ASA 9.4


aaaa-server LDAP protocol ldap

aaa-server LDAP (INSIDE) host 172.30.0.2
 server-port 389
 ldap-base-dn DC=runtime, DC=in
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn CN=administrator, CN=Users, DC=runtime, DC=in

 server-type microsoft

Test command

test aaa authentication Ldap

server:

username

password

                                                       Aamir

Filtering routes in Juniper


protocols {
    rip {
        group RIP-PROTOCOL {
            neighbor em0.0;
            neighbor em1.0 {
                import RIP-FILTER;
            }
        }
    }
}

    }
 
    policy-statement RIP-FILTER {
        term FL-ROUTES {
            from {
                protocol rip;
                route-filter 8.8.8.0/24 exact;
            }
            then reject;
        }
    }
}

set policy-options policy-statement RIP-FILTER term FL-ROUTES from protocol rip

set policy-options policy-statement RIP-FILTER term FL-ROUTES from route-filter 8.8.8.0/24 exact

set policy-options policy-statement RIP-FILTER term FL-ROUTES then reject

set protocols rip group RIP-PROTOCOL neighbor em1.0 import RIP-FILTER

Juniper RIP

Configuring Rip in Juniper.


Configuring routing protocol in juniper is a three step process.


1. Create a policy to enable rip on the interfaces

2.Create the policy to advertise directly connected or rip learnt routes

3. Apply the step one policy


Configuration.


1.
set protocols rip group RIP-PROTOCOL neighbor em0.0
set protocols rip group RIP-PROTOCOL neighbor em1.0

2.
set policy-options policy-statement RIP-ADVERTISEMENT-CUSTOM from protocol direct
set policy-options policy-statement RIP-ADVERTISEMENT-CUSTOM from protocol rip
set policy-options policy-statement RIP-ADVERTISEMENT-CUSTOM then accept

3.
set protocols rip group RIP-PROTOCOL export RIP-ADVERTISEMENT-CUSTOM


Xml Output

protocols {
    rip {
        group RIP-PROTOCOL {
            export RIP-ADVERTISEMENT-CUSTOM;
            neighbor em0.0;
            neighbor em1.0;
        }
    }
}
policy-options {
        policy-statement RIP-ADVERTISEMENT-CUSTOM {
        from protocol [ direct rip ];
        then accept;
}

REDISTRIBUTION USING OSPF AND EIGRP

Redistribution helps us to inject the routes learnt by one routing protocol in one autonomous system into the another routing protocol having different autonomous system.With the help of redistribution we can join two different network having two different routing protocols communicate.

here in this scenario R1 is running ospf and R3 is running eigrp and R2 will be running both the protocols.

configuration
R1
enable 
configure terminal
int fa 0/0
ip add 10.11.11.1 255.255.255.0
no shut
int lo 0
ip add 1.1.1.1 255.0.0.0
router ospf 1
network 10.11.11.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0
no au
end

R3
enable 
configure terminal
int fa 0/0
ip add 10.22.22.3 255.255.255.0
no shut
int lo 0
ip add 2.2.2.2 255.0.0.0
router eigrp 10
network 10.22.22.0
network 2.0.0.0
no au
end

R3

enable 
configure terminal
int fa 0/0
ip add 10.11.11.2.255.255.255.0
no shut
int fa 0/1
ip add 10.22.22.2 255.255.255.0
no sh
router ospf 1
network 10.11.11.0 0.0.0.255 area 0
no auto-summary
router eigrp 10
network 10.22.22.0
no auto-summary
-----------
REDISTRIBUTION 

R2(config)#  router ospf 1
R2(config-router)#redistribute eigrp 1000

R2(config-router)#exit
R2(config)#router eigrp 10
R2(config-router)#redistribute ospf 1 10000 1000 255 1 1500






 

STUB / TOTALLY STUB

STUB

Stub area is created inorder to stop redistributed routes into an ospf area , that means type 5 lsa's are not allowed which are generated due to redistribution.Creating an area stub makes the abr generate default route which is pointing towards itself


The best way of presenting a topology with stub area is shown below

click on the image to view large




In this topology area 0 will have OE2 routes in the routing table. OE2 routes are the redistributed routes from eigrp autonomous system into ospf.

Since area 1 is stub area, so type 5 lsa are not allowed.so abr will inject default route pointing towards itself in R4 ( fig ).so only OIA* route will be seen along with the inter-area routes.

If lsa type 3 are to be blocked then typing the command on the abr will block lsa type 3 also and default route is injected pointed towards abr.



Configuration for creating stub area(based on the figure above)


R4


router4>
router4>en
router4#conf terminal
router4(config)#router ospf 1
router4(config-router)#area 1 stub


R5


router5>
router5>en
router5#conf terminal
router5(config)#router ospf 1
router5(config-router)#area 1 stub


Configuration for creating totally stub area(based on the figure above)


R4
router4>
router4>en
router4#conf terminal
router4(config)#router ospf 1
router4(config-router)#area 1 stub no-summary


R5

router5>
router5>en
router5#conf terminal
router5(config)#router ospf 1
router5(config-router)#area 1 stub no-summary

Ipv6

Ipv6
Ipv6 is a 128 bit logical address assigned to layer 3 devices like computers, routers etc.Ipv6 is also called new generation address.Ipv6 can be represented as 2001:1:1:1:2:2:2:2 .Ipv6 does not support broadcast,but it uses multicast, unicast and anycast to forward packets(data).

Configuring rip with ipv6

Inorder to configure rip with ipv6,advanced rip protocol called RIPNG (rip next generation) is used.

Scenario

Two routers connected to each other with their loopbacks (logical interfaces) enabled on each router.

Router A's interface address 2001::1:1:1:1:1
Router A's loopback address 2001::2:1:1:1:1
Router B's interface address 2001::1:1:1:1:2
Router B's interface address 2001::3:1:1:1:1

Configuration

Router1>Enable
Router1#conf terminal
Router1(config)#int s 0
Router1(config)#ipv6 unicast-routing     (to enable ipv6 in routers)
Router1(config-if)ipv6 address 2001::1:1:1:1:1/64
Router1(config-if)#no shutdown
Router1(config-if)exit
Router1(config)#interface loopback 0
Router1(config-if)#ip adress 2001::2:1:1:1:1/64
Router1(config-if)#no shutdown
Router1(config)#exit

Router1>Enable
Router1#conf terminal
Router1(config)#int s 0
Router1(config)#ipv6 unicast-routing     (to enable ipv6 in routers)
Router1(config-if)ipv6 address 2001::1:1:1:1:2/64
Router1(config-if)#no shutdown
Router1(config-if)exit
Router1(config)#interface loopback 0
Router1(config-if)#ip adress 2001::3:1:1:1:1/64
Router1(config-if)#no shutdown
Router1(config)#exit



Configuring ripng

Router1(config)#interface s 0
Router1(config-if)#ipv6 rip 1234 enable
Router1(config-if)#exit
Router1(config)#interface loopback 0
Router1(config-if)#ipv6 rip 1234 enable
Router1(config-if)#exit

Router2(config)#interface s 0
Router2(config-if)#ipv6 rip 1234 enable
Router2(config-if)#exit
Router2(config)#interface loopback 0
Router2(config-if)#ipv6 rip 1234 enable
Router2(config-if)#exit

To check the routing table
use
Show ipv6 route ( under priveledge mode)

ping loopbacks
example


ping 2001::3:1:1:1:1
or ping 2001::2:1:1:1:1