One of many reasons to use the Switched Port Analyzer (SPAN) feature is a Cisco switch is to copy frames out a port that connects to a network analyzer (like Wireshark). Wireshark can then analyze the messages so that you can reasonably interpret the meaning of the messages flowing between the devices in the LAN. One key configuration choice revolves around the choices for what interfaces and VLANs to use as sources for a SPAN session. This lab gives you some requirements so that you can exercise that decision making, beyond the simple configuration of the correct SPAN parameters.

Requirements

Configure local SPAN on switch SW1 in the figure. Note that with SPAN it is difficult to capture exactly the subset of messages you want to capture, so you typically capture a superset of messages, and then the tool to which the messages are directed (like a network analyzer) then filters out the messages that should be ignored.

For this lab, you have two goals. The primary goal defines all the messages that you must capture. The secondary goal, one that probably exists for most real-life SPAN sessions for network analyzers, tells you to capture as few extra messages beyond those requested as part of the primary goal. The requirements for this lab are as follows:

• The primary goal: capture all frames flowing between devices in VLAN 2
• The secondary goal: capture as few extra frames as possible, which then requires less filtering on the network analyzer.
• Configure all parameters, even default parameters, in an effort to practice remembering all command parameters
• You may capture per interface, or per VLAN, and for any direction needed to meet the goals
• As for the topology:
  • All devices except PC4 sit in VLAN 2
  • All devices in VLAN 2 use IP addresses in subnet 172.16.2.0/24, with the last octet of each respective address shown in the figure near the device.
  • PC4 sits in VLAN 4, and in subnet 172.16.4.0/24, using IP address 172.16.4.4
  • The link between switch SW1 and router R1 operates as a trunk, supporting both VLAN 2 and VLAN 4
  • The rest of the enterprise network (not shown) exists to the right of the router
  • The server on the left is the network analyzer

Figure 1: Single Switch Topology for Local SPAN Configuration

Initial Configuration

Examples 1 and 2 show the initial configurations on switch SW1 and router R1, respectively.

Example 1: Switch SW1 Configuration

hostname SW1
!
vlan 2
vlan 4
!
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 2
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 2
!
interface GigabitEthernet0/3
 switchport mode access
 switchport access vlan 2
!
interface GigabitEthernet1/0
 switchport mode access
 switchport access vlan 4
!
interface GigabitEthernet1/1
 switchport mode access
 switchport access vlan 2
!
interface GigabitEthernet1/2
! next line required only on some switches
 switchport trunk encapsulation dot1q 
 switchport mode trunk

Example 2: Router R1 Configuration

hostname R1
!
interface GigabitEthernet0/1
 no shutdown
!
interface GigabitEthernet0/1.2
 encapsulation dot1q 2
 ip address 172.16.2.6 255.255.255.0
!
interface GigabitEthernet0/1.4
 encapsulation dot1q 4
 ip address 172.16.4.6 255.255.255.0

Answer on Paper, or Maybe Test in Lab

To answer on paper, the process is of course simple: write your answer, and check it against the answer post that follows this post.

To test in lab, if you build this lab exercise in hardware, you will need to download and install a network analyzer on the computer that sits where the server sits in the figure. The process of how to do that is beyond the scope of this lab. However, if you start at www.wireshark.org and follow the instructions.

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The virl topology matches this lab topology exactly. The host info does as well.

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping6 -c4 2001:0:0:10::100

Trace example: tracepath6 2001:0:0:10::1

A Word about Packet Captures for this Lab

VIRL does support the ability to capture packets, which allows you to then feed the packets into Wireshark running on your computer. Basically you tell VIRL on what interface to capture, and then direct VIRL where to send the packets. However, the specifics require several steps. So, I’ve left the rest of the details out of the blog post here, other than to mention that you can further research this feature on your own if you happen to use VIRL.

Configuring local SPAN does not take a lot of commands. The bigger danger is capturing too much, which risks losing some of the messages and also causing you more work to see the content that you want to see. As usual, for these config labs, start by doing the lab for yourself, then check back to this answer post for my suggested answer and some explanation.

Answers

Figure 1: Single Switch Topology for Local SPAN Configuration

Example 2: SW1 Config

monitor session 2 source vlan 2 rx
monitor session 2 destination interface GigabitEthernet1/1

Commentary

This lab gives you what appears to be an obvious primary goal: to capture all frames sent within VLAN 2. However, that requirement coupled with the secondary goal of capturing no more messages than is required sets you up for a common mistake: capturing frames in both directions.

First, the suggested answer creates a monitor session number 2, monitoring frames received on ports in VLAN 2. That means that any frames the SPAN session will capture frames received in (a) access ports in VLAN 2 or (b) trunk ports with the frame tagged as VLAN 2.

The danger is to consider using the both direction, that is, for frames both sent and received. If you configured this lab and instead used a direction of both, SPAN would capture each frame twice. For example, a frame sent by PC1 to PC2 (both in VLAN 2) would be received in G0/1 (an access port in VLAN 2) and forwarded out port G0/2 (an access port in VLAN 2), so SPAN would capture at both points.

As a result, the two best answers for the SPAN source are either the answer listed in Example 3, or the similar monitor session 2 source vlan 2 tx global command.

The monitor session 2 destination command simply references the outgoing interface, which should point to the interface connected to the host that is running wireshark.

Are you comfortable matching packets with extended IPv6 ACLs? How about with TCP and UDP ports in those ACLs? Here’s a 10-minute lab exercise to practice; all you need is the time and a piece of paper or a place to type!

Requirements

Configure an extended IPv6 access list to control that traffic as detailed in the following rules:

• Create one or more extended named ACLs, each of which with a name that begins with “ExtACL01”, which performs the following functions:
  • Permit all traffic coming from the telnet and SSH server at address 2001:0:0:10::100, going to the 2001:0:0:30::/64 subnet, as displayed in the figure
  • Permit all ICMP traffic from all hosts in the 2001:0:0:20::/64 subnet, doing to the 2001:0:0:40::/64 subnet
• In each ACL, deny all other traffic so that the denied packet counters are counted and listed by the output of the show ipv6 access-list command
• Apply the ACL as an inbound ACL on router R1
• You may (and should) use different ACLs, one for each interface on which an ACL needs to be enabled
• As seen in the initial configurations:
  • Assume all router interfaces shown in the lab are up, working and have correct IPv6 addresses assigned
  • Assume routing between all devices is configured and operational, that is, before adding the IPv6 ACLs, all existing IPv6 addresses are pingable
  • Assume that at least one device exists on each VLAN with an IP address ending in :100 with correct gateways configured

Figure 1: Two Router ROAS Topology for IPv6 ACL Lab

Initial Configuration

Examples 1, 2, 3 and 4 shows the beginning configuration state of R1, R2, SW1 and SW2.

Example 1: R1 Config

hostname R1
!
ipv6 unicast-routing
!
ipv6 router eigrp 1
 eigrp router-id 1.1.1.1
!
interface GigabitEthernet0/1
 ipv6 address 2001:0:0:1::1/64
 ipv6 eigrp 1
 no shutdown
!
interface GigabitEthernet0/2
 no shutdown
!
interface GigabitEthernet0/2.1
 encapsulation dot1q 10
 ipv6 address 2001:0:0:10::1/64
 ipv6 eigrp 1
!
interface GigabitEthernet0/2.2
 encapsulation dot1q 20
 ipv6 address 2001:0:0:20::1/64
 ipv6 eigrp 1

Example 2: R2 Config

hostname R2
!
ipv6 unicast-routing
!
ipv6 router eigrp 1
 eigrp router-id 2.2.2.2
!
interface GigabitEthernet0/1
 ipv6 address 2001:0:0:1::2/64
 ipv6 eigrp 1
 no shutdown
!
interface GigabitEthernet0/2
 no shutdown
!
interface GigabitEthernet0/2.1
 encapsulation dot1q 30
 ipv6 address 2001:0:0:30::2/64
 ipv6 eigrp 1
!
interface GigabitEthernet0/2.2
 encapsulation dot1q 40
 ipv6 address 2001:0:0:40::2/64
 ipv6 eigrp 1

Example 3: SW1 Config

hostname SW1
!
vlan 10,20
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shutdown
!
interface GigabitEthernet0/2
 switchport access vlan 10
!
interface GigabitEthernet0/3
 switchport access vlan 20

Example 4: SW2 Config

hostname SW2
!
vlan 30,40
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shutdown
!
interface GigabitEthernet0/2
 switchport access vlan 30
!
interface GigabitEthernet0/3
 switchport access vlan 40

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solution, if you happen to try it with VIRL or real gear, you can check by verifying it with the show ipv6 access-lists and show ipv6 interfaces commands. If possible you could also configure hosts to the topology to ensure the access-list is working as expected.

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The virl topology matches this lab topology exactly. The host info does as well.

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping6 -c4 2001:0:0:10::100

Trace example: tracepath6 2001:0:0:10::1

This latest lab breaks the config lab mold just a tad, but for a good reason. It looks like a straightforward config lab, requiring just 10 minutes or so to do on paper. But it sets you up for one of the most common mistakes with IPv6 ACLs. Do the lab for yourself to see if the extra unstated bit of work is trigger in your brain, and then check here when you’re done.

Answers

Figure 1: Two Router ROAS Topology for IPv6 ACL Lab

Example 5: R1 Config

interface GigabitEthernet0/2.10
 ipv6 access-group ExtACL01-sub10 in
!
interface GigabitEthernet0/2.20
 ipv6 access-group ExtACL01-sub20 in
!
ipv6 access-list ExtACL01-sub10
 permit tcp host 2001:0:0:10::100 eq telnet 2001:0:0:30::/64
 permit tcp host 2001:0:0:10::100 eq ssh 2001:0:0:30::/64
 permit icmp any any router-solicitation
 permit icmp any any router-advertisement
 permit icmp any any nd-na
 permit icmp any any nd-ns
 deny ipv6 any any log
!
ipv6 access-list ExtACL01-sub20
 permit icmp 2001:0:0:20::/64 2001:0:0:40::/64
 permit icmp any any router-solicitation
 permit icmp any any router-advertisement
 permit icmp any any nd-na
 permit icmp any any nd-ns
 deny ipv6 any any log

Commentary

This lab asked you to create extended IPv6 ACLs. The difference between IPv6 standard and extended ACLs is subtle in that the configuration commands do not give any obvious clues about whether the ACL is standard or extended. If the ACL matches only the source and destination IPv6 address fields, it is a standard IPv6 ACL; otherwise, it is an extended IPv6 ACL.

Next, the lab gave two requirements for permitting traffic, but based on the topology, some of those packets enter R1’s G0/2.1 subinterface only, with the other traffic entering R1’s G0/2.2 subinterface. As a result, you could match the first permit requirement in a different ACL, enabled inbound on R1’s G0/2.1 subinterface, and match the second permit requirement in a second ACL, enabled inbound on R1’s G0/2.2 subinterface. The solution does just that. The ACLs use the following action for those permit requirements:

ACL ExtACL01-sub1: two permit statements, one for Telnet and one for SSH as the source TCP port.

ACL ExtACL01-sub2: one permit statements for all ICMPv6 messages

The requirements also ask you configure the ACL(s) so that all remaining packets are denied, and those matches are counted, and log messages are issued. Those requirements mean that you must explicitly match the remaining packets with an explicit deny command, with the log option, as shown at the end of the ACL with the deny ipv6 any any log ACL subcommand. And while correct, this command creates the one mistake that can be easily overlooked with IPv6 ACLs: the need to also then permit other types of ICMP messages, like NDP Neighbor Advertisement (NA) and Neighbor Solicitation (NS) messages.

The answers show the matching (with a permit) of four separate ICMPv6 messages that would otherwise be permitted by an inbound IPv6 ACL’s deny ipv6 any any command. In succession, each command permits ICMPv6 neighbor solicitation (NS), neighbor advertisement (NA), router solicitation (RS) and router advertisement (RA). Without these, hosts on the subnets would not discover the existence of the router nor learn the router’s MAC address.

Multilink PPP (MLPPP) makes multiple parallel links act like one link from a layer 3 perspective. In this next lab, the lab begins with a working configuration that does not use MLPPP, with two parallel serial links between two routers. Your job: reconfigure the two routers to use MLPPP, so that instead of balancing traffic using layer 3 balancing, MLPPP then load balances the traffic. This lab requires you to both configure MLPPP and consider any changes to the existing configuration that might be required as a result of the changes.

Requirements

Configure MLPPP on both router R1 and R2 in the figure, so that the routers have a single subnet (172.20.12.0/24) used between the two routers. Note that the figure shows two serial links between the routers, with two different subnets in use. As you will see when you look at the initial configurations, these routers begin in a state where they are using both links independently, so that each router would learn layer 3 routes that use each link as the outgoing interface. Your job: convert the configuration to treat the two links as a single layer 3 link using MLPPP, so that the routing protocol (OSPF) learns one route to remote subnet, with an outgoing interface that refers to the MLPPP multilink interface.

Follow these requirements:

• Configure the two serial links to use MLPPP:
  • Use MLPPP interface 2
  • Use subnet 172.20.12.0/24
  • Give R1 an IPv4 address that ends with .1, and R2 an address that ends with .2
  • Do not use any PPP authentication
• As for the transition from the existing configuration, examine the initial configurations shown in this lab exercise, and decide whether or not any existing configuration needs to be updated as a result:
  • Check the OSPF configuration, and make changes as needed, so that both routers still become OSPF neighbors and still exchange routes for their LAN subnets
  • Check the IP addressing configuration to remove any IP address overlaps or remove any unnecessary IP addresses.
• As for the topology:
  • Assume all interfaces shown in the figure are up and working

Figure 1: MLPPP Topology – Initial State Before You Make Your Configuration Changes

Initial Configuration

Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.

Example 1: Router R1 Initial Configuration

hostname R1
!
interface GigabitEthernet0/1
 no shutdown
 ip address 172.20.1.1 255.255.255.0
!
interface serial 0/0/0
 no shutdown
 clock rate 1536000
 ip address 172.20.3.1 255.255.255.0
!
interface serial 0/0/0
 no shutdown
 clock rate 1536000
 ip address 172.20.4.1 255.255.255.0
!
router ospf 1
 network 172.20.1.1 0.0.0.0 area 0
 network 172.20.3.1 0.0.0.0 area 0
 network 172.20.4.1 0.0.0.0 area 0

Example 2: Router R2 Initial Configuration

hostname R2
!
interface GigabitEthernet0/1
 no shutdown
 ip address 172.20.2.2 255.255.255.0
!
interface serial 0/0/0
 no shutdown
 clock rate 1536000
 ip address 172.20.4.2 255.255.255.0
!
interface serial 0/0/0
 no shutdown
 clock rate 1536000
 ip address 172.20.3.2 255.255.255.0
!
router ospf 1
 network 172.20.2.2 0.0.0.0 area 0
 network 172.20.3.2 0.0.0.0 area 0
 network 172.20.4.2 0.0.0.0 area 0

Answer on Paper, or Maybe Test in Lab

To answer on paper, or in a text editor, just write your answers. The next post will list my suggested solution. And with this particular lab, as worded, there should be only a single correct answer.

To test in lab, you cannot use VIRL, because this lab uses serial interfaces. However, you can use Packet Tracer or real hardware. Feel free to do the lab in either environment. You can use any serial interface numbers that you want to use.

If you do implement this lab, try these show commands to get some insights into your solution:

show ppp multilink

show interfaces multilink 2

show ip interface brief

show ip ospf interface

This lab asks you to do a basic migration: move from using two parallel serial links as independent links to instead treating them as one layer 3 link using MLPPP. This lab requires new configuration as well as analysis of the existing configuration. Do the lab on your own first, and then check here for my answer and explanation.

Answers

Figure 1: MLPPP Topology – Before Migrating to MLPPP

Example 3: Router R1 Config

interface serial 0/0/0
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 no ip address
!
interface serial 0/0/1
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 no ip address
!
interface multilink 2
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 ip address 172.20.12.1 255.255.255.0
!
router ospf 1
 network 172.20.12.1 0.0.0.0 area 0
 no network 172.20.3.1 0.0.0.0 area 0
 no network 172.20.4.1 0.0.0.0 area 0

Example 4: Router R2 Config

interface serial 0/0/0
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 no ip address
!
interface serial 0/0/1
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 no ip address
!
interface multilink 2
 encapsulation ppp
 ppp multilink
 ppp multilink group 2
 ip address 172.20.12.2 255.255.255.0
!
router ospf 1
 network 172.20.12.2 0.0.0.0 area 0
 no network 172.20.3.2 0.0.0.0 area 0
 no network 172.20.4.2 0.0.0.0 area 0

Commentary

This lab has a rather long configuration answer. This commentary starts by working through the MLPPP configuration, and then discusses some of the migration choices, particularly to do with OSPF and IP addressing.

The requirements asked you to use MLPPP multilink group 2. As a result:

• Both routers create a multilink interface with the interface multilink 2 command
• Both routers use the ppp multilink group 2 subcommand on their physical serial interfaces and on the multilink interface itself

For the layer 3 details, note that the configuration on each router:

• Adds an IPv4 address to each multilink interface, for example, with the ip address 172.20.12.1 255.255.255.0 subcommand under multilink 2 on router R1.
• Both routers remove the IP address configuration from the physical interfaces, because they are no longer needed, with the no ip address interface subcommand.

Next, as normal, the physical serial interfaces plus the multilink interface, on each router, need the same three subcommands. These commands (respectively) enable PPP, enable the MLPPP feature of PPP, and reference the MLPPP multilink group:

encapsulation ppp

ppp multilink

ppp multilink group 2

Finally, note that the OSPF configuration needed to be updated. The initial configuration happened to show OSPF configuration that matched based on all 32 bits of each interface IP address. The MLPPP configuration in this case moved away from using the addresses in subnets 172.20.3.0/24 and 172.20.4.0/24, now using subnet 172.20.12.0/24. The end of Examples 3 and 4 show the addition of one OSPF network command on each router, matching each router’s new IP address in subnet 172.20.12.0/24. It also shows the removal of the two now unneeded network commands.

This post kicks off a series of two types of related exercises here in the CCNA Skills blog. The first is an OSPF Enabler, and the other will be an EIGRP Enabler. Basically, they help you practice the commands used to enable each routing protocol on a router’s interfaces. Check out the rest of this post for details.

Specialized CCENT and CCNA Exercises – Here and Elsewhere

Here in this blog, and the related CCENT Skills blog, I try to leave posts that are useful to people studying for the CCNA and CCENT certifications. Some of those posts are more generic multichoice questions. For others, I find a specific skill that can be practiced a few times (or a few dozen times) to master the skill, creating some more specialized types of questions. These new OSPF and EIGRP Enabler exercises are another example of those.

Over the years, some of those types of exercises have made it into my CCNA certification guide books. With the 2016 editions of the books, several of those exercises are now interactive web applications. Just register each individual book (the ICND1 Cert Guide and the ICND2 Cert Guide) at www.ciscopress.com. Once there, login (the login is free), click the tab for “registered content”, and you’ll see your books with a link to “access bonus content”.

Image: What You’ll See at CiscoPress.com to Access the Book’s Interactive Apps

Overview: An OSPF Enabler Drill

Each OSPF Enabler exercise gives you practice at configuring the network command to enable OSPFv2 on interfaces. To make the exercise focus on the network command, and that command alone, each exercise gives you all the rest of the design and the config. All you need to do is add the network commands.

Like many of this blog’s posts, each OSPF Enabler exercise uses a pair of posts: The exercise and the answer. The exercise shows the details of a mostly complete configuration, along with a design. The answer post shows the completed configuration.

For instance, the first OSPF Enabler exercise shows the following figure, which details the topology, interface identifiers, and OSPF areas:

Example OSPF Enabler Figure

Answering an OSPF Enabler Exercise

So, what skill and knowledge will you be practicing when you answer an OSPF Enabler exercise? In short: how to configure the OSPF network command.

The OSPF network command has three key parameters:

1. A dotted decimal number that is either: An IP address, subnet number, or network number
2. A dotted decimal wildcard mask
3. An area number (either integer or dotted decimal)

Each OSPF Enabler exercise will be worded so that there is only one specific answer for each network command. Normally, you have the option to configure the subnet number and wildcard mask in a variety of correct ways to match an interface’s IP address (and thereby enabling OSPF on that interface). These exercises give you requirements that make you use one specific wildcard mask, which then dictates what the correct address/subnet/network should be. Specifically, the requirements will be:

1. Use a wildcard mask that matches only the interface IP addresses.
2. Use a wildcard mask that matches all addresses in each interface’s subnet.
3. Use a wildcard mask that matches all addresses in the classful network(s).

For example, if a router interface used address 172.16.1.1, with mask 255.255.255.0, and was in area 0, the correct network commands (using the above three rules, respectively) would be:

1. network 172.16.1.1 0.0.0.0 area 0
2. network 172.16.1.0 0.0.0.255 area 0
3. network 172.16.0.0 0.0.255.255 area 0

I’ll refer to these as a host match, subnet match, and network match.

Stay Tuned for the First Few Exercises

I’ll post the first OSPF Enabler soon (probably tomorrow), followed by the first EIGRP Enabler (same basic idea, just with EIGRP configuration obviously). Any questions, let me know!

Have you mastered how to configure OSPFv2 yet? If not, look at this exercise that sets up a series of problems for you. In one exercise, you’ll get to choose how to configure about 10 different network commands, with different requirements for each. It’s straightforward practice to master the skill of choosing the correct parameters for this key configuration command – an important skill for the CCNA exam!

Initial State: Topology and Area Design

The OSPF Enabler exercises start with an almost complete configuration matching a design shown in a figure. First, figure 1 shows the design, with all interfaces in area 0, with a three-router triangle.

OSPF Enabler OSPF Topology 1

Initial State: Interfaces and Routing Protocol

Each of the three routers has an initial configuration that includes IPv4 addresses, working interfaces, and OSPFv2 configured with a router ID. Examples 1, 2, and 3 show that configuration. (Note that you will reference this configuration when picking your answers.)

int g0/1
 ip addr 172.16.12.1 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.16.13.1 255.255.255.248
 no shut
!
int g0/3
 ip addr 172.21.1.1 255.255.255.0
 no shut
!
int g0/4
 ip addr 172.21.3.1 255.255.254.0
 no shut
!
router ospf 1
 router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

int g0/1
 ip addr 172.16.12.2 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.16.23.2 255.255.255.248
 no shut
!
int g0/3
 ip addr 172.22.2.2 255.255.255.128
 no shut
!
int g0/4
 ip addr 172.22.2.130 255.255.255.192
 no shut
!
router ospf 1
 router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

int g0/1
 ip addr 172.16.13.3 255.255.255.248
 no shut
!
int g0/2
 ip addr 172.16.23.3 255.255.255.248
 no shut
!
int g0/3
 ip addr 172.23.33.3 255.255.255.224
 no shut
!
int g0/4
 ip addr 172.23.33.213 255.255.255.240
 no shut
!
router ospf 1
 router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, you need to enable OSPF on all the interfaces shown in the figure. To do that, for this lab, add OSPFv2 network commands to each router’s configuration.  (That is, purposefully do not use the ip ospf interface subcommand, so that you can practice the network command.)

By the end of this exercise, a real network with the combined initial config plus your config should result in:

• OSPFv2 neighbor relationships between each pair of neighboring routers (three total)
• Each router has learned routes to all subnets in the figure

Configure Your Commands Per These Specific Rules

So far, the requirements would give you the ability to configure the network command in many ways. This section gives you specific requirements for this exercise just so that there is only one correct answer to the exercise. In your network commands, use wildcard mask parameters as follows:

R1 – Network wildcard: On router R1, use wildcard masks so that each network command would match all addresses in a single classful network (that is, in a single class A, B, or C network.)

R2 –  Subnet wildcard: On router R2, use wildcard masks so that each network command would match all addresses in a single subnet.

R3 –  Address wildcard: On router R3, use wildcard masks so that each network command would match one specific IP address.

Note that this exercise is not like what real network engineers do in their jobs. For this exercise, I gave you different rules for the configuration of each router, so that you could exercise and learn different options. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

The first OSPF Enabler exercise asked you to configure three routers, specifically to add the OSPFv2 network commands. This post lists the answers – simple enough.

The Topology

It is probably best to have the exercise post on the screen at the same time you look at this post. If not, for convenience, here’s a copy of the topology figure for this exercise.

OSPF Enabler OSPF Topology 1

The Answers

I promised short, sweet, and to the point. Here are the answers!

router ospf 1
  network 172.16.0.0 0.0.255.255 area 0
  network 172.21.0.0 0.0.255.255 area 0

Answers: Router R1

router ospf 1
  network 172.16.12.0  0.0.0.3   area 0
  network 172.16.23.0  0.0.0.7   area 0
  network 172.22.2.0   0.0.0.127 area 0
  network 172.22.2.128 0.0.0.63  area 0

Answers: Router R2

router ospf 1
  network 172.16.13.3   0.0.0.0 area 0
  network 172.16.23.3   0.0.0.0 area 0
  network 172.23.33.3   0.0.0.0 area 0
  network 172.23.33.213 0.0.0.0 area 0

Answers: Router R3

Comments and Explanations – R1

For R1, you needed to start by identifying the various classful networks (class A, B, or C networks) used on the interfaces. Then, to configure one network command to match each classful network, you need to take the default mask for each classful network and invert the mask to find the corresponding wildcard mask. For default masks, those are:

Default mask 255.0.0.0 – Inverts to wildcard mask 0.255.255.255

Default mask 255.255.0.0 – Inverts to wildcard mask 0.0.255.255

Default mask 255.255.255.0 – Inverts to wildcard mask 0.0.0.255

For OSPF areas, in this case, all interfaces were in area 0, so all the network commands of course end with the area 0 keywords.

Comments and Explanations – R2

R2 requires the most thought. To get these commands totally correct per the requirements, you must:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command
4. The design places all interfaces in area 0, so the commands all end with area 0.

Because of how the exercise is worded, you should have four network commands, one matching the subnet off each of the four interfaces on R2.

Comments and Explanations – R3

R3 requires the least thought of the three requirements. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling OSPFv2 on that interface.

Also, as with all other cases in this lab, all interfaces were in area 0, so all the network commands of course end with the area 0 keywords.

At some point, you need to master the network commands used with routing protocol configuration. This exercise gives you some practice on that one specific point, specific to EIGRP configuration. Your job: read and react to a set of requirements to then choose how to configure about a dozen EIGRP network commands – an important skill for the CCNA exam!

Initial State: Topology

Each EIGRP (and OSPF) Enabler exercise starts with an almost complete configuration matching a design shown in a figure. Figure 1 shows the figure for this exercise, which shows one central-site router (R1) and three remote routers.

EIGRP Enabler Topology

Initial State: Interfaces and Routing Protocol

Each of the routers has an initial configuration that includes IPv4 addresses, working interfaces, and EIGRP configured to shows its autonomous system number. Examples 1, 2, 3, and 4 show that configuration. (Note that you will reference this configuration when picking your answers.)

int g0/1
 ip addr 172.17.1.1 255.255.255.0
 no shut
!
int g0/2
 ip addr 172.17.2.1 255.255.254.0
 no shut
!
int g0/3
 ip addr 172.17.99.1 255.255.255.252
 no shut
!
int g0/4
 ip addr 172.17.99.41 255.255.255.248
 no shut
!
int g0/5
 ip addr 172.17.99.81 255.255.255.240
 no shut
!
router eigrp 1
 eigrp router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

int g0/1
 ip addr 172.17.99.2 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.17.4.2 255.255.252.0
 no shut

!
router eigrp 1
 eigrp router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

int g0/1
 ip addr 172.17.99.43 255.255.255.248
 no shut
!
int g0/2
 ip addr 172.17.8.3 255.255.248.0
 no shut

!
router eigrp 1
 eigrp router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

int g0/1
 ip addr 172.17.99.84 255.255.255.240
 no shut
!
int g0/2
 ip addr 172.17.20.4 255.255.240.0
 no shut
!
router eigrp 1
 eigrp router-id 4.4.4.4
 ! Need network Commands Here

Router R4 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, you need to enable EIGRP on all the interfaces shown in the figure. To do that, for this lab, add EIGRP network commands to each router’s configuration.

By the end of this exercise, a real network with the combined initial config, plus your config, should result in:

• EIGRP neighbor relationships between the central site router (R1) and each of the three remote routers. That is, R1 will have three neighbors, while R2, R3, and R4 will have one neighbor (R1).
• Each router has learned routes to all subnets in the figure.

Configure Your Commands Per These Specific Rules

This section gives you specific requirements for this exercise just so that there is only one correct answer to the exercise. I chose the following rules just to give you a variety of practice. In your network commands, use wildcard mask parameters as follows:

R1 – Match the Network: On router R1, make each network command match all addresses in a single classful network (that is, in a single class A, B, or C network.) Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R2 –  Match the Subnet: On router R2, make each network command match all addresses in a single subnet. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R3 –  Match the Interface Address: On router R3, make each network command match one specific IP address. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R4 –  Match the Subnet: Same rules as for R2.

Note that this exercise is not like what real network engineers do in their jobs. For this exercise, I gave you different rules for the configuration of each router, so that you could exercise and learn different options. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

The first EIGRP Enabler exercise asked you to configure four routers, specifically to add the EIGRP network commands. This post lists the answers – simple enough.

The Topology

It is probably best to have the exercise post on the screen at the same time you look at this post. If not, for convenience, here’s a copy of the topology figure for this exercise.

EIGRP Enabler Topology

The Answers

I promised short, sweet, and to the point. Here are the answers!

router eigrp 1
 network 172.17.0.0

Answers: Router R1

router eigrp 1
 network 172.17.4.0 0.0.3.255
 network 172.17.99.0 0.0.0.3

Answers: Router R2

router eigrp 1
 network 172.17.8.3 0.0.0.0
 network 172.17.99.43 0.0.0.0

Answers: Router R3

router eigrp 1
 network 172.17.16.0 0.0.15.255
 network 172.17.99.80 0.0.0.15

Answers: Router R4

Comments and Explanations – R1

For R1, you needed to start by identifying the various classful networks (class A, B, or C networks) used on the interfaces. Then, to configure one network command to match each classful network, just configure the network command with that classful network number, and with no wildcard mask. Simple enough.

In this case, R1 has five interfaces with IPv4 addresses, all of which are part of class B network 172.17.0.0. Therefore, R1 needs only a single command: network 172.17.0.0.

Comments and Explanations – R2

R2 requires the most thought. To get these commands totally correct per the requirements, you must:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command

Because of how the exercise is worded, you should have two network commands, one matching the subnet off each of the interfaces on R2.

Comments and Explanations – R3

R3 requires the least thought of the three requirements. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling EIGRP on that interface.

In this case, with two interfaces with IPv4 addresses, R3 needs two network commands, as shown in Example 3.

Comments and Explanations – R4

The requirements ask us to use the same logic to match each subnet as we used with router R2. The only twist here is that the subnet ID on one interface isn’t quite as obvious, and if you got in a hurry, you might have configured an incorrect subnet ID. Interface address 172.17.20.4, with mask 255.255.240.0, is in subnet 172.17.16.0, resulting in a correct command of network 172.17.16.0 0.0.15.255.

Time for another OSPF Enabler exercise. The idea is simple: In one exercise, you’ll get to configure about 10 different OSPFv2 network commands, with different requirements for each. Just getting in some reps on some skills that need to be pretty much automatic for the CCNA exam!

Initial State: Topology and Area Design

Figure 1 shows the design for this exercise.

OSPF Enabler Topology

Initial State: Interfaces and Routing Protocol

Each of the three routers has an initial configuration that includes IPv4 addresses, working interfaces, and OSPFv2 configured with a router ID. Examples 1, 2, 3, and 4 show that configuration. (Note that you will reference this configuration when picking your answers.)

int g0/1
 ip addr 172.23.12.151 255.255.255.192
 no shut
!
int g0/2
 ip addr 172.23.13.151 255.255.255.224
 no shut
!
int g0/3
 ip addr 172.20.1.151 255.255.252.0
 no shut

!
router ospf 1
 router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

int g0/1
 ip addr 172.23.12.152 255.255.255.192
 no shut
!
int g0/2
 ip addr 172.23.24.152 255.255.255.240
 no shut
!
!
int g0/3
 ip addr 172.23.2.152 255.255.248.0
 no shut

!
router ospf 1
 router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

int g0/1
 ip addr 172.23.13.153 255.255.255.224
 no shut
!
int g0/2
 ip addr 172.23.34.153 255.255.255.192
 no shut
 
!
int g0/3
 ip addr 172.23.3.153 255.255.255.240
 no shut

!
router ospf 1
 router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

int g0/1
 ip addr 172.23.24.154 255.255.255.240
 no shut
!
int g0/2
 ip addr 172.23.34.154 255.255.255.192
 no shut
 
!
int g0/3
 ip addr 172.23.4.154 255.255.255.224
 no shut

!
router ospf 1
 router-id 4.4.4.4
 ! Need network Commands Here

Router R4 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, you need to enable OSPF on all the interfaces shown in the figure. To do that, for this lab, add OSPFv2 network commands to each router’s configuration.  (That is, purposefully do not use the ip ospf interface subcommand, so that you can practice the network command.)

By the end of this exercise, a real network with the combined initial config plus your config should result in:

• OSPFv2 neighbor relationships between each pair of neighboring routers (four total)
• Each router has learned routes to all subnets in the figure

Configure Your Commands Per These Specific Rules

So far, the requirements would give you the ability to configure the network command in many ways. This section gives you specific requirements for this exercise just so that there is only one correct answer to the exercise. In your network commands, use wildcard mask parameters as follows:

R1 – Network wildcard: On router R1, use wildcard masks so that each network command would match all addresses in a single classful network (that is, in a single class A, B, or C network.)

R2 –  Subnet wildcard: On router R2, use wildcard masks so that each network command would match all addresses in a single subnet.

R3 –  Address wildcard: On router R3, use wildcard masks so that each network command would match one specific IP address.

R4 –  Subnet wildcard: Same rules as router R2.

Note that this exercise is not like what real network engineers do in their jobs. For this exercise, I gave you different rules for the configuration of each router, so that you could exercise and learn different options. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

Do this Exercise as a Lab with VIRL

Are you thinking that you’d like to just do this exercise with VIRL, instead of on paper, or just typing in an editor? We already built the topology and initial configuration. Just click below to get the .VIRL file.

OSPF Enabler 1 VIRL – Initial State

This latest OSPF Enabler exercise asked you to configure four routers in a two-area design. As usual, the exercise asks for different styles of OSPFv2 network commands, for no other reason than to give you a variety of exercise. This post lists the answers – take a look.

The Topology

It is probably best to have the exercise post in another tab/window while looking at this post, but if not, here’s a copy of the topology figure for this exercise.

OSPF Enabler OSPF Topology

The Answers

I promised short, sweet, and to the point. Here are the answers!

router ospf 1
  network 172.23.0.0 0.0.255.255 area 0
  network 172.20.0.0 0.0.255.255 area 0

Answers: Router R1

router ospf 1
  network 172.23.12.128  0.0.0.63   area 0
  network 172.23.24.144  0.0.0.15   area 0
  network 172.23.0.0     0.0.7.255  area 0

Answers: Router R2

router ospf 1
  network 172.23.13.153  0.0.0.0 area 0
  network 172.23.34.153  0.0.0.0 area 34
  network 172.23.3.153   0.0.0.0 area 34

Answers: Router R3

router ospf 1
  network 172.23.24.144  0.0.0.15 area 0
  network 172.23.34.128  0.0.0.63 area 34
  network 172.23.4.128   0.0.0.31 area 34

Answers: Router R4

Comments and Explanations – R1

For R1, you needed to start by identifying the various classful networks (class A, B, or C networks) used on the interfaces. Then, to configure one network command to match each classful network, you need to take the default mask for each classful network and invert the mask to find the corresponding wildcard mask. For default masks, those are:

Default mask 255.0.0.0 – Inverts to wildcard mask 0.255.255.255

Default mask 255.255.0.0 – Inverts to wildcard mask 0.0.255.255

Default mask 255.255.255.0 – Inverts to wildcard mask 0.0.0.255

For OSPF areas, in this case, all interfaces were in area 0, so all the network commands of course end with the area 0 keywords.

Comments and Explanations – R2

R2 requires more thought than for routers R1 and R3. To get these commands totally correct per the requirements, you must:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command
4. The design places all interfaces in area 0, so the commands all end with area 0.

Because of how the exercise is worded, you should have a network command per interface, or in this case, three commands. Each matches the addresses in the subnet off each of the three interfaces on R1. And because all are in area 0, all the network commands end with the area 0 keywords.

Comments and Explanations – R3

R3 requires the least thought of the three requirements. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling OSPFv2 on that interface.

The only possibly tricky part is that R3 has one interface in area 0 (G0/1), and two in area 34 (G0/2, G0/3), so the three network commands will list different areas.

Comments and Explanations – R4

R4, like R2, requires more thought. Following the same process as with R2, you end up with three network commands, one per interface, with each matching the range of IP addresses in the subnets connected to those interfaces. And in this case, note that like R3, two interfaces are in area 34, while one is in area 0.

Now for some more EIGRP work. Your job: read and react to a set of requirements to then choose how to configure about a dozen EIGRP network commands. Simple, useful, do it and move on to the next thing!

Initial State: Topology

Figure 1 shows the topology for this exercise, with three routers connected in a triangle, each with two LAN interfaces.

EIGRP Enabler Topology

Initial State: Interfaces and Routing Protocol

Each of the routers has an initial configuration that includes IPv4 addresses, working interfaces, and EIGRP configured to shows its autonomous system number. Examples 1, 2, and 3 show that configuration.

int g0/1
 ip addr 172.16.12.1 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.16.13.1 255.255.255.248
 no shut
!
int g0/3
 ip addr 172.21.1.1 255.255.255.0
 no shut
!
int g0/4
 ip addr 172.21.3.1 255.255.254.0
 no shut
!
router eigrp 1
 eigrp router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

int g0/1
 ip addr 172.16.12.2 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.16.23.2 255.255.255.248
 no shut
!
!
int g0/3
 ip addr 172.22.2.2 255.255.255.128
 no shut
!
int g0/4
 ip addr 172.22.2.130 255.255.255.192
 no shut
!
router eigrp 1
 eigrp router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

!
int g0/1
 ip addr 172.16.13.3 255.255.255.248
 no shut
!
int g0/2
 ip addr 172.16.23.3 255.255.255.248
 no shut
 
!
int g0/3
 ip addr 172.23.33.3 255.255.255.224
 no shut
!
int g0/4
 ip addr 172.23.33.213 255.255.255.240
 no shut
!
router eigrp 1
 eigrp router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, you need to enable EIGRP on all the interfaces shown in the figure. To do that, for this lab, add EIGRP network commands to each router’s configuration.

By the end of this exercise, a real network with the combined initial config, plus your config, should result in:

• EIGRP neighbor relationships between each pair of routers, so that each router has two EIGRP neighbors.
• Each router has learned routes to all subnets in the figure.

Configure Your Commands Per These Specific Rules

Use the following requirements when configuring your EIGRP network commands.

R1 –  Match the Subnet: On router R1, make each network command match all addresses in a single subnet. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R2 –  Match the Subnet: Same rules as on router R1.

R3 –  Match the Interface Address: On router R3, make each network command match one specific IP address. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

Note that this exercise is not like what real network engineers do in their jobs. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

Do this Exercise as a Lab with VIRL

Are you thinking that you’d like to just do this exercise with VIRL, instead of on paper, or just typing in an editor? We already built the topology and initial configuration. Just click below to get the .VIRL file.

EIGRP Enabler 2 VIRL – Initial State

This latest EIGRP Enabler exercise asked you to configure three routers, specifically to add the EIGRP network commands. This post lists the answers – simple enough.

The Topology

It is probably best to have the exercise post on the screen at the same time you look at this post. If not, for convenience, here’s a copy of the topology figure for this exercise.

EIGRP Enabler Topology

The Answers

I promised short, sweet, and to the point. Here are the answers!

router eigrp 1
  network 172.16.12.0 0.0.0.3
  network 172.16.13.0 0.0.0.7
  network 172.21.1.0  0.0.0.255
  network 172.21.2.0  0.0.1.255

Answers: Router R1

router eigrp 1
  network 172.16.12.0  0.0.0.3
  network 172.16.23.0  0.0.0.7
  network 172.22.2.0   0.0.0.127
  network 172.22.2.128 0.0.0.63

Answers: Router R2

router eigrp 1
  network 172.16.13.3   0.0.0.0
  network 172.16.23.3   0.0.0.0
  network 172.23.33.3   0.0.0.0
  network 172.23.33.213 0.0.0.0

Answers: Router R3

Comments and Explanations – R1

R1 requires some thought because you must calculate the subnet ID of each subnet off each interface, and find the ACL wildcard mask to use that matches the subnet mask on each interface, following a process like this:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command

Because of how the exercise is worded, you should have four network commands, one matching the subnet off each of the interfaces on R1.

Most of the math should be straightforward, but the last network command in the answer – network 172.21.2.0 0.0.1.255 – looks a little weird. Just trust your subnetting skills to show yourself that 172.21.2.0 is the correct subnet ID, and then subtract 255.255.254.0 from 255.255.255.255 to get wildcard mask 0.0.1.255.

Comments and Explanations – R2

R2 uses the same “match subnet” logic as R1, with the same process. Just work the process!

Most of the math should be straightforward, but the last network command in the answer – network 172.22.2.128 0.0.0.63 – looks a little weird. Again trust your subnetting skills to show yourself that 172.22.2.128 is the correct subnet ID, and then subtract 255.255.255.192 from 255.255.255.255 to get wildcard mask 0.0.0.63.

Comments and Explanations – R3

R3 requires the least thought of all the routers. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling EIGRP on that interface.

In this case, with two interfaces with IPv4 addresses, R3 needs four network commands, as shown in Example 3.

In this latest OSPF Enabler exercise, you’ll configure a network of four routers with three areas. As always, the idea is simple: In one exercise, you’ll get to configure about 10 different OSPFv2 network commands, with different requirements for each. Just getting in some reps on some skills that need to be pretty much automatic for the CCNA exam!

Initial State: Topology and Area Design

Figure 1 shows the design for this exercise.

OSPF Enabler Topology

Initial State: Interfaces and Routing Protocol

Each of the three routers has an initial configuration that includes IPv4 addresses, working interfaces, and OSPFv2 configured with a router ID. Examples 1, 2, 3, and 4 show that configuration. (Note that you will reference this configuration when picking your answers.)6

int g0/1
 ip addr 172.17.1.1 255.255.255.0
 no shut
!
int g0/2
 ip addr 172.17.2.1 255.255.254.0
 no shut
!
int g0/3
 ip addr 172.17.99.1 255.255.255.252
 no shut
!
int g0/4
 ip addr 172.17.99.41 255.255.255.248
 no shut
!
int g0/5
 ip addr 172.17.99.81 255.255.255.240
 no shut
!
router ospf 1
  router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

!
int g0/1
 ip addr 172.17.99.2 255.255.255.252
 no shut
!
int g0/2
 ip addr 172.17.4.2 255.255.252.0
 no shut

!
router ospf 1
  router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

!
int g0/1
 ip addr 172.17.99.43 255.255.255.248
 no shut
!
int g0/2
 ip addr 172.17.8.3 255.255.248.0
 no shut

!
router ospf 1
  router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

!
int g0/1
 ip addr 172.17.99.84 255.255.255.240
 no shut
!
int g0/2
 ip addr 172.17.20.4 255.255.240.0
 no shut
!
router ospf 1
  router-id 4.4.4.4
 ! Need network Commands Here

Router R4 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, you need to enable OSPF on all the interfaces shown in the figure. To do that, for this lab, add OSPFv2 network commands to each router’s configuration.  (That is, purposefully do not use the ip ospf interface subcommand, so that you can practice the network command.)

By the end of this exercise, a real network with the combined initial config plus your config should result in:

• OSPFv2 neighbor relationships between each pair of neighboring routers. That means R1 will show three OSPF neighbors, and the other routers will list one neighbor.
• Each router has learned routes to all subnets in the figure

Configure Your Commands Per These Specific Rules

So far, the requirements would give you the ability to configure the network command in many ways. This section gives you specific requirements for this exercise just so that there is only one correct answer to the exercise. In your network commands, use wildcard mask parameters as follows:

R1 –  Subnet wildcard: On router R1, use wildcard masks so that each network command would match all addresses in a single subnet.

R2 – Network wildcard: On router R2, use wildcard masks so that each network command would match all addresses in a single classful network (that is, in a single class A, B, or C network.)

R3 –  Address wildcard: On router R3, use wildcard masks so that each network command would match one specific IP address.

R4 –  Subnet wildcard: Same rules as router R1.

Note that this exercise is not like what real network engineers do in their jobs. For this exercise, I gave you different rules for the configuration of each router, so that you could exercise and learn different options. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

Do this Exercise as a Lab with VIRL

Are you thinking that you’d like to just do this exercise with VIRL, instead of on paper, or just typing in an editor? We already built the topology and initial configuration. Just click below to get the .VIRL file.

OSPF Enabler 3 VIRL – Initial State

This latest OSPF Enabler exercise asked you to configure four routers in a three-area design. As usual, the exercise asks for different styles of OSPFv2 network commands, for no other reason than to give you a variety of exercise. This post lists the answers – take a look.

The Topology

It is probably best to have the exercise post in another tab/window while looking at this post, but if not, here’s a copy of the topology figure for this exercise.

OSPF Enabler OSPF Topology

The Answers

I promised short, sweet, and to the point. Here are the answers!

router ospf 1
  network 172.17.1.0   0.0.0.255 area 0
  network 172.17.2.0   0.0.1.255 area 0
  network 172.17.99.0  0.0.0.3   area 123
  network 172.17.99.40 0.0.0.7   area 123
  network 172.17.99.80 0.0.0.15  area 14

Answers: Router R1

router ospf 1
  network 172.17.0.0  0.0.255.255   area 123

Answers: Router R2

router ospf 1
  network 172.17.99.43 0.0.0.0 area 123
  network 172.17.8.3   0.0.0.0 area 123

Answers: Router R3

router ospf 1
  network 172.17.99.80  0.0.0.15   area 14
  network 172.17.16.0   0.0.15.255 area 14

Answers: Router R4

Comments and Explanations – R1

R1 requires more thought than for routers R2 and R3. To get these commands totally correct per the requirements, you must:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command
4. The design places all interfaces in area 0, so the commands all end with area 0.

Because of how the exercise is worded, you should have a network command per interface, or in this case, five commands. Each matches the addresses in the subnet off each of the three interfaces on R1.

Note that R1 is an area border router (ABR), with interfaces in three different areas. So, you would need at least three different network commands regardless of the rules for this exercise. So, for this exercise, I asked you to match addresses by subnet, so that you would need one network command per interface.

Comments and Explanations – R2

For R2, you needed to start by identifying the various classful networks (class A, B, or C networks) used on the interfaces. Then, to configure one network command to match each classful network, you need to take the default mask for each classful network and invert the mask to find the corresponding wildcard mask. For default masks, those are:

Default mask 255.0.0.0 – Inverts to wildcard mask 0.255.255.255

Default mask 255.255.0.0 – Inverts to wildcard mask 0.0.255.255

Default mask 255.255.255.0 – Inverts to wildcard mask 0.0.0.255

For OSPF areas, in this case, all interfaces were in area 123, so both the network commands of course end with the area 123 keywords.

Comments and Explanations – R3

R3 requires the least thought of the three requirements. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling OSPFv2 on that interface.

Comments and Explanations – R4

R4, like R1, requires more thought. Following the same process as with R1, you end up with two network commands, one per interface, with each matching the range of IP addresses in the subnets connected to those interfaces.

The only possibly tricky part with R4 is due to the subnet mask of 255.255.240.0 on interface g0/2. The inverse of that subnet mask is 0.0.15.255, which looks a little counter-intuitive, but is correct. Additionally, the interface IP address of 172.17.20.4 with mask 255.255.240.0 is in subnet 172.17.16.0, which again looks a little strange at first glance. So, the network 172.17.16.0 0.0.15.255 area 14 command requires that you be pretty comfortable with your math.

The Cisco SE organization and Cisco DevNet are teaming up to hold a Cisco Chat about CLI and API. It has a catchy title: “Have APIs Killed the CLI?”. This blog post gives some short background, with a survey so I can gather some informal data before the event! (Yep, I get to join in – and so can you! see inside.)

Reporter Questions

The time: 11:00AM US Eastern time, Wednesday March 22, 2017.

The how: Twitter. Search on #ciscochat, and click the “latest” title bar option. Then keep clicking refresh to see the latest posts.

What to do: Join in! reply to any of the tweets, put #ciscochat into the tweet so we all see it (all of us on the chat will also be searching and refreshing for #ciscochat).

Elaboration before Informal Unscientific Survey!

I had just enough time to get a quick post out this AM about the upcoming event, but I did want to give you a chance to comment beyond those willing to write their thoughts. The idea: what are you using today?

The polls do not leave a lot of space to elaborate, so this post lets me add some details. So, here’s the problem setup that I’m thinking:

CLI and API have specific meaning, but they can be broad. For this survey, CLI includes:

• Console and aux port connects with a terminal emulator
• Telnet and SSH into a device
• Any application that hides the use of console, Telnet, SSH behind the scenes. EG:
  • Cisco Prime Infrastructure can configure devices using Telnet/SSH
  • APIC-EM can configure and extract data using Telnet/SSH

All the above are “CLI”, either directly or indirectly.

For API, same general idea, but a few to point out:

• The use of your program that makes API calls (that’s about as direct as you get)
• The use of orchestration software that then makes API calls
• The use of a graphical interface of a tool, with that tool in turn making use of APIs do to the work you requested. For example:
  • Configuring ACI using the APIC controller user interface
• NetConf with YANG. I’d put this in the API space, even though it uses SSH for transport, it’s transporting YANG models instead of CLI commands. (Check out Adam Radford’s intro post on the topic.)

In short, if the primary action to work with the networking devices is done by APIs, and the API does NOT control the devices by the exchange of commands you could have typed from the CLI, call it API. If done through commands that you could have typed at the CLI if using SSH etc, I’ll call it CLI for the purposes of this survey.

End of elaboration!

Survey: What Percentage of Your Work Today is CLI Vs. API?

Think of the work you do that fits into either CLI or API, and that’s 100%. That is, just think about the CLI and API work (elaborated above). How much of it TODAY is CLI (direct or indirect), vs API (direct or indirect)? That’s the hope of this poll. Enjoy!

The goal is to get so good at your OSPF and EIGRP network commands that you get bored with all these exercises. There yet? If not, here’s another. As always with the EIGRP and OSPF Enabler exercises, your job: read and react to a set of requirements to then choose how to configure about a dozen network commands. Simple, useful, do it and move on to the next thing!

Initial State: Topology

Figure 1 shows the topology for this exercise, with four routers connected in a square, each with one extra LAN interface.

EIGRP Enabler Topology

Initial State: Interfaces and Routing Protocol

Each of the routers has an initial configuration that includes IPv4 addresses, working interfaces, and EIGRP configured to shows its autonomous system number. Examples 1, 2, 3, and 4 show that configuration.

int g0/1
 ip addr 172.23.12.151 255.255.255.192
 no shut
!
int g0/2
 ip addr 172.23.13.151 255.255.255.224
 no shut
!
int g0/3
 ip addr 172.20.1.151 255.255.252.0
 no shut

!
router eigrp 1
 eigrp router-id 1.1.1.1
 ! Need network Commands Here

Router R1 Initial Configuration

int g0/1
 ip addr 172.23.12.152 255.255.255.192
 no shut
!
int g0/2
 ip addr 172.23.24.152 255.255.255.240
 no shut
!
!
int g0/3
 ip addr 172.23.2.152 255.255.248.0
 no shut

!
router eigrp 1
 eigrp router-id 2.2.2.2
 ! Need network Commands Here

Router R2 Initial Configuration

!
int g0/1
 ip addr 172.23.13.153 255.255.255.224
 no shut
!
int g0/2
 ip addr 172.23.34.153 255.255.255.192
 no shut

!
int g0/3
 ip addr 172.23.3.153 255.255.255.240
 no shut

!
router eigrp 1
 eigrp router-id 3.3.3.3
 ! Need network Commands Here

Router R3 Initial Configuration

!
int g0/1
 ip addr 172.23.24.154 255.255.255.240
 no shut
!
int g0/2
 ip addr 172.23.34.154 255.255.255.192
 no shut

!
int g0/3
 ip addr 172.23.4.154 255.255.255.224
 no shut

!
router eigrp 1
 eigrp router-id 4.4.4.4
 ! Need network Commands Here

Router R4 Initial Configuration

Your Job: Complete the Configuration with network Commands

To finish the configuration, add EIGRP network commands to each router’s configuration.  By the end of this exercise, a real network with the combined initial config, plus your config, should result in:

• EIGRP neighbor relationships between each pair of routers, so that each router has two EIGRP neighbors.
• Each router has learned routes to all subnets in the figure.

Configure Your Commands Per These Specific Rules

Use the following requirements when configuring your EIGRP network commands.

R1 –  Match the Subnet: On router R1, make each network command match all addresses in a single subnet. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R2 –  Match the Interface Address: On router R2, make each network command match one specific IP address. Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

R3 –  Match the Subnet: Same rules as on router R1.

R4 – Match the Network: On router R4, make each network command match all addresses in a single classful network (that is, in a single class A, B, or C network.) Use wildcard masks as needed, and use as many network commands as needed to enable EIGRP on all interfaces shown in the figure.

Note that this exercise is not like what real network engineers do in their jobs. In real networks, you would probably use the same approach on each router.

Answers!

I will post an answer post in a few days. So, look for the link at the bottom of this page.

Do this Exercise as a Lab with VIRL

Are you thinking that you’d like to just do this exercise with VIRL, instead of on paper, or just typing in an editor? We already built the topology and initial configuration. Just click below to get the .VIRL file.

EIGRP Enabler 3 VIRL – Initial State

EIGRP Enabler exercise 3 asked you to configure four routers, specifically to add the EIGRP network commands. If you’ve not seen these before, check out the Routing Protocol Enabler intro post. Otherwise, it’s straightforward, so keep going!

The Topology

It is probably best to have the exercise post on the screen at the same time you look at this post. If not, for convenience, here’s a copy of the topology figure for this exercise.

EIGRP Enabler Topology

The Answers

I promised short, sweet, and to the point. Here are the answers!

router eigrp 1
  network 172.23.12.128 0.0.0.63
  network 172.23.13.128 0.0.0.31
  network 172.20.0.0    0.0.3.255

Answers: Router R1

router eigrp 1
  network 172.23.12.152 0.0.0.0
  network 172.23.24.152 0.0.0.0
  network 172.23.2.152  0.0.0.0

Answers: Router R2

router eigrp 1
  network 172.23.13.128 0.0.0.31
  network 172.23.34.128 0.0.0.63
  network 172.23.3.144  0.0.0.15

Answers: Router R3

router eigrp 1
  network 172.23.0.0

Answers: Router R4

Comments and Explanations – R1

R1 requires some thought because you must calculate the subnet ID of each subnet off each interface, and find the ACL wildcard mask to use that matches the subnet mask on each interface, following a process like this:

1. Begin with each interface’s IP address and subnet mask
2. Calculate the subnet ID, which will be the first parameter in the network command
3. Invert the subnet mask, which will be the second parameter in the network command

Because of how the exercise is worded, you should have three network commands, one matching the subnet off each of the interfaces on R1.

Most of the math should be straightforward, but the numbers might give you reason to be suspicious. Two of the network commands have a subnet ID that ends with a .128 – both are correct –  but with two different subnet masks, that kind of answer can appear to be incorrect.

R1 has another suspicious number for the last network command. Note that R1’s G0/3 happens to be a zero subnet, so the EIGRP network 172.20.0.0 0.0.3.255 subcommand uses what looks like class B network number 172.20.0.0. The command network 172.20.0.0, with no wildcard, would be incorrect per the exercise, because it would match all addresses in the class B network. The network 172.20.0.0 0.0.3.255 command matches all the addresses in the correct zero subnet off R1’s G0/3, meeting the requirements – but looking a little strange.

And if that last paragraph caused you more pain than if you just hadn’t read it: trust the process. The first number is the subnet ID, and the second is the inverse of the subnet mask (that is, 255.255.255.255 – subnetmask). Trust the process.

Comments and Explanations – R2

R2 requires the least thought of all the routers. To match a single IP address, use wildcard mask of 0.0.0.0. For the number preceding the wildcard mask in the network command, use the interface IP address. The result: each network command matches an interface IP address, and only that address, enabling EIGRP on that interface.

Comments and Explanations – R3

R3 uses the same “match subnet” logic as R1, with the same process. Just work the process!

As for these specific answers, the two network commands whose subnet IDs end in .128 again may look strange sitting right above/below each other, but are correct. And the fact that all these subnet IDs do not end in 0 can cause many people to mistrust their math. Once again, subnetting math shows up in the most unlikely of places!

Comments and Explanations – R4

For R4, you needed to start by identifying the various classful networks (class A, B, or C networks) used on the interfaces. Then, to configure one network command to match each classful network, just configure the network command with that classful network number, and with no wildcard mask. Simple enough.

In this case, R4 has three interfaces, all three of which connect to class B network 172.23.0.0. Therefore, R4 needs only a single command: network 172.23.0.0.