-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpract 5
235 lines (207 loc) · 8.44 KB
/
pract 5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
PRATICAL 5:Configure and Verify Path Control Using PBR
Topology
Objectives
Configure and verify policy-based routing.
Select the required tools and commands to configure policy-based routing operations.
Verify the configuration and operation by using the proper show and debug commands.
Step 1: Configure loopbacks and assign addresses.
a.Cable the network as shown in the topology diagram. Erase the startup configuration, and reload each router to clear previous configurations.
b.Using the addressing scheme in the diagram, create the loopback interfaces and apply IP addresses to these and the serial interfaces on R1, R2, R3, and R4. On the serial interfaces connecting R1 to R3 and R3 to R4, specify the bandwidth as 64 Kb/s and set a clock rate on the DCE using the clock rate 64000 command. On the serial interfaces connecting R1 to R2 and R2 to R3, specify the bandwidth as 128 Kb/s and set a clock rate on the DCE using the clock rate 128000 command.
Router R1
hostname R1
interface Lo1
description R1 LAN
ip address 192.168.1.1 255.255.255.0
interface Serial1/0
description R1 --> R2
ip address 172.16.12.1 255.255.255.248
clock rate 128000
bandwidth 128
no shutdown
interface Serial1/1
description R1 --> R3
ip address 172.16.13.1 255.255.255.248
bandwidth 64
no shutdown
end
Router R2
hostname R2
interface Lo2
description R2 LAN
ip address 192.168.2.1 255.255.255.0
interface Serial1/0
description R2 --> R1
ip address 172.16.12.2 255.255.255.248
bandwidth 128
no shutdown
interface Serial1/1
description R2 --> R3
ip address 172.16.23.2 255.255.255.248
clock rate 128000
bandwidth 128
no shutdown
end
Router R3
hostname R3
interface Lo3
description R3 LAN
ip address 192.168.3.1 255.255.255.0
interface Serial1/0
description R3 --> R1
ip address 172.16.13.3 255.255.255.248
clock rate 64000
bandwidth 64
no shutdown
interface Serial1/1
description R3 --> R2
ip address 172.16.23.3 255.255.255.248
bandwidth 128
no shutdown
interface Serial1/2
description R3 --> R4
ip address 172.16.34.3 255.255.255.248
clock rate 64000
bandwidth 64
no shutdown
end
Router R4
hostname R4
interface Lo4
description R4 LAN A
ip address 192.168.4.1 255.255.255.128
interface Lo5
description R4 LAN B
ip address 192.168.4.129 255.255.255.128
interface Serial1/0
description R4 --> R3
ip address 172.16.34.4 255.255.255.248
bandwidth 64
no shutdown
end
c. Verify the configuration with the show ip interface brief, show protocols, and show interfaces description commands. The output from router R3 is shown here as an example.
R3# show ip interface brief | include up
Serial1/0 172.16.13.3 YES manual up up
Serial1/1 172.16.23.3 YES manual up up
Serial1/2 172.16.34.3 YES manual up up
Loopback3 192.168.3.1 YES manual up up
R3#show protocols
Global values:
Internet Protocol routing is enabled
Embedded-Service-Engine0/0 is administratively down, line protocol is down
GigabitEthernet0/0 is administratively down, line protocol is down
GigabitEthernet0/1 is administratively down, line protocol is down
Serial1/0 is up, line protocol is up
Internet address is 172.16.13.3/29
Serial1/1 is up, line protocol is up
Internet address is 172.16.23.3/29
Serial1/2 is up, line protocol is up
Internet address is 172.16.34.3/29
Loopback3 is up, line protocol is up
Internet address is 192.168.3.1/24
R3# show interfaces description | include up
Se1/0 up up R3 --> R1
Se1/1 up up R3 --> R2
Se1/2 up up R3 --> R4
Lo3 up up R3 LAN
Step 3: Configure basic EIGRP.
a.Implement EIGRP AS 1 over the serial and loopback interfaces as you have configured it for the other EIGRP labs.
b.Advertise networks 172.16.12.0/29, 172.16.13.0/29, 172.16.23.0/29, 172.16.34.0/29, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, and 192.168.4.0/24 from their respective routers.
Router R1
router eigrp 1
network 192.168.1.0
network 172.16.12.0 0.0.0.7
network 172.16.13.0 0.0.0.7
no auto-summary
Router R2
router eigrp 1
network 192.168.2.0
network 172.16.12.0 0.0.0.7
network 172.16.23.0 0.0.0.7
no auto-summary
Router R3
router eigrp 1
network 192.168.3.0
network 172.16.13.0 0.0.0.7
network 172.16.23.0 0.0.0.7
network 172.16.34.0 0.0.0.7
no auto-summary
Router R4
router eigrp 1
network 192.168.4.0
network 172.16.34.0 0.0.0.7
no auto-summary
You should see EIGRP neighbor relationship messages being generated.
Step 4: Verify EIGRP connectivity.
a.Verify the configuration by using the show ipeigrpneighbors command to check which routers have EIGRP adjacencies.
R1# show ipeigrpneighbors
R2# show ipeigrpneighbors
R3# show ipeigrpneighbors
R4# show ipeigrpneighbors
b.Run the following Tcl script on all routers to verify full connectivity.
R1# tclsh
foreach address {172.16.12.1172.16.12.2172.16.13.1172.16.13.3172.16.23.2172.16.23.3172.16.34.3172.16.34.4192.168.1.1192.168.2.1192.168.3.1192.168.4.1192.168.4.129} { ping $address }
Step 5: Verify the current path.
Before you configure PBR, verify the routing table on R1.
a.On R1, use the show ip route command. Notice the next-hop IP address for all networks discovered by EIGRP.
R1# show ip route | begin Gateway
b.On R4, use the traceroute command to the R1 LAN address and source the ICMP packet from R4 LAN A and LAN B.
R4# traceroute 192.168.1.1 source 192.168.4.1
R4# traceroute 192.168.1.1 source 192.168.4.129
c.On R3, use the show ip route command and note that the preferred route from R3 to R1 LAN 192.168.1.0/24 is via R2 using the R3 exit interface S0/0/1.
R3# show ip route | begin Gateway
d.On R3, use the show interfaces serial 0/0/0 and show interfaces s0/0/1 commands.
R3# show interfaces serial1/0
R3# show interfaces serial1/0 | include BW
R3# show interfaces serial1/1 | include BW
e.Confirm that R3 has a valid route to reach R1 from its serial 0/0/0 interface using the show ipeigrp topology 192.168.1.0 command.
R3# show ipeigrp topology 192.168.1.0
Step 6: Configure PBR to provide path control.
a.On router R3, create a standard access list called PBR-ACL to identify the R4 LAN B network.
R3(config)# ip access-list standard PBR-ACL
R3(config-std-nacl)#remark ACL matches R4 LAN B traffic
R3(config-std-nacl)#permit 192.168.4.128 0.0.0.127
R3(config-std-nacl)#exit
R3(config)#
b.Create a route map called R3-to-R1 that matches PBR-ACL and sets the next-hop interface to the R1 serial 0/0/1 interface.
R3(config)# route-map R3-to-R1 permit
R3(config-route-map)#description RM to forward LAN B traffic to R1
R3(config-route-map)#match ip address PBR-ACL
R3(config-route-map)#set ip next-hop 172.16.13.1
R3(config-route-map)#exit
R3(config)#
c.Apply the R3-to-R1 route map to the serial interface on R3 that receives the traffic from R4. Use the ip policy route-map command on interface S0/1/0.
R3(config)# interface s1/2
R3(config-if)#ip policy route-map R3-to-R1
R3(config-if)#end
d.On R3, display the policy and matches using the show route-map command.
R3# show route-map
route-map R3-to-R1, permit, sequence 10
Match clauses:
ip address (access-lists): PBR-ACL
Set clauses:
ip next-hop 172.16.13.1
Policy routing matches: 0 packets, 0 bytes
Step 7: Test the policy.
a.On R3, create a standard ACL which identifies all of the R4 LANs.
R3# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)# access-list 1 permit 192.168.4.0 0.0.0.255
R3(config)# exit
b.Enable PBR debugging only for traffic that matches the R4 LANs.
R3# debug ippolicy ?
R3# debug ip policy 1
c.Test the policy from R4 with the traceroute command, using R4 LAN A as the source network.
R4# traceroute 192.168.1.1 source 192.168.4.1
d.Test the policy from R4 with the traceroute command, using R4 LAN B as the source network.
R4# traceroute 192.168.1.1 source 192.168.4.129
e.On R3, display the policy and matches using the show route-map command.
R3# show route-map
route-map R3-to-R1, permit, sequence 10
Match clauses:
ip address (access-lists): PBR-ACL
Set clauses:
ip next-hop 172.16.13.1
Nexthop tracking current: 0.0.0.0
172.16.13.1, fib_nh:0,oce:0,status:0
Policy routing matches: 12 packets, 384 bytes