Learning by practicing: Cisco CCNP - 300-101 - Configuring and Verifying EIGRP, Peering into the EIGRP Packets

Saturday, January 10, 2015

Cisco CCNP - 300-101 - Configuring and Verifying EIGRP, Peering into the EIGRP Packets

So it's that time again for me to renew my Cisco Certifications. As a result, this post is based on my preparation for the CCNP Route Exam (300-101).

In this post I will be focusing on Configuring and Verifying EIGRP,
while Peering into the EIGRP Packets

The topology used in this lab is the topology used in the earlier post on DMVPN, GRE, NHRP

Topology

This topology consists of one internet router, HQ and 2 Branches.

Internet Router:
    - Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
    - Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
    - Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
    - Interface lo7 - Loopback for testing - IP 7.0.0.1/32
    - Interface lo8 - Loopback for testing - IP 8.0.0.1/32


HQ
    - Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
    - Interface lo1 - Loopback for testing - IP 1.0.0.1/32
    - Interface lo2 - Loopback for testing - IP 2.0.0.1/32
    - Default Gateway - 3.0.0.1

    DMVPN IP
        - 192.168.0.1/24


Branch-1
    - Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
    - Default Gateway - 5.0.0.1

    203 Server on Branch 1 - LAN
        eth0 - 10.0.0.2/24
        Default Gateway - 10.0.0.1

    DMVPN IP
        - 192.168.0.2/24


Branch-2
    - Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
    - Default Gateway - 4.0.0.1

    Kali Host on Branch-2
        eth0 - 172.16.0.2/24
        Default Gateway - 172.16.0.1

    DMVPN IP
        - 192.168.0.3/24
This topology consists of one internet router, a HQ and 2 Branches.

Internet Router:
    - Interface fa0/0 - connected to HQ - IP 3.0.0.1/24
    - Interface fa1/0 - connected to Branch-1 - IP 5.0.0.1/24
    - Interface fa2/0 - connected to Branch-2 - IP 4.0.0.1/24
    - Interface lo7 - Loopback for testing - IP 7.0.0.1/32
    - Interface lo8 - Loopback for testing - IP 8.0.0.1/32


HQ
    - Interface fa0/0 - connected to Internet - IP 3.0.0.2/24
    - Interface lo1 - Loopback for testing - IP 1.0.0.1/32
    - Interface lo2 - Loopback for testing - IP 2.0.0.1/32
    - Default Gateway - 3.0.0.1

    DMVPN IP
        - 192.168.0.1/24


Branch-1
    - Interface fa0/0 - connected to Internet - IP 5.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 10.0.0.1/24
    - Default Gateway - 5.0.0.1

    203 Server on Branch 1 - LAN
        eth0 - 10.0.0.2/24
        Default Gateway - 10.0.0.1

    DMVPN IP
        - 192.168.0.2/24


Branch-2
    - Interface fa0/0 - connected to Internet - IP 4.0.0.2/24
    - Interface fa1/0 - connected to LAN - IP 172.16.0.1/24
    - Default Gateway - 4.0.0.1

    Kali Host on Branch-2
        eth0 - 172.16.0.2/24
        Default Gateway - 172.16.0.1

    DMVPN IP
        - 192.168.0.3/24

Key Chain Configuration

This key chain is configured on HQ, Branch-1 and Branch-2 routers. This will be used by EIGRP for authentication of neighbors. It helps to reduce the probability of anyone adding a router to the infrastructure and either learning or injecting routes or our routing process

Interface ConfigurationInternet

HQ

While every command here is important, I am only focusing on Tunnel 0

"no ip split-horizon eigrp 1"
- For EIGRP to work properly we need to disable split-horizon. Since this is the hub all EIGRP traffic which enters interface "tunnel 0" also will need to leave "tunnel 0". By default this is not permissible.
"ip authentication mode eigrp 1 md5"
- Telling EIGRP to used md5 hashing for authentication credentials

"ip authentication mode key-chain eigrp 1 SecurityNik"
- Use the key-chain with name SecurityNik

Branch-1