Index
Numbers
802.1w. See Rapid STP (Spanning Tree Protocol)
A
AAA servers, 176
ABR (Area Border Router), 467
access control lists
MAC address access lists, 904–906
verifying, 9
access lists, filtering with, 704–714
access list configuration, 712–713
outbound prefixes, filtering, 713–714
prefix-list and distribute-list configuration, 709–710
ACFC (Address and Control Field Compression), 179
ACLs. See access control lists
acquiring IPv6 addresses
DHCP client/server configuration, 746–751
DHCP prefix delegation, 755–763
modified EUI-64 addressing, 737–739
overview of, 737
SLAAC (stateless address auto-configuration), 743–746
Address and Control Field Compression (ACFC), 179
addresses (IP), 36
acquiring
DHCP client/server configuration, 746–751
DHCP prefix delegation, 755–763
modified EUI-64 addressing, 737–739
overview of, 737
SLAAC (stateless address auto-configuration), 743–746
MAC address access lists, 904–906
match destination and source address MAC
overview of, 885
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
address-family command, 312
adjacency
OSPF (Open Shortest Path First), 391–397
advertising
conditional label advertising, 1058–1064
networks, 381
OSPF summarization and, 468–469, 472–475
R1 and R4 connections and loopback interfaces, 385–387
R4, R5, and R6 connections, 381–385
static default routes, 388–389
of prefixes originating in own AS, preventing, 721–723
af-interface default command, 324
always keyword, 824
announcements (RP), filtering, 1004–1005
application-specific integrated circuits (ASICs), 839
area 2 nssa command, 534
Area Border Router (ABR), 467
ARP table, showing, 9
AS-path attribute (BGP), 679–686
ASBR (Autonomous System Boundary Router), 467
ASICs (application-specific integrated circuits), 839
attributes
Cluster-ID, 642
multi-exit discriminator, 695–703
Originator-ID, 642
Authenticate-Request message, 177
authentication
CHAP (Challenge-Handshake Authentication Protocol)
one-way authentication, 198–201
R4, configuring to authenticate R3, 202–207
two-way authentication, 201–202
EAP (Extensible Authentication Protocol), 175–176, 216–218
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP AS 100 configuration, 360–361
HMAC-SHA-256, 362–363, 833–834
topology, 359
MS-CHAP (Microsoft CHAP), 175–176, 215–218
OSPF (Open Shortest Path First), 431
plaintext authentication, 433–439
router interfaces in Area 0, 431–433
PAP (Password Authentication Protocol)
one-way authentication, 190–192
two-way authentication, 192–194
PPP (Point-to-Point Protocol), 175–177
Authentication Phase (PPP), 175–177
autoconfiguration (LDP), enabling, 1068–1071
Autonomous System Boundary Router (ASBR), 467
autonomous-system command, 1108
Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0 configuration, 994
PIM sparse-dense-mode configuration, 994–997
primary and backup RP configuration, 997–1003
RP announcements, filtering on R6, 1004–1005
B
IP address, removing from F0/0 interfaces, 658
loopback1 interfaces, advertising, 653
peer session configuration, 650–651
policies for R1 configuration, 659–667
R1, R2, and R3 configuration, 651
RIPv2 and EIGRP 100 configuration, 651–652
backdoor links and OSPF, 1123
CE (customer edge) router configuration, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
OSPF configuration on core MPLS routers, 1123–1128
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
backup RP (rendezvous point) configuration, 997–1003, 1017–1022
bandwidth usage, configuring (EIGRP), 324–325, 830
bandwidth-percent command, 324
bba-group, 207
BGP (Border Gateway Protocol), 635
conditional advertisement and BGP backdoor, 650–667
backdoor configuration, 654–658
IP address, removing from F0/0 interfaces, 658
loopback1 interfaces, advertising, 653
peer session configuration, 650–651
policies for R1 configuration, 659–667
R1, R2, and R3 configuration, 651
RIPv2 and EIGRP 100 configuration, 651–652
filtering with access lists and prefix lists, 704–714
access list configuration, 712–713
outbound prefixes, filtering, 713–714
prefix-list and distribute-list configuration, 709–710
multi-exit discriminator attribute, 695–703
neighbor adjacencies, establishing, 635–641
advertising of prefixes originating in own AS, preventing, 721–723
prefixes from directly connected neighbors, blocking, 725–726
prefixes originating in AS 200, blocking, 723–725
prefixes originating in AS 300, blocking, 727–728
prefixes originating in AS 300, filtering, 717–719
prefixes with AS 300 in path list, filtering, 719–721
prefixes with prepended AS numbers, blocking, 728–731
binary conversion, 279
Bootstrap Router. See BSR (Bootstrap Router)
boundary ports (MST), 94
BPDU (bridge protocol data unit)
filtering
F0/21 interface configuration, 139–142
router and switch configuration, 136–139
bridge-group 1 command, 132
Broad Band Aggregation, 207
broadcast keyword, 225
broadcast networks (OSPF), 397–410
BSR (Bootstrap Router), 1013
Lo0 interface of R1, 1022–1023
OSPF Area 0 configuration, 1013–1014
PIM sparse mode configuration, 1014–1017
primary and backup RP configuration, 1017–1022
C
candidate RPs (rendezvous points), 997–998
Candidate-BSRs, 1019
CCP (Compression Control Protocol), 180
CDP (Cisco Discovery Protocol), 11
CE (customer edge) routers
OSPF (Open Shortest Path First), 1136–1141
CEF (Cisco Express Forwarding), 899
Challenge packet (CHAP), 199
Challenge-Handshake Authentication Protocol. See CHAP (Challenge-Handshake Authentication Protocol)
CHAP (Challenge-Handshake Authentication Protocol), 198–200
one-way authentication, 198–201
R4, configuring to authenticate R3, 202–207
two-way authentication, 201–202
Cisco Discovery Protocol. See CDP (Cisco Discovery Protocol)
Cisco Lab Builder, 5
Class A networks
filtering through IP prefix lists, 269–272
identifying, 271
Class B networks
filtering through IP prefix lists, 272–275
identifying, 274
Class C networks
filtering through IP prefix lists, 275–278
identifying, 276
class of service. See COS (class of service)
class-based policing, 898
F0/0 interface on R2, configuring, 903–904
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
S1/2 interface on R1, configuring, 899–902
clear ip route command, 608, 616
Cluster-ID attribute, 642
Code-Reject message, 175
address-family, 312
af-interface default, 324
area 2 nssa, 534
autonomous-system, 1108
bandwidth-percent, 324
bridge-group 1, 132
crypto ipsec transform-set, 921
debug ip ospf lsa-generation, 631
debug ip pim auto-rp, 999
debug ip rip, 631
debug nhrp cache, 248
debug nhrp packet, 248
debug ppp authentication, 190, 194, 200, 202
debug ppp negotiation, 183
discard-route external 255, 585
distance, 581
distribute-list OUT, 494
distribute-list prefix-list, 836
eigrp stub receive-only, 377–378
eigrp stub redistributed, 376–377
eigrp stub summary, 375
frame-relay map, 225
igmp immediate-leave group-list 1, 969
igmp join-group, 969
import, 1092
interface-configuration, 568
ip address negotiated, 187
ip igmp limit, 973
ip igmp querier-timeout, 962
ip igmp query-interval, 962, 974
ip igmp query-max-response-time, 962, 976
ip igmp static-group, 963
ip local pool, 212
ip multicast boundary, 1004
ip nhrp map, 248
ip nhrp network-id, 265
ip nhrp shortcut, 255, 266, 310
ip ospf demand-circuit, 816
ip ospf network point-to-point, 770
ip pim send-rp-announce, 999
ip routing, 221, 230, 238, 245, 253
ip summary-address eigrp 100 0.0.0.0 0.0.0.0, 304
IP vrf, 1091
ipv6 address, 759
ipv6 address autoconfig default, 748, 750
ipv6 address dhcp, 750
ipv6 bandwidth-percent eigrp, 830
ipv6 dhcp client pd, 758
ipv6 enable, 748
ipv6 nd managed-config-flag, 747
ipv6 nd other-config-flag, 747
ipv6 nd prefix default no-advertise, 751
ipv6 router ospf, 765
leak-map, 355
match ip route-source, 598
match source-address mac, 904
metric rib-scale, 340
mls qos, 853
mls qos cos override, 846, 847
mls qos trust dscp, 854
mpls ip, 1033
mpls label protocol, 1033
mpls label protocol ldp, 1033
mpls label range 16 1048575, 1048
mpls ldp advertise-labels, 1058
mpls ldp router-id, 1033
no auto-summary, 312
no discard-route internal, 585
no mpls ip propagate-ttl local, 1066
no peer neighbor-route, 185
peer default ip address 23.1.1.3 interface, 187
peer default ip address pool, 212
ppp authentication chap, 198, 203
ppp authentication pap, 190
ppp chap password, 177
ppp pap sent-username, 191
redistribute connected, 570, 579
route-map tst permit 90, 570
router ospf, 765
router ospfv3, 765
Rx(config)#ip multicast-routing, 959
sh mac address-table dynamic vlan 21, 48
sh mac-address-table, 41
sh spanning-tree, 37
sh spanning-tree vlan 12 interface f0/19 detail, 44
sh version | inc Base, 37
show cdp neighbors, 20
show ip bgp peer-group TST, 641
show ip eigrp topology 8.8.8.0/24, 341
show ip route | include 3.3.3.0, 629
show ipv6 ospf database, 795
show ipv6 route, 750
show ppp all, 193
show ppp interface, 195
spanning-tree portfast, 75
summary-address, 783
summary-prefix, 783
traceroute 3.3.3.3, 263
username R4 password Cisco, 203
VRF definition, 1091
community attribute (BGP), 667–679
composite metrics, filtering, 602–604
Compression Control Protocol (CCP), 180
conditional advertisement, 650–667
backdoor configuration, 654–658
IP address, removing from F0/0 interfaces, 658
loopback1 interfaces, advertising, 653
peer session configuration, 650–651
policies for R1 configuration, 659–667
R1, R2, and R3 configuration, 651
RIPv2 and EIGRP 100 configuration, 651–652
conditional label advertising, 1058–1064
CONFACK (Configure-Ack) message, 172–175
configuration
advertising networks, 381
R1 and R4 connections and loopback interfaces, 385–387
R4, R5, and R6 connections, 381–385
static default routes, 388–389
authentication
MD5, 361
topology, 359
backdoor links and OSPF, 1123
CE (customer edge) router, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
OSPF configuration on core MPLS routers, 1123–1128
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
BGP
conditional advertisement and BGP backdoor, 650–667
filtering with access lists and prefix lists, 704–714
multi-exit discriminator attribute, 695–703
BPDU filtering
router and switch configuration, 136–139
BSR, 1013
Lo0 interface of R1, 1022–1023
primary and backup RPs, 1017–1022
class-based policing
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
overview of, 898
COS-DSCP mapping
F0/1 interface on R2, 866
F0/1 interface on SW1, 866
default route injection, 363–368
DMVPN Phase 1
DMVPN Phase 2
DMVPN Phase 3
hub and spoke configuration, 255–266
interface and router configuration, 253–255
DMVPN tunnel protection, 946
F0/0 and loopback0 interfaces of R1, R2, and R3, 947–948
hub and spoke configuration, 948–952
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
DSCP-Mutation
DSCP rewrites, enabling, 857–860
mls qos, enabling on SW2, 853–854
MQC on R1, configuring to mark egress traffic with DSCP value of 1, 851–852
overview of, 851
dynamic RP learning and Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0, 994
PIM sparse-dense-mode, 994–997
primary and backup RPs, 997–1003
RP announcements, filtering on R6, 1004–1005
EIGRP basic configuration
configuring for future DMVPN spokes, 304–311
static default routes, 287–289
EIGRP metrics
FD set to Infinity, resolving, 343–348
mutual redistribution between RIPv2 and EIGRP, 335–337
topology, 333
EIGRP named mode, 311
bandwidth usage, configuring, 324–325
fixed metric for the EIGRP summary route, 327–328
number of received prefixes, limiting, 329–333
policy for configuring, 311–315
EIGRP routing in VPN, 1107–1113
EIGRP stub
eigrp stub connected option, 373–374
eigrp stub receive-only option, 377–378
eigrp stub redistributed option, 376–377
eigrp stub static option, 375–376
eigrp stub summary option, 375
summarization, 370
topology, 368
EIGRP summarization
loopback interfaces for R1, 349–350
loopback interfaces for R2, 350
loopback interfaces for R3, 351
loopback interfaces for R4, 351–353
topology, 349
EIGRPv6
bandwidth usage, 830
external routes, filtering, 834–837
Hello interval and Hold timer, 825–826
HMAC-SHA-256 authentication, 833–834
loopback1 interface on R1, 830–831
loopback1 interface on R2, 826–829
on R1, R2, R3, and R4, 821–824
redistributing OSPFv3 into, 824–825
hostnames, 20
IGMP, 959
F0/0 and F0/1 interface configuration on R1 and R2, 959–962
F0/0 interface configuration on R3 and R4, 963
F0/1 interface configuration on R5 and R6, 964
G0/1 interface on R7, 965
hosts connected to F0/1 on R1, restricting, 965–967
hosts connected to F0/1 on R2, stopping multicast traffic with, 967–969
mroute states, limiting, 971–974
query max response time, 976–977
query messages, sending, 969–971
querying router and the query interval, 974–976
input-interface and match NOT
f0/0 interface on R4, configuring, 873–876
overview of, 873
s1/1 interface on R2, configuring, 877–881
IP prefix lists, 267
allowing only unsubnetted Class B networks, 272–275
allowing only unsubnetted Class C networks, 275–278
allowing unsubnetted Class A networks, plus Class B and C networks, 269–272
configuring loopback interfaces, 277–278, 285
denying certain prefixes, 278–281
filtering existing and future host routes, 286
filtering networks with certain prefix lengths, 283–285
injecting default route in EIGRP routing domain, 281–283
IP-precedence-DSCP mapping, 870–873
IPv6 addresses
DHCP server configuration, 746–751
SLAAC (stateless address auto-configuration), 743–746
LDP, 1026
conditional label advertising, 1058–1064
control plane for the 7.7.7.0/24 prefix, 1051–1057
LDP autoconfiguration, enabling, 1068–1071
LDP router ID (RID), 1033
Loopback1 interface of R1, 1044–1048
LSRs (label switch routers), 1033–1037
MLPS structure, hiding, 1065–1067
MPLS forwarding, 1034
serial connection between R3 and R5, 1072–1073
session keepalives, 1044
TTL propagation, testing, 1064–1065
LSA Type 4 and FA suppression, 539–548
LSAs in OSPFv3, 790
Intra-Area Prefix LSAs, 799–800
Network LSAs, 795
OSPF Area 0 on DMVPN network, 813–816
OSPF Area 0 on F0/1 and loopback0 interfaces of R1, R2, and R4, 790–793
OSPF Area 13 on S1/3 and loopback13 interfaces of R3, 800–809
match destination and source address MAC
overview of, 881
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
match IP DSCP/Precedence vs. match DSCP, 885–893
match protocol HTTP URL, MIME, and Host, 893–898
MLS QoS
f0/1 interface on SW1, configuring to mark ingress traffic with COS marking of 2, 844–850
mls qos, enabling on SW1, 842–844
overview of, 840
R1, configuring to send all traffic with COS marking of 1, 840–842
boundary ports, 94
configuring with policies, 99–106
edge ports, 94
IST (Internal Spanning Tree), 95
MSTP (Multiple Instance Spanning Tree Protocol), 96
port configuration, 96
regions, 94
switch hostname configuration, 96
trunking mode, 97
OSPF authentication, 431
plaintext authentication, 433–439
router interfaces in Area 0, 431–433
OSPF broadcast networks, 397–410
OSPF filtering, 476
loopback interface advertisement, 501–502
loopback interface redistribution, 493
loopback interfaces of R1 and R2, 481–482
LSA flooding, preventing, 502–504
network filtering in Area 0, 486–488
network filtering in Area 0 and Area 2, 488–490
network filtering in Area 2, 484–486
network filtering on all routers except R1, 490–493
network filtering on all routers except R5, 494–495
network filtering on R1’s routing table, 496
network filtering on R2, 482–483
R1 and R2’s directly connected interfaces, 476–478
serial connection between R3 and R4, 478–479
serial connection between R4 and R5, 480–481
OSPF non-broadcast networks, 411–421
OSPF point-to-multipoint networks, 425–430
OSPF point-to-point networks, 421–424
OSPF routing in VPN, 1113–1122
OSPF stub, totally stubby, and NSSA areas, 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
stub area configuration, 523–526
totally stubby area configuration, 526–528
OSPF suboptimal paths, 549–555
OSPF summarization
advertising networks, 468–469, 472–475
external route summarization, 467–468
network summarization, 470
R4 configuration, 463
physical-to-logical topology
hostname configuration, 20
port shutdown, 20
PPP
IP address assignment, 187–190
loopback0 interface, pinging, 186–187
MLPPP (Multilink PPP), 216–218
MPPE protocol and MS-CHAP authentication, 215–218
one-way CHAP authentication, 198–201
one-way PAP authentication, 190–192
PPPoE (PPP over Ethernet), 207–212
R1 and R2 serial interfaces, 215–218
R4, configuring to authenticate R3, 202–207
two-way CHAP authentication, 201–202
two-way PAP authentication, 192–194
Rapid STP
operational enhancements of, 74
overview of, 73
port roles, 74
port states, 74
rapid convergence mechanisms, 75, 78–80
rapid convergence process, demonstrating, 80–83
SW2, enabling for RSTP mode, 89–92
redistribution (basic)
composite metrics, filtering, 602–604
eigrp 100 redistribution into ospf 1, 592–593
EIGRP AS 100, 578–580, 589–590
link between R1 and R3, 567–569
loopback interfaces on R2, 583
loopback interfaces on R2/R3, 575–578
loopback interfaces on R3, 569
network 4.4.4.0 /24, filtering on R2, 596–597
ospf 1 and eigrp 100 redistribution into ospf 36, 599–602
ospf 1 redistribution into eigrp 100, 595–596
overview of, 567
RIP redistribution into EIGRP, 580–583
RIPv2 redistribution into OSPF, 584–586
routes originated by R4, filtering with R5, 597–599
routes tag of 111, configuring R4 to filter, 593–594, 595
RFC 3101 and RFC 1587, 556–566
RIPv2 and EIGRP redistribution
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
EIGRP AS 100 configuration, 607–608
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
loopback0 interface, 607
mutual redistribution between RIPv2 and EIGRP, 608–614
RIPv2 configuration on R2, R3, and R4, 605–606
mutual redistribution on R1, 629–634
OSPF area 0 configuration on f0/0 interface, 626
RIPv2 configuration on R1, R2, and R3, 626–627
update, invalidation, and flush timer values, 628–629
RIPv2 routing in VPN, 1078
configuration between R1 and PE-2, 1096–1107
configuration between R7 and PE-6, 1096–1107
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
OSPF configuration on core MPLS routers, 1081–1083
RDs (route distinguishers), 1091–1095
RTs (route targets), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095
site-to-site IPSec VPN, 911
GRE/IP with Transport mode, 940–942
GRE/IPSec with Tunnel mode, 937–940
IKE Phase 1 message 1, 917
IKE Phase 1 message 2, 918–919
IKE Phase 1 message 3, 919
IKE Phase 1 message 4, 919–920
IKE Phase 1 message 5, 920
IKE Phase 1 message 6, 920–921
IKE Phase 2 message 1, 921–925
ISAKMP, 912
non-scalable configuration, 930–937
policy guidelines, 912
Spanning Tree Backbone Fast, 148–154
Spanning Tree Loop Guard, 162–167
Spanning Tree Portfast, 106–115
Spanning Tree Root Guard, 154–162
static RP, 977
R2 and R3 configuration, 986–991
STP
designated ports, moving, 43–45
overview of, 50
spanning-tree cost on port in VLAN 12, raising, 41–42
spanning-tree port ID, raising, 48–49
VLAN 100, 200, 300, and 400 creation, 55–56
summarization of internal/external networks
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
virtual links and GRE tunnels
GRE tunnel configuration, 513–516
virtual link configuration, 509–513
VLANs, 12
Configure-Ack (CONFACK) message, 172–175
Configure-Nak (CONFNAK) message, 173–175
Configure-Reject (CONFREJ) message, 174–175
Configure-Request (CONFREQ) message, 172–175
CONFNAK (Configure-Nak) message, 173–175
CONFREJ (Configure-Reject) message, 174–175
CONFREQ (Configure-Request) message, 172–175
contiguous identical bits, 279–280
control plane, 171
LCP (Link Control Protocol), 171–175
NCPs (Network Control Protocols), 177–179
COS (class of service)
COS-DSCP mapping
R2 F0/1 interface, configuring, 866
SW1 F0/1 interface, configuring, 866
SW2 F0/19 interface, configuring, 866–869
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
CRC (cyclic redundancy check), 171
crypto ipsec transform-set command, 921
customer edge (CE) routers
OSPF (Open Shortest Path First), 1136–1141
cyclic redundancy check (CRC), 171
D
DAD (Duplicate Address Protection), 748
databases
filtering. See filtering
debug ip igmp command, 968, 973–974
debug ip ospf lsa-generation command, 631
debug ip pim auto-rp command, 999
debug ip rip command, 631
debug ip route command, 574–575
debug ip routing command, 578, 631
debug ipv6 dhcp command, 748, 754
debug nhrp cache command, 248
debug nhrp packet command, 248
debug output (RSTP)
rapid convergence mechanisms, 78–80
rapid convergence process, demonstrating, 80–83
debug ppp authentication command, 190, 194, 200, 202
debug ppp negotiation command, 183
DEFAULT distribute list, 284–285
default route injection
DMVPN Phase 1 using static mapping, 220–239
OSPF (Open Shortest Path First), 533–536
overview of, 363
default-metric command, 604, 626
delay (DLY), 338
dense mode (PIM), 959–962, 994–997
denying. See filtering
designated ports, moving, 43–45
destination keyword, 752
DH (Diffie-Hellman) groups, 912
DHCP (Dynamic Host Configuration Protocol)
server configuration, 212–215, 746–751
Differential Service Code Point. See DSCP (Differential Service Code Point)
Diffie-Hellman (DH) groups, 912
disabling
debug command, 575
Spanning Tree Portfast, 114–115
discard routes, 471–472, 786–789
discard-route external 255 command, 585
discovery, neighbor, 739–743, 1037–1042
Discovery stage (PPPoE), 181–182
distance command, 581
distribute-list OUT command, 494
distribute-list prefix-list command, 836
DLY (delay), 338
DMVPNs (dynamic multipoint virtual private networks)
configuring for EIGRP
DMVPN Phase 1 using dynamic mapping
hub and spoke configuration, 232–236
interface and router configuration, 229–232
overview of, 229
DMVPN Phase 1 using static mapping
hub and spoke configuration, 223–229
interface and router configuration, 220–239
NHRP (Next-Hop Resolution Protocol), 223
overview of, 219
DMVPN Phase 2 using dynamic mapping
hub and spoke configuration, 247–251
interface and router configuration, 245–247
overview of, 244
DMVPN Phase 2 using static mapping
hub and spoke configuration, 240–244
interface and router configuration, 237–240
DMVPN Phase 3
hub and spoke configuration, 255–266
interface and router configuration, 253–255
overview of, 219
tunnels, protecting, 946
F0/0 and loopback0 interfaces of R1, R2, and R3, 947–948
hub and spoke configuration, 948–952
DSCP (Differential Service Code Point)
class-based policing
F0/0 interface on R2, configuring, 903–904
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
overview of, 898
S1/2 interface on R1, configuring, 899–902
COS-DSCP mapping
F0/1 interface on R2, configuring, 866
F0/1 interface on SW1, configuring, 866
F0/19 interface SW2, configuring, 866–869
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
DSCP-Mutation
DSCP rewrites, enabling, 857–860
DSCP-mutation map configuration, 855–857
mls qos, enabling on SW2, 853–854
mls qos trust dscp configuration, 854–855
MQC on R1, configuring to mark egress traffic with DSCP value of 1, 851–852
overview of, 851
IP-precedence-DSCP mapping, 870–873
match IP DSCP/Precedence vs. match DSCP, 885–893
duplicate address protection, 740–741, 744
Duplicate Address Protection (DAD), 748
Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)
dynamic mapping, DMVPN Phase 1 using
hub and spoke configuration, 232–236
interface and router configuration, 229–232
overview of, 229
dynamic multipoint virtual private networks. See DMVPNs (dynamic multipoint virtual private networks)
dynamic RP learning and Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0 configuration, 994
PIM sparse-dense-mode configuration, 994–997
primary and backup RP configuration, 997–1003
RP announcements, filtering on R6, 1004–1005
E
EAP (Extensible Authentication Protocol)
Echo-Reply message, 175
Echo-Request message, 175
EIGRP (Enhanced Interior Gateway Routing Protocol)
authentication
EIGRP AS 100 configuration, 360–361
MD5, 361
topology, 359
basic configuration
configuring for future DMVPN spokes, 304–311
static default routes, 287–289
default route injection
overview of, 363
EIGRP AS 100 configuration, 578–580, 589–590
EIGRPv6
bandwidth usage, configuring, 830
configuration on R1, R2, R3, and R4, 821–824
EIGRPv6 AS 100 configuration, 819–820
external routes, filtering, 834–837
Hello interval and Hold timer, 825–826
HMAC-SHA-256 authentication, 833–834
loopback1 interface on R1, 830–831
loopback1 interface on R2, 826–829
redistributing OSPFv3 into, 824–825
metrics, 604
classic mode configuration, 337–338
EIGRP AS 100 configuration, 334–335
FD set to Infinity, resolving, 343–348
mutual redistribution between RIPv2 and EIGRP, 335–337
named mode configuration, 338–341
topology, 333
named mode
bandwidth usage, configuring, 324–325
EIGRP 200 configuration, 318–319
EIGRP AS 100 configuration, 316–317
fixed metric for the EIGRP summary route, 327–328
number of received prefixes, limiting, 329–333
overview of, 311
policy for configuring, 311–315
unicast configuration, 317–318
redistribution
eigrp 100 redistribution into ospf 1, 592–593
network 4.4.4.0 /24, filtering on R2, 596–597
ospf 1 and eigrp 100 redistribution into ospf 36, 599–602
ospf 1 redistribution into eigrp 100, 595–596
RIP redistribution into EIGRP, 580–583
routes originated by R4, filtering with R5, 597–599
RIPv2 and EIGRP redistribution
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
EIGRP AS 100 configuration, 607–608
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
loopback0 interface, 607
mutual redistribution between RIPv2 and EIGRP, 608–614
routing domain, injecting default route into, 281–283
stub
EIGRP AS 100 configuration, 368–370
eigrp stub connected option, 373–374
eigrp stub receive-only option, 377–378
eigrp stub redistributed option, 376–377
eigrp stub static option, 375–376
eigrp stub summary option, 375
summarization, 370
topology, 368
summarization
loopback interfaces for R1, 349–350
loopback interfaces for R2, 350
loopback interfaces for R3, 351
loopback interfaces for R4, 351–353
topology, 349
eigrp stub connected command, 373–374
eigrp stub receive-only command, 377–378
eigrp stub redistributed command, 376–377
eigrp stub static command, 375–376
eigrp stub summary command, 375
enabling. See configuration
encryption, MPPE (Microsoft Point-to-Point Encryption), 215–218
Enhanced Interior Gateway Routing Protocol. See EIGRP (Enhanced Interior Gateway Routing Protocol)
establishing PPP (Point-to-Point Protocol) sessions
Link Establishment Phase, 171–175
Network Layer Protocol Phase, 177–179
Ethernet, PPP over. See PPPoE (PPP over Ethernet)
expressions, regular. See regular expressions
Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)
external network summarization
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
external routes
summarization, 467–468, 782–786
F
FA (forward address), suppressing, 539–548
FD set to Infinity, resolving, 343–348
FEC (forwarding equivalence class), 1025
filtering
with access lists and prefix lists, 704–714
F0/21 interface configuration, 139–142
router and switch configuration, 136–139
with IP prefix lists, 267
allowing only unsubnetted Class B networks, 272–275
allowing only unsubnetted Class C networks, 275–278
allowing unsubnetted Class A networks, plus Class B and C networks, 269–272
denying certain prefixes, 278–281
filtering existing and future host routes, 286
filtering networks with certain prefix lengths, 283–285
injecting default route in EIGRP routing domain, 281–283
loopback interfaces, 277–278, 285
network 4.4.4.0 /24 on R2, 596–597
OSPF (Open Shortest Path First), 476
loopback interface advertisement, 501–502
loopback interface redistribution, 493
loopback interfaces of R1 and R2, 481–482
LSA flooding, preventing, 502–504
network filtering in Area 0, 486–488
network filtering in Area 0 and Area 2, 488–490
network filtering in Area 2, 484–486
network filtering on all routers except R1, 490–493
network filtering on all routers except R5, 494–495
network filtering on R1’s routing table, 496
network filtering on R2, 482–483
R1 and R2’s directly connected interfaces, 476–478
serial connection between R3 and R4, 478–479
serial connection between R4 and R5, 480–481
prefixes
advertising of prefixes originating in own AS, 721–723
prefixes from directly connected neighbors, 725–726
prefixes originating in AS 200, 723–725
prefixes originating in AS 300, 717–719, 727–728
prefixes with AS 300 in path list, 719–721
prefixes with prepended AS numbers, 728–731
forward address (FA), suppressing, 539–548
forwarding equivalence class (FEC), 1025
Forwarding Information Base, 306
forwarding loops (BPDU), 142–146
frame-relay map command, 225
FSC field (PPP), 171
future host routes, denying, 286
G
GDOI (group domain of interpretation), 914
Generic Routing Encapsulation (GRE), 223
Global IGMP State Limiter, 971
GRE (Generic Routing Encapsulation)
GRE/IPSec
overview of, 223
tunnels
group domain of interpretation (GDOI), 914
H
Hashed Message Authentication Code-Secure Hash Algorithm-256, 362–363
hashing, 176
HDLC (High-Level Data Link Control), 169–170
Hello interval
EIGRP (Enhanced Interior Gateway Routing Protocol), 323–324, 825–826
LDP (Label Distribution Protocol) configuration, 1042–1044
hiding MLPS structure, 1065–1067
High-Level Data Link Control (HDLC), 169–170
HMAC-SHA-256 authentication, 362–363, 833–834
Hold timer, 825–826, 1042–1044
hop count (SIT), 95
host routes, denying, 286
hostnames
configuration, 20
hosts
auto-configuration, 740
match protocol HTTP URL, MIME, and Host, 893–898
hubs (DMVPN)
DMVPN Phase 1
DMVPN Phase 2
I
icmp rate-limit parameter, 616
IGMP (Internet Group Management Protocol), 959
F0/0 and F0/1 interface configuration on R1 and R2, 959–962
F0/0 interface configuration on R3 and R4, 963
F0/1 interface configuration on R5 and R6, 964
G0/1 interface on R7, 965
hosts connected to F0/1 on R1, restricting, 965–967
hosts connected to F0/1 on R2, stopping multicast traffic with, 967–969
mroute states, limiting, 971–974
query max response time, 976–977
query messages, sending, 969–971
querying router and the query interval, 974–976
igmp immediate-leave group-list 1 command, 969
igmp join-group command, 969
IKE (Internet Key Exchange), 911
Phase 1
message 3, 919
message 5, 920
import command, 1092
include-connected keyword, 825
Information field (PPP), 171
interface configuration, verifying, 9–10
interface-configuration command, 568
interfaces. See also loopback interfaces
DMVPNs (dynamic multipoint virtual private networks)
DMVPN Phase 1 using dynamic mapping, 229–232
DMVPN Phase 1 using static mapping, 220–239
DMVPN Phase 2 using dynamic mapping, 245–247
DMVPN Phase 2 using static mapping, 237–240
PPP (Point-to-Point Protocol)
DHCP server configuration, 212–215
IP address assignment, 187–190
MLPPP (Multilink PPP), 216–218
MPPE protocol and MS-CHAP authentication, 215–218
one-way CHAP authentication, 198–201
one-way PAP authentication, 190–192
PPPoE (PPP over Ethernet), 207–212
R1 and R2 serial interface configuration, 215–218
R4, configuring to authenticate R3, 202–207
two-way CHAP authentication, 201–202
two-way PAP authentication, 192–194
trunk interfaces, verifying, 12–13
Virtual-Template, 207
internal network summarization
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
Internal Spanning Tree (IST), 95
Internet Group Management. See IGMP (Internet Group Management Protocol)
Internet Key Exchange. See IKE (Internet Key Exchange)
Internet Security Association and Key Management Protocol (ISAKMP), 911, 912
intervals
Hello interval
EIGRP (Enhanced Interior Gateway Routing Protocol), 323–324, 825–826
LDP (Label Distribution Protocol) configuration, 1042–1044
query interval (IGMP), 974–976
Intra-Area Prefix LSAs, 799–800
ip address negotiated command, 187
IP CEF, 899
IP DSCP/Precedence, 881
ip helper-address command, 212, 752
ip igmp join-group command, 963, 968
ip igmp limit command, 973
ip igmp querier-timeout command, 962
ip igmp query-interval command, 962, 974
ip igmp query-max-response-time command, 962, 976
ip igmp static-group command, 963
ip local pool command, 212
ip multicast boundary command, 1004
ip nhrp map command, 248
ip nhrp network-id command, 265
ip nhrp redirect command, 255, 266
ip nhrp shortcut command, 255, 266, 310
ip ospf demand-circuit command, 816
ip ospf network point-to-point command, 770
ip pim send-rp-announce command, 999
IP prefix list configuration, 267
allowing only unsubnetted Class B networks, 272–275
allowing only unsubnetted Class C networks, 275–278
allowing unsubnetted Class A networks, plus Class B and C networks, 269–272
configuring loopback interfaces, 277–278, 285
denying certain prefixes, 278–281
filtering existing and future host routes, 286
filtering networks with certain prefix lengths, 283–285
injecting default route in EIGRP routing domain, 281–283
ip routing command, 221, 230, 238, 245, 253
ip summary-address command, 257, 262
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 command, 304
IP vrf command, 1091
IP-precedence-DSCP mapping, 870–873
IPSec VPN
basic site-to-site IPSec VPN, 911
GRE/IP with Transport mode, 940–942
GRE/IPSec with Tunnel mode, 937–940
IKE Phase 1 message 1, 917
IKE Phase 1 message 2, 918–919
IKE Phase 1 message 3, 919
IKE Phase 1 message 4, 919–920
IKE Phase 1 message 5, 920
IKE Phase 1 message 6, 920–921
IKE Phase 2 message 1, 921–925
ISAKMP, 912
non-scalable configuration, 930–937
policy guidelines, 912
DMVPN tunnels, protecting, 946
F0/0 and loopback0 interfaces of R1, R2, and R3, 947–948
hub and spoke configuration, 948–952
overview of, 911
IPv4 addresses, 36
IPv6
addresses, acquiring
DHCP client/server configuration, 746–751
DHCP prefix delegation, 755–763
modified EUI-64 addressing, 737–739
overview of, 737
SLAAC (stateless address auto-configuration), 743–746
EIGRPv6
bandwidth usage, configuring, 830
configuration on R1, R2, R3, and R4, 821–824
EIGRPv6 AS 100 configuration, 819–820
external routes, filtering, 834–837
Hello interval and Hold timer, 825–826
HMAC-SHA-256 authentication, 833–834
loopback1 interface on R1, 830–831
loopback1 interface on R2, 826–829
OSPFv3 Area 0 configuration, 818–819
redistributing OSPFv3 into, 824–825
LSAs in OSPFv3, 790
Intra-Area Prefix LSAs, 799–800
Network LSAs, 795
OSPF Area 0 on DMVPN network, 813–816
OSPF Area 0 on F0/1 and loopback0 interfaces of R1, R2, and R4, 790–793
OSPF Area 13 on S1/3 and loopback13 interfaces of R3, 800–809
summarization of internal/external networks
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
ipv6 address autoconfig default command, 748, 750
ipv6 address command, 759
ipv6 address dhcp command, 750
ipv6 bandwidth-percent eigrp command, 830
ipv6 dhcp client pd command, 758
ipv6 enable command, 748
ipv6 nd managed-config-flag command, 747
ipv6 nd other-config-flag command, 747
ipv6 nd prefix default no-advertise command, 751
ipv6 router ospf command, 765
ISAKMP (Internet Security Association and Key Management Protocol), 911, 912
IST (Internal Spanning Tree), 95
J-K-L
Lab Builder, 5
Label Forwarding Information Base (LFIB), 1073
Label Information Base (LIB), 1073
label switch routers. See LSRs (label switch routers)
labels
advertising, 1105
assignment, 1105
conditional label advertising, 1058–1064
labs
advanced STP
overview of, 50
root bridge configuration, 56–59, 65–67
switch hostname configuration, 51–52
trunk port configuration, 52–54
VLAN 100, 200, 300, and 400 creation, 55–56
advertising networks, 381
R1 and R4 connections and loopback interfaces, 385–387
R4, R5, and R6 connections, 381–385
static default routes, 388–389
authentication
EIGRP AS 100 configuration, 360–361
MD5, 361
topology, 359
backdoor links and OSPF, 1123
CE (customer edge) router configuration, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
OSPF configuration on core MPLS routers, 1123–1128
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
basic redistribution 1
link between R1 and R3, 567–569
loopback interfaces on R2, 583
loopback interfaces on R2/R3, 575–578
loopback interfaces on R3, 569
overview of, 567
RIP redistribution into EIGRP, 580–583
RIPv2 redistribution into OSPF, 584–586
basic redistribution 2
composite metrics, filtering, 602–604
eigrp 100 redistribution into ospf 1, 592–593
network 4.4.4.0 /24, filtering on R2, 596–597
ospf 1 and eigrp 100 redistribution into ospf 36, 599–602
ospf 1 redistribution into eigrp 100, 595–596
overview of, 586
routes originated by R4, filtering with R5, 597–599
routes tag of 111, configuring R4 to filter, 593–594, 595
basic site-to-site IPSec VPN, 911
IKE Phase 1 message 1, 917
IKE Phase 1 message 2, 918–919
IKE Phase 1 message 3, 919
IKE Phase 1 message 4, 919–920
IKE Phase 1 message 5, 920
IKE Phase 1 message 6, 920–921
IKE Phase 2 message 1, 921–925
ISAKMP, 912
policy guidelines, 912
basic site-to-site IPSec VPN and NAT, 925–930
basic STP
designated ports, moving, 43–45
root primary macro configuration, 46–48
spanning-tree cost on port in VLAN 12, raising, 41–42
spanning-tree port ID, raising, 48–49
BGP (Border Gateway Protocol)
conditional advertisement and BGP backdoor, 650–667
filtering with access lists and prefix lists, 704–714
multi-exit discriminator attribute, 695–703
neighbor adjacencies, establishing, 635–641
BPDU filtering
F0/21 interface configuration, 139–142
router and switch configuration, 136–139
BSR (Bootstrap Router), 1013
Lo0 interface of R1, 1022–1023
OSPF Area 0 configuration, 1013–1014
PIM sparse mode configuration, 1014–1017
primary and backup RP configuration, 1017–1022
class-based policing
F0/0 interface on R2, configuring, 903–904
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
overview of, 898
S1/2 interface on R1, configuring, 899–902
COS-DSCP mapping
F0/1 interface on R2, configuring, 866
F0/1 interface on SW1, configuring, 866
F0/19 interface SW2, configuring, 866–869
default route injection
overview of, 363
DMVPN Phase 1 using dynamic mapping
hub and spoke configuration, 232–236
interface and router configuration, 229–232
overview of, 229
DMVPN Phase 1 using static mapping
hub and spoke configuration, 223–229
interface and router configuration, 220–239
NHRP (Next-Hop Resolution Protocol), 223–225
overview of, 219
DMVPN Phase 2 using dynamic mapping
hub and spoke configuration, 247–251
interface and router configuration, 245–247
overview of, 244
DMVPN Phase 2 using static mapping
hub and spoke configuration, 240–244
interface and router configuration, 237–240
DMVPN Phase 3
hub and spoke configuration, 255–266
interface and router configuration, 253–255
DMVPN tunnels, protecting, 946
F0/0 and loopback0 interfaces of R1, R2, and R3, 947–948
hub and spoke configuration, 948–952
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
DSCP-Mutation
DSCP rewrites, enabling, 857–860
DSCP-mutation map configuration, 855–857
mls qos, enabling on SW2, 853–854
mls qos trust dscp configuration, 854–855
MQC on R1, configuring to mark egress traffic with DSCP value of 1, 851–852
overview of, 851
dynamic RP learning and Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0 configuration, 994
PIM sparse-dense-mode configuration, 994–997
primary and backup RP configuration, 997–1003
RP announcements, filtering on R6, 1004–1005
EIGRP basic configuration
configuring for future DMVPN spokes, 304–311
static default routes, 287–289
EIGRP metrics
classic mode configuration, 337–338
EIGRP AS 100 configuration, 334–335
FD set to Infinity, resolving, 343–348
mutual redistribution between RIPv2 and EIGRP, 335–337
named mode configuration, 338–341
topology, 333
EIGRP named mode, 311
bandwidth usage, configuring, 324–325
EIGRP 200 configuration, 318–319
EIGRP AS 100 configuration, 316–317
fixed metric for the EIGRP summary route, 327–328
number of received prefixes, limiting, 329–333
policy for configuring, 311–315
unicast configuration, 317–318
EIGRP routing in VPN, 1107–1113
EIGRP stub
EIGRP AS 100 configuration, 368–370
eigrp stub connected option, 373–374
eigrp stub receive-only option, 377–378
eigrp stub redistributed option, 376–377
eigrp stub static option, 375–376
eigrp stub summary option, 375
summarization, 370
topology, 368
EIGRP summarization
loopback interfaces for R1, 349–350
loopback interfaces for R2, 350
loopback interfaces for R3, 351
loopback interfaces for R4, 351–353
topology, 349
EIGRPv6
bandwidth usage, configuring, 830
configuration on R1, R2, R3, and R4, 821–824
EIGRPv6 AS 100 configuration, 819–820
external routes, filtering, 834–837
Hello interval and Hold timer, 825–826
HMAC-SHA-256 authentication, 833–834
loopback1 interface on R1, 830–831
loopback1 interface on R2, 826–829
OSPFv3 Area 0 configuration, 818–819
redistributing OSPFv3 into, 824–825
GRE/IPSec Tunnel mode, Transport mode, and S-VTI
GRE/IP with Transport mode, 940–942
GRE/IPSec with Tunnel mode configuration, 937–940
non-scalable configuration, 930–937
How Is This Possible?536–538
IGMP (Internet Group Management Protocol), 959
F0/0 and F0/1 interface configuration on R1 and R2, 959–962
F0/0 interface configuration on R3 and R4, 963
F0/1 interface configuration on R5 and R6, 964
G0/1 interface on R7, 965
hosts connected to F0/1 on R1, restricting, 965–967
hosts connected to F0/1 on R2, stopping multicast traffic with, 967–969
mroute states, limiting, 971–974
query max response time, 976–977
query messages, sending, 969–971
querying router and the query interval, 974–976
input-interface and match NOT
f0/0 interface on R4, configuring, 873–876
overview of, 873
s1/1 interface on R2, configuring, 877–881
IP-precedence-DSCP mapping, 870–873
IPv6 addresses, acquiring
DHCP client/server configuration, 746–751
DHCP prefix delegation, 755–763
modified EUI-64 addressing, 737–739
overview of, 737
SLAAC (stateless address auto-configuration), 743–746
LDP (Label Distribution Protocol)
conditional label advertising, 1058–1064
control plane for the 7.7.7.0/24 prefix, 1051–1057
LDP autoconfiguration, enabling, 1068–1071
LDP router ID (RID), 1033
loopback1 interface of R1, 1044–1048
LSRs (label switch routers), 1033–1037
MLPS structure, hiding, 1065–1067
MPLS forwarding, 1034
serial connection between R3 and R5, 1072–1073
session keepalives, 1044
TTL propagation, testing, 1064–1065
LDP (Label Distribution Protocol) configuration, 1026
LSA Type 4 and Suppress FA, 539–548
LSAs in OSPFv3, 790
Intra-Area Prefix LSAs, 799–800
Network LSAs, 795
OSPF Area 0 on DMVPN network, 813–816
OSPF Area 0 on F0/1 and loopback0 interfaces of R1, R2, and R4, 790–793
OSPF Area 13 on S1/3 and loopback13 interfaces of R3, 800–809
match destination and source address MAC
overview of, 881
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
match IP DSCP/Precedence vs. match DSCP, 885–893
match protocol HTTP URL, MIME, and Host, 893–898
MLS QoS
f0/1 interface on SW1, configuring to mark ingress traffic with COS marking of 2, 844–850
mls qos, enabling on SW1, 842–844
overview of, 840
R1, configuring to send all traffic with COS marking of 1, 840–842
MST (Multiple Spanning Tree), 93–94
boundary ports, 94
configuring with policies, 99–106
edge ports, 94
IST (Internal Spanning Tree), 95
MSTP (Multiple Instance Spanning Tree Protocol), 96
port configuration, 96
regions, 94
switch hostname configuration, 96
trunking mode, 97
OSPF authentication, 431
plaintext authentication, 433–439
router interfaces in Area 0, 431–433
OSPF broadcast networks, 397–410
OSPF filtering, 476
loopback interface advertisement, 501–502
loopback interface redistribution, 493
loopback interfaces of R1 and R2, 481–482
LSA flooding, preventing, 502–504
network filtering in Area 0, 486–488
network filtering in Area 0 and Area 2, 488–490
network filtering in Area 2, 484–486
network filtering on all routers except R1, 490–493
network filtering on all routers except R5, 494–495
network filtering on R1’s routing table, 496
network filtering on R2, 482–483
R1 and R2’s directly connected interfaces, 476–478
serial connection between R3 and R4, 478–479
serial connection between R4 and R5, 480–481
OSPF non-broadcast networks, 411–421
OSPF point-to-multipoint networks, 425–430
OSPF point-to-point networks, 421–424
OSPF routing in VPN, 1113–1122
OSPF stub, totally stubby, and NSSA areas, 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
stub area configuration, 523–526
totally stubby area configuration, 526–528
OSPF suboptimal paths, 549–555
OSPF summarization
advertising networks, 468–469, 472–475
external route summarization, 467–468
network summarization, 470
R4 configuration, 463
physical-to-logical topology
hostname configuration, 20
port shutdown, 20
PPP (Point-to-Point Protocol)
DHCP server configuration, 212–215
interface configuration, 182–186
IP address assignment, 187–190
loopback0 interface, pinging, 186–187
MLPPP (Multilink PPP), 216–218
MPPE protocol and MS-CHAP authentication, 215–218
one-way CHAP authentication, 198–201
one-way PAP authentication, 190–192
PPPoE (PPP over Ethernet), 207–212
R1 and R2 serial interface configuration, 215–218
R4, configuring to authenticate R3, 202–207
two-way CHAP authentication, 201–202
two-way PAP authentication, 192–194
prefix list configuration, 267
allowing only unsubnetted Class B networks, 272–275
allowing only unsubnetted Class C networks, 275–278
allowing unsubnetted Class A networks, plus Class B and C networks, 269–272
configuring loopback interfaces, 277–278, 285
denying certain prefixes, 278–281
filtering existing and future host routes, 286
filtering networks with certain prefix lengths, 283–285
injecting default route in EIGRP routing domain, 281–283
Rapid STP
operational enhancements of, 74
overview of, 73
port roles, 74
port states, 74
rapid convergence mechanisms, 75, 78–80
rapid convergence process, demonstrating, 80–83
SW2, enabling for RSTP mode, 89–92
RFC 3101 and RFC 1587, 556–566
RIPv2 and EIGRP redistribution
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
EIGRP AS 100 configuration, 607–608
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
loopback0 interface, 607
mutual redistribution between RIPv2 and EIGRP, 608–614
RIPv2 configuration on R2, R3, and R4, 605–606
RIPv2 and OSPF redistribution
mutual redistribution on R1, 629–634
OSPF area 0 configuration on f0/0 interface, 626
RIPv2 configuration on R1, R2, and R3, 626–627
update, invalidation, and flush timer values, 628–629
RIPv2 routing in VPN, 1078
configuration between R1 and PE-2, 1096–1107
configuration between R7 and PE-6, 1096–1107
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
OSPF configuration on core MPLS routers, 1081–1083
RDs (route distinguishers), 1091–1095
RTs (route targets), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095
Spanning Tree Backbone Fast, 148–154
Spanning Tree Loop Guard, 162–167
Spanning Tree Portfast, 106–115
Spanning Tree Root Guard, 154–162
static RP (rendezvous point), 977
R2 and R3 configuration, 986–991
summarization of internal/external networks
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
virtual links and GRE tunnels
GRE tunnel configuration, 513–516
virtual link configuration, 509–513
LCP (Link Control Protocol), 171–175
LDP (Label Distribution Protocol) configuration, 1026
backdoor links
CE (customer edge) router configuration, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
conditional label advertising, 1058–1064
control plane for the 7.7.7.0/24 prefix, 1051–1057
LDP autoconfiguration, enabling, 1068–1071
LDP router ID (RID), 1033
loopback1 interface of R1, 1044–1048
LSRs (label switch routers), 1033–1037
MLPS structure, hiding, 1065–1067
MPLS forwarding, 1034
RIPv2 routing in VPN
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
serial connection between R3 and R5, 1072–1073
session keepalives, 1044
TTL propagation, testing, 1064–1065
leak-map command, 355
LFI (Link Fragmentation and Interleaving), 180
LFIB (Label Forwarding Information Base), 1073
LIB (Label Information Base), 1073
Link Control Protocol (LCP), 171–175
Link Establishment Phase (PPP), 171–175
Link Fragmentation and Interleaving (LFI), 180
links
backdoor links and OSPF, 1123
CE (customer edge) router configuration, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
OSPF configuration on core MPLS routers, 1123–1128
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
link-state advertisements. See LSAs (link-state advertisements)
link-state databases, filtering items in. See filtering
lists, prefix. See prefix lists
logical topology
definition of, 8
transitioning physical topology to, 18–33
hostname configuration, 20
port shutdown, 20
transitioning to physical topology, 8–17
loopback interfaces
advertising networks
R1 and R4 loopback interfaces, 385–387
R4, R5, and R6 loopback interfaces, 381–385
BGP (Border Gateway Protocol), 653
DMVPNs (dynamic multipoint virtual private networks), 947–948
EIGRP redistribution, 607
EIGRP summarization
loopback interfaces for R1, 349–350
loopback interfaces for R2, 350
loopback interfaces for R3, 351
loopback interfaces for R4, 351–353
LDP (Label Distribution Protocol), 1044–1048
OSPF (Open Shortest Path First), 501–502
OSPF stub, totally stubby, and NSSA areas, 522–523, 532–533
summarization, 325–327, 778–782
LSAs (link-state advertisements)
in OSPFv3, 790
Intra-Area Prefix LSAs, 799–800
Network LSAs, 795
OSPF Area 0 on DMVPN network, 813–816
OSPF Area 0 on F0/1 and loopback0 interfaces of R1, R2, and R4, 790–793
OSPF Area 13 on S1/3 and loopback13 interfaces of R3, 800–809
LSRs (label switch routers)
M
MAC (media access control) addresses, 36
MAC address access lists, 904–906
match destination and source address MAC
overview of, 885
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
mapping
COS-DSCP mapping
F0/1 interface on R2, configuring, 866
F0/1 interface on SW1, configuring, 866
F0/19 interface SW2, configuring, 866–869
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
dynamic mapping, DMVPN Phase 1 using
hub and spoke configuration, 232–236
interface and router configuration, 229–232
overview of, 229
IP-precedence-DSCP mapping, 870–873
mapping agents, 998
route map configuration, 570–571
static mapping
match interface option, 569
match ip route-source command, 598
match source-address mac command, 904
matches, configuring
class-based policing
F0/0 interface on R2, configuring, 903–904
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
overview of, 898
S1/2 interface on R1, configuring, 899–902
input-interface and match NOT
f0/0 interface on R4, configuring, 873–876
overview of, 873
s1/1 interface on R2, configuring, 877–881
match destination and source address MAC
overview of, 881
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
match IP DSCP/Precedence vs. match DSCP, 885–893
match protocol HTTP URL, MIME, and Host, 893–898
MD5 authentication, 176
configuration, 361
authentication password, 448–451
between R1 and R2, 444–447, 455–462
media access control addresses. See MAC (media access control) addresses
messages
CHAP (Challenge-Handshake Authentication Protocol), 198–200
IGMP (Internet Group Management Protocol), 969–971
LCP (Link Control Protocol), 172–175
NHRP (Next-Hop Resolution Protocol), 251–252
PAP (Password Authentication Protocol), 190
PPPoE (PPP over Ethernet), 181
metric rib-scale command, 340
metrics
composite metrics, filtering, 602–604
EIGRP (Enhanced Interior Gateway Routing Protocol), 604
classic mode configuration, 337–338
EIGRP AS 100 configuration, 334–335
FD set to Infinity, resolving, 343–348
mutual redistribution between RIPv2 and EIGRP, 335–337
named mode configuration, 338–341
topology, 333
mGRE (Multipoint Generic Routing Encapsulation), 219, 223
Microsoft CHAP. See MS-CHAP (Microsoft CHAP)
Microsoft Point-to-Point Encryption. See MPPE (Microsoft Point-to-Point Encryption)
MIME (Multipurpose Internet Mail Extensions), 893–898
MLPPP (Multilink PPP), 180, 216–218
MLS QoS
f0/1 interface, configuring to mark ingress traffic with COS marking of 2, 844–850
mls qos, enabling on SW1, 842–844
overview of, 840
R1, configuring to send all traffic with COS marking of 1, 840–842
mls qos command, 853
mls qos cos 2 command, 846, 849
mls qos cos override command, 846, 847
mls qos trust cos command, 846, 849
mls qos trust dscp command, 854
modified EUI-64 addressing, 737–739
Modular Quality of Service Command Line Interface (MQC), 844
moving designated ports, 43–45
MPLS (Multiprotocol Label Switching)
backdoor links and OSPF, 1123
CE (customer edge) router configuration, 1136–1141
F0/1 interface of R1 and the G0/1 interface of R7, 1141–1147
LDP configuration between core routers, 1128–1132
MP-BGP AS 100 configuration between R2 and R6, 1132–1133
OSPF configuration on core MPLS routers, 1123–1128
RDs (route distinguishers), 1134–1136
RTs (route targets), 1134–1136
VRF (Virtual Routing and Forwarding), 1134–1136
EIGRP routing in VPN, 1107–1113
LDP (Label Distribution Protocol), 1026
conditional label advertising, 1058–1064
control plane for the 7.7.7.0/24 prefix, 1051–1057
LDP autoconfiguration, 1068–1071
LDP router ID (RID), 1033
loopback1 interface of R1, 1044–1048
LSRs (label switch routers), 1033–1037
MLPS structure, hiding, 1065–1067
MPLS forwarding, 1034
serial connection between R3 and R5, 1072–1073
session keepalives, 1044
TTL propagation, testing, 1064–1065
OSPF routing in VPN, 1113–1122
overview of, 1025
RIPv2 routing in VPN, 1078
configuration between R1 and PE-2, 1096–1107
configuration between R7 and PE-6, 1096–1107
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
OSPF configuration on core MPLS routers, 1081–1083
RDs (route distinguishers), 1091–1095
RTs (route targets), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095
mpls ip command, 1033
mpls label protocol command, 1033
mpls label protocol ldp command, 1033
MPLS label range 16 1048575 command, 1048
mpls ldp advertise-labels command, 1058
mpls ldp router-id command, 1033
MPPE (Microsoft Point-to-Point Encryption), 215–218
MQC (Modular Quality of Service Command Line Interface), 844
MS-CHAP (Microsoft CHAP), 175–176, 215–218
MST (Multiple Spanning Tree), 93–94
boundary ports, 94
configuring with policies, 99–106
edge ports, 94
IST (Internal Spanning Tree), 95
MSTP (Multiple Instance Spanning Tree Protocol), 96
port configuration, 96
regions, 94
switch hostname configuration, 96
trunking mode, 97
MSTP (Multiple Instance Spanning Tree Protocol), 96
multicast
BSR (Bootstrap Router), 1013
Lo0 interface of R1, 1022–1023
OSPF Area 0 configuration, 1013–1014
PIM sparse mode configuration, 1014–1017
primary and backup RP configuration, 1017–1022
dynamic RP learning and Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0 configuration, 994
PIM sparse-dense-mode configuration, 994–997
primary and backup RP configuration, 997–1003
RP announcements, filtering on R6, 1004–1005
IGMP (Internet Group Management Protocol), 959
F0/0 and F0/1 interface configuration on R1 and R2, 959–962
F0/0 interface configuration on R3 and R4, 963
F0/1 interface configuration on R5 and R6, 964
G0/1 interface on R7, 965
hosts connected to F0/1 on R1, restricting, 965–967
hosts connected to F0/1 on R2, stopping multicast traffic with, 967–969
mroute states, limiting, 971–974
query max response time, 976–977
query messages, sending, 969–971
querying router and the query interval, 974–976
static RP (rendezvous point), 977
R2 and R3 configuration, 986–991
multi-exit discriminator attribute (BGP), 695–703
Multilink PPP (MLPPP), 180
Multiple Instance Spanning Tree (MSTP), 96
Multiple Spanning Tree. See MST (Multiple Spanning Tree)
Multipoint Generic Routing Encapsulation (mGRE), 219, 223
Multiprotocol Label Switching. See MPLS (Multiprotocol Label Switching)
Multipurpose Internet Mail Extensions (MIME), 893–898
mutual redistribution between RIPv2 and EIGRP, 335–337, 608–614
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
N
Name field (CHAP), 199
named mode (EIGRP), 311
bandwidth usage, configuring, 324–325
EIGRP 200 configuration, 318–319
EIGRP AS 100 configuration, 316–317
fixed metric for the EIGRP summary route, 327–328
number of received prefixes, limiting, 329–333
policy for configuring, 311–315
unicast configuration, 317–318
NAT (network address translation), 224, 925–930
NBAR (Network Based Application Recognition), 899
NBMA (Non-Broadcast Multi-Access), 219, 294
NCPs (Network Control Protocols), 177–179
neighbor adjacencies, establishing, 635–641
neighbor advertisements, 740
neighbor discovery, 739–743, 1037–1042
neighbor routes, 182
network address translation (NAT), 224
Network Based Application Recognition (NBAR), 899
Network Control Protocols (NCPs), 177–179
Network Layer Protocol Phase (PPP), 177–179
network layer reachability information (NLRI), 509
Network LSAs, 795
Next Hop Server (NHS), 219
NHRP (Next-Hop Resolution Protocol)
DMVPNs (dynamic multipoint virtual private networks)
DMVPN Phase 1 using dynamic mapping, 232
DMVPN Phase 1 using static mapping, 223–225
DMVPN Phase 2 using dynamic mapping, 248–249
NHRP Response, 252
NHRP Shortcut, 252
Traffic Indication message, 265
NHS (Next Hop Server), 219
NLRI (network layer reachability information), 509
no auto-summary command, 312
no discard-route internal command, 585
no mpls ip propagate-ttl local command, 1066
no peer neighbor-route command, 185
Non-Broadcast Multi-Access (NBMA), 294
Non-Broadcast Multi-Access (NBMA) address, 219
non-broadcast networks (OSPF)
point-to-multipoint networks, 425–430
nonces, 913
NSSA (not-so-stubby area), 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
number of received prefixes, limiting, 329–333
O
one-way PAP authentication, 190–192
Open Shortest Path First. See OSPF (Open Shortest Path First)
Originator-ID attribute, 642
OSPF (Open Shortest Path First), 536–538. See also EIGRP (Enhanced Interior Gateway Routing Protocol)
advertising networks, 381
R1 and R4 connections and loopback interfaces, 385–387
R4, R5, and R6 connections, 381–385
static default routes, 388–389
authentication, 431
plaintext authentication, 433–439
router interfaces in Area 0, 431–433
backdoor links, 1123
OSPF configuration on core MPLS routers, 1123–1128
basic redistribution
eigrp 100 redistribution into ospf 1, 592–593
network 4.4.4.0 /24, filtering on R2, 596–597
ospf 1 and eigrp 100 redistribution into ospf 36, 599–602
ospf 1 redistribution into eigrp 100, 595–596
OSPF area 0 configuration, 587–589, 591
RIPv2 redistribution into OSPF, 584–586
routes originated by R4, filtering with R5, 597–599
EIGRP (Enhanced Interior Gateway Routing Protocol) configuration, 319–323
filtering, 476
loopback interface advertisement, 501–502
loopback interface redistribution, 493
loopback interfaces of R1 and R2, 481–482
LSA flooding, preventing, 502–504
network filtering in Area 0, 486–488
network filtering in Area 0 and Area 2, 488–490
network filtering in Area 2, 484–486
network filtering on all routers except R1, 490–493
network filtering on all routers except R5, 494–495
network filtering on R1’s routing table, 496
network filtering on R2, 482–483
R1 and R2’s directly connected interfaces, 476–478
serial connection between R3 and R4, 478–479
serial connection between R4 and R5, 480–481
LSA Type 4 and FA suppression, 539–548
LSAs in OSPFv3, 790
Intra-Area Prefix LSAs, 799–800
Network LSAs, 795
OSPF Area 0 on DMVPN network, 813–816
OSPF Area 0 on F0/1 and loopback0 interfaces of R1, R2, and R4, 790–793
OSPF Area 13 on S1/3 and loopback13 interfaces of R3, 800–809
non-broadcast networks, 411–421
bandwidth usage, configuring, 830
Hello interval and Hold timer, 825–826
loopback1 interface on R2, 826–829
redistributing into EIGRPv6, 824–825
point-to-multipoint networks, 425–430
point-to-point networks, 421–424
RFC 3101 and RFC 1587, 556–566
RIPv2 and OSPF redistribution
mutual redistribution on R1, 629–634
OSPF area 0 configuration on f0/0 interface, 626
RIPv2 configuration on R1, R2, and R3, 626–627
update, invalidation, and flush timer values, 628–629
RIPv2 routing in VPN, 1081–1083
stub, totally stubby, and NSSA areas, 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
stub area configuration, 523–526
totally stubby area configuration, 526–528
summarization
advertising networks, 468–469, 472–475
discard routes, 471–472, 786–789
external route summarization, 467–468, 782–786
loopback interface summarization, 778–782
network summarization, 470
overview of, 771
R4 configuration, 463
virtual links and GRE tunnels
GRE tunnel configuration, 513–516
virtual link configuration, 509–513
P
Packet Description Language Modules (PDLM), 899
packet label assignment, 1106
Padding field (PPP), 171
PADI (PPPoE Active Discovery Initiation) frame, 181
PADO (PPPoE Active Discovery Offer) frame, 181
PADR (PPPoE Active Discovery Request) frame, 181
PADS (PPPoE Active Discovery Session) frame, 181
PADT (PPPoE Active Discovery Termination) message, 181
PAP (Password Authentication Protocol)
one-way CHAP authentication, 198–201
one-way PAP authentication, 190–192
R4, configuring to authenticate R3, 202–207
two-way CHAP authentication, 201–202
two-way PAP authentication, 192–194
passwords, authentication passwords, 448–451
PDLM (Packet Description Language Modules), 899
peer default ip address 23.1.1.3 interface command, 187
peer default ip address pool command, 212
peer session configuration, 650–651
peering (BGP), 704–708, 715–717
Perfect Forward Secrecy (PFS), 913
PFC (Protocol Field Compression), 179
PFS (Perfect Forward Secrecy), 913
Phase 1 DMVPN (dynamic multipoint virtual private network)
configuring for EIGRP, 289–292
NHRP (Next-Hop Resolution Protocol), 223
using dynamic mapping
hub and spoke configuration, 232–236
interface and router configuration, 229–232
overview of, 229
using static mapping
hub and spoke configuration, 223–229
interface and router configuration, 220–239
overview of, 219
Phase 2 DMVPN (dynamic multipoint virtual private network)
configuring for EIGRP, 298–301
using dynamic mapping
hub and spoke configuration, 247–251
interface and router configuration, 245–247
overview of, 244
using static mapping
hub and spoke configuration, 240–244
interface and router configuration, 237–240
Phase 3 DMVPN (dynamic multipoint virtual private network)
hub and spoke configuration, 255–266
interface and router configuration, 253–255
physical topology
serial connections between routers, 3–5
transitioning logical topology to, 8–17
transitioning to logical topology, 18–33
hostname configuration, 20
port shutdown, 20
PIM (Protocol-Independent Multicast)
sparse mode, 983–985, 994–997, 1014–1017
plaintext authentication
point-to-multipoint networks (OSPF), 425–430
point-to-point networks (OSPF), 421–424
Point-to-Point Protocol. See PPP (Point-to-Point Protocol)
policing, class-based. See class-based policing
ports
edge ports, 75
shutting down, 20
STP (Spanning Tree Protocol)
boundary ports, 94
designated ports, moving, 43–45
edge ports, 94
MSTP (Multiple Instance Spanning Tree Protocol), 96
port roles, 74
port states, 74
spanning-tree port ID, raising, 48–49
trunk port configuration, 52–54
trunking mode, 97
PPP (Point-to-Point Protocol)
control plane, 171
LCP (Link Control Protocol), 171–175
NCPs (Network Control Protocols), 177–179
DHCP server configuration, 212–215
interface configuration, 182–186
IP address assignment, 187–190
loopback0 interface, pinging, 186–187
MLPPP (Multilink PPP), 216–218
MPPE protocol and MS-CHAP authentication, 215–218
one-way CHAP authentication, 198–201
one-way PAP authentication, 190–192
PPPoE (PPP over Ethernet), 207–212
R1 and R2 serial interface configuration, 215–218
R4, configuring to authenticate R3, 202–207
two-way CHAP authentication, 201–202
two-way PAP authentication, 192–194
MLPPP (Multilink PPP), 180
PPPoE (PPP over Ethernet), 180–182
session establishment
Link Establishment Phase, 171–175
Network Layer Protocol Phase, 177–179
ppp authentication chap command, 198, 203
ppp authentication pap command, 190
ppp chap hostname command, 199, 203
ppp chap password command, 177
PPP over Ethernet. See PPPoE (PPP over Ethernet)
ppp pap sent-username command, 191
PPPoE (PPP over Ethernet), 180–182, 207–212
PPPoE Active Discovery Initiation (PADI) frame, 181
PPPoE Active Discovery Offer (PADO) frame, 181
PPPoE Active Discovery Request (PADR) frame, 181
PPPoE Active Discovery Session (PADS) frame, 181
PPPoE Active Discovery Termination (PADT) message, 181
precedence, IP-precedence-DSCP mapping, 870–873
prefix delegation (DHCP), 755–763
prefix lists
configuration, 267
allowing only unsubnetted Class B networks, 272–275
allowing only unsubnetted Class C networks, 275–278
allowing unsubnetted Class A networks, plus Class B and C networks, 269–272
configuring loopback interfaces, 277–278, 285
denying certain prefixes, 278–281
filtering existing and future host routes, 286
filtering networks with certain prefix lengths, 283–285
injecting default route in EIGRP routing domain, 281–283
access list configuration, 712–713
outbound prefixes, filtering, 713–714
prefix-list and distribute-list configuration, 709–710
prefixes, filtering
advertising of prefixes originating in own AS, 721–723
prefixes from directly connected neighbors, 725–726
prefixes originating in AS 200, 723–725
prefixes originating in AS 300, 717–719, 727–728
prefixes with AS 300 in path list, 719–721
prefixes with prepended AS numbers, 728–731
preshared keys (PSK), 913
primary RP (rendezvous point) configuration, 997–1003, 1017–1022
propagation (TTL), testing, 1064–1065
Protocol field (CHAP), 198
Protocol Field Compression (PFC), 179
Protocol field (PPP), 171
Protocol-Independent Multicast. See PIM (Protocol-Independent Multicast)
Protocol-Reject (PROTREJ) message, 178–179
Protocol-Reject message, 175
PROTREJ (Protocol-Reject) message, 178–179
PSK (preshared keys), 913
Q
QoS (quality of service)
class-based policing
F0/0 interface on R2, configuring, 903–904
HTTP, FTP, and ICMP traffic, 906–907
MAC address access lists, 904–906
overview of, 898
S1/2 interface on R1, configuring, 899–902
COS-DSCP mapping
F0/1 interface on R2, configuring, 866
F0/1 interface on SW1, configuring, 866
F0/19 interface SW2, configuring, 866–869
DSCP-COS mapping
overview of, 860
R1 configuration, 862
R2 configuration, 861
DSCP-Mutation
DSCP rewrites, enabling, 857–860
DSCP-mutation map configuration, 855–857
mls qos, enabling on SW2, 853–854
mls qos trust dscp configuration, 854–855
MQC on R1, configuring to mark egress traffic with DSCP value of 1, 851–852
overview of, 851
input-interface and match NOT
f0/0 interface on R4, configuring, 873–876
overview of, 873
s1/1 interface on R2, configuring, 877–881
IP-precedence-DSCP mapping, 870–873
LFI (Link Fragmentation and Interleaving), 180
match destination and source address MAC
overview of, 881
R2 configuration to classify and mark IP routed traffic, 882–885
RIPv2 configuration, 881
match IP DSCP/Precedence vs. match DSCP, 885–893
match protocol HTTP URL, MIME, and Host, 893–898
MLS QoS
f0/1 interface on SW1, configuring to mark ingress traffic with COS marking of 2, 844–850
mls qos, enabling on SW1, 842–844
overview of, 840
R1, configuring to send all traffic with COS marking of 1, 840–842
quality of service. See QoS (quality of service)
queries (IGMP)
query max response time, 976–977
querying router and the query interval, 974–976
R
RA (router advertisement) messages, 739–740, 744
raising spanning-tree cost on port in VLAN 12, 41–42
rapid convergence (RSTP), 75
rapid convergence mechanisms, 78–80
rapid convergence process, demonstrating, 80–83
Rapid STP (Spanning Tree Protocol)
operational enhancements of, 74
overview of, 73
port roles, 74
port states, 74
rapid convergence mechanisms, 75, 78–80
rapid convergence process, demonstrating, 80–83
SW2, enabling for RSTP mode, 89–92
rapid-commit option, 755
RDs (route distinguishers), 1091–1095, 1134–1136
Redirect message, 251–252, 740
redistribute connected command, 570, 579
redistribution
basic configuration
composite metrics, filtering, 602–604
eigrp 100 redistribution into ospf 1, 592–593
EIGRP AS 100, 578–580, 589–590
link between R1 and R3, 567–569
loopback interfaces on R2, 583
loopback interfaces on R2/R3, 575–578
loopback interfaces on R3, 569
network 4.4.4.0 /24, filtering on R2, 596–597
ospf 1 and eigrp 100 redistribution into ospf 36, 599–602
ospf 1 redistribution into eigrp 100, 595–596
overview of, 567
RIP redistribution into EIGRP, 580–583
RIPv2 redistribution into OSPF, 584–586
route maps, 569
routes originated by R4, filtering with R5, 597–599
routes tag of 111, configuring R4 to filter, 593–594
routes tag of 222, configuring R4 to filter, 595
RIPv2 and EIGRP redistribution
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
EIGRP AS 100 configuration, 607–608
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
loopback0 interface, 607
mutual redistribution between RIPv2 and EIGRP, 608–614
RIPv2 configuration on R2, R3, and R4, 605–606
RIPv2 and OSPF redistribution
mutual redistribution on R1, 629–634
OSPF area 0 configuration on f0/0 interface, 626
RIPv2 configuration on R1, R2, and R3, 626–627
update, invalidation, and flush timer values, 628–629
regions (MST), 94
advertising of prefixes originating in own AS, preventing, 721–723
prefixes from directly connected neighbors, blocking, 725–726
prefixes originating in AS 200, blocking, 723–725
prefixes originating in AS 300, blocking, 727–728
prefixes originating in AS 300, filtering, 717–719
prefixes with AS 300 in path list, filtering, 719–721
prefixes with prepended AS numbers, blocking, 728–731
Rendezvous Point Set (RP-SET), 1019
rendezvous points. See RPs (rendezvous points)
Resolution requests (NHRP), 251, 301
Response message
CHAP (Challenge-Handshake Authentication Protocol), 199
NHRP (Next-Hop Resolution Protocol), 252
rewrites (DSCP), enabling, 857–860
RIB (Routing Information-Base), 306
RID (router ID), 1033
RIPv2 (Routing Information Protocol version 2), 295
redistribution into OSPF, 584–586
RIPv2 configuration on R2, R3, and R4, 605–606
EIGRP redistribution
allowing only required routes to be redistributed, 617–619
control plane mechanism, 614–615
EIGRP AS 100 configuration, 607–608
filtering RIP routes from being advertised out of F0/1 interface, 615–617
filtering tagged routes, 619–622
loopback0 interface, 607
mutual redistribution, 335–337
mutual redistribution between RIPv2 and EIGRP, 608–614
match destination and source address MAC, 881
OSPF redistribution
mutual redistribution on R1, 629–634
OSPF area 0 configuration on f0/0 interface, 626
RIPv2 configuration on R1, R2, and R3, 626–627
update, invalidation, and flush timer values, 628–629
redistribution into EIGRP, 580–583
in VPN, 1078
configuration between R1 and PE-2, 1096–1107
configuration between R7 and PE-6, 1096–1107
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
OSPF configuration on core MPLS routers, 1081–1083
RDs (route distinguishers), 1091–1095
RTs (route targets), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095
roles, port, 74
root bridge configuration, 56–59, 65–67
root primary macro configuration, 46–48
route distinguishers (RDs), 1091–1095, 1134–1136
route map configuration, 570–571
route redistribution. See redistribution
route targets (RTs), 1091–1095, 1134–1136
route-map tst permit 90 command, 570
router advertisement (RA) messages, 739–740, 744
router configuration. See configuration
router discovery, 741
router ID (RID), 1033
router ospf command, 765
router ospfv3 command, 765
router solicitation, 740
Routing Information Protocol. See RIPv2 (Routing Information Protocol version 2)
Routing Information-Base (RIB), 306
routing tables, filtering items in. See filtering
RPs (rendezvous points)
dynamic RP learning and Auto-RP, 993
Lo0 interface of R1, 1006–1010
OSPF Area 0 configuration, 994
PIM sparse-dense-mode configuration, 994–997
primary and backup RP configuration, 997–1003
RP announcements, filtering on R6, 1004–1005
static RP (rendezvous point), 977
R2 and R3 configuration, 986–991
RP-SET (Rendezvous Point Set), 1019
RSA encrypted pseudorandom numbers, 913
RSA signatures, 913
RTs (route targets), 1091–1095, 1134–1136
Rx(config)#ip multicast-routing command, 959
S
sending messages. See messages
serial connections between routers, 3–5
servers
AAA servers, 176
DHCP server configuration, 746–751
session keepalives, 1044
session protection (LDP), 1073–1077
Session stage (PPPoE), 181–182
sessions (PPP), establishing
Link Establishment Phase, 171–175
Network Layer Protocol Phase, 177–179
sh mac address-table dynamic vlan 21 command, 48
sh mac-address-table command, 41
sh spanning-tree command, 37
sh spanning-tree vlan 12 interface f0/19 detail command, 44
sh version | inc Base command, 37
Shortcut message (NHRP), 252
show cdp neighbors command, 20
show ip bgp peer-group TST command, 641
show ip eigrp topology 8.8.8.0/24 command, 341
show ip route | include 3.3.3.0 command, 629
show ipv6 ospf database command, 795
show ipv6 route command, 750
show ppp all command, 193
show ppp interface command, 195
shutting down ports, 20
site-to-site IPSec VPN
basic site-to-site IPSec VPN, 911
IKE Phase 1 message 1, 917
IKE Phase 1 message 2, 918–919
IKE Phase 1 message 3, 919
IKE Phase 1 message 4, 919–920
IKE Phase 1 message 5, 920
IKE Phase 1 message 6, 920–921
IKE Phase 2 message 1, 921–925
ISAKMP, 912
policy guidelines, 912
basic site-to-site IPSec VPN and NAT, 925–930
DMVPN tunnels, protecting, 946
F0/0 and loopback0 interfaces of R1, R2, and R3, 947–948
hub and spoke configuration, 948–952
GRE/IP with Transport mode, 940–942
GRE/IPSec with Tunnel mode, 937–940
non-scalable configuration, 930–937
SLAAC (stateless address auto-configuration), 743–746
source-protocol option, 600
Spanning Tree Backbone Fast, 148–154
Spanning Tree Loop Guard, 162–167
Spanning Tree Portfast, 106–115
Spanning Tree Root Guard, 154–162
spanning-tree portfast command, 75
sparse mode (PIM), 983–985, 994–997
spokes (DMVPN)
configuring for future DMVPN spokes, 304–311
Phase 1
Phase 2
stateless address auto-configuration (SLAAC), 743–746
states
port states, 74
static default routes
EIGRP (Enhanced Interior Gateway Routing Protocol), 287–289
OSPF (Open Shortest Path First), 388–389
static mapping
DMVPN Phase 1
hub and spoke configuration, 223–229
NHRP (Next-Hop Resolution Protocol), 223–225
DMVPN Phase 2
hub and spoke configuration, 240–244
interface and router configuration, 237–240
static RP (rendezvous point), 977
R2 and R3 configuration, 986–991
static virtual tunnel interfaces (S-VTI), 942–946
STP (Spanning Tree Protocol)
advanced STP (Spanning Tree Protocol)
overview of, 50
root bridge configuration, 56–59, 65–67
switch hostname configuration, 51–52
trunk port configuration, 52–54
VLAN 100, 200, 300, and 400 creation, 55–56
basic STP (Spanning Tree Protocol)
designated ports, moving, 43–45
IP and MAC addressing, 36
root primary macro configuration, 46–48
spanning-tree cost on port in VLAN 12, raising, 41–42
spanning-tree port ID, raising, 48–49
BPDU filtering
F0/21 interface configuration, 139–142
router and switch configuration, 136–139
MST (Multiple Spanning Tree), 93–94
boundary ports, 94
configuring with policies, 99–106
edge ports, 94
IST (Internal Spanning Tree), 95
MSTP (Multiple Instance Spanning Tree Protocol), 96
port configuration, 96
regions, 94
switch hostname configuration, 96
trunking mode, 97
Rapid STP
operational enhancements of, 74
overview of, 73
port roles, 74
port states, 74
rapid convergence mechanisms, 75, 78–80
rapid convergence process, demonstrating, 80–83
SW2, enabling for RSTP mode, 89–92
Spanning Tree Backbone Fast, 148–154
Spanning Tree Loop Guard, 162–167
Spanning Tree Portfast, 106–115
Spanning Tree Root Guard, 154–162
stubs
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP AS 100 configuration, 368–370
eigrp stub connected option, 373–374
eigrp stub receive-only option, 377–378
eigrp stub redistributed option, 376–377
eigrp stub static option, 375–376
eigrp stub summary option, 375
summarization, 370
topology, 368
OSPF (Open Shortest Path First), 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
suboptimal paths (OSPF), 549–555
Success message (CHAP), 199
summarization
EIGRP (Enhanced Interior Gateway Routing Protocol)
fixed metric for the EIGRP summary route, 327–328
loopback interfaces for R1, 349–350
loopback interfaces for R2, 350
loopback interfaces for R3, 351
loopback interfaces for R4, 351–353
topology, 349
of internal/external networks
external route summarization, 782–786
loopback interface summarization, 778–782
overview of, 771
OSPF (Open Shortest Path First)
advertising networks, 468–469, 472–475
external route summarization, 467–468
network summarization, 470
R4 configuration, 463
summary-address command, 783
summary-prefix command, 783
suppressing FA (forward address), 539–548
SVCs (switched virtual circuits), 456–457
S-VTI (static virtual tunnel interfaces), 942–946
switched virtual circuits (SVCs), 456–457
T
tables (ARP), 9. See also filtering
tagged routes, filtering, 619–622
Terminate-Ack message, 175
Terminate-Request message, 175
testing TTL propagation, 1064–1065
timers. See Hold timer
topologies. See logical topology; physical topology
TOS Byte field, 839
totally stubby areas (OSPF), 517
default route injection, 533–536
loopback interfaces on R5, 532–533
loopback30 interface on R3, 522–523
R1’s directly connected interfaces, 518
R2’s directly connected interfaces, 518–519
R3’s directly connected interfaces, 519–520
R4’s directly connected interfaces, 521–523
traceroute 3.3.3.3 command, 263
Traffic Indication message (NHRP), 265
Transport mode (GRE/IPSec), 940–942
trunk interfaces, verifying, 12–13
trunk port configuration, 52–54
trunking mode, 97
tst-pool, 207
TTL propagation, testing, 1064–1065
tunnels
DMVPNs (dynamic multipoint virtual private networks)
DMVPN Phase 1 using dynamic mapping, 232
DMVPN Phase 1 using static mapping, 225–226
DMVPN Phase 2 using dynamic mapping, 248–249
DMVPN Phase 3, 259
GRE (Generic Routing Encapsulation), 504–506, 513–516
GRE/IPSec Tunnel mode, 937–940
S-VTI (static virtual tunnel interfaces), 942–946
two-way PAP authentication, 192–194
Type of Services (TOS Byte) field, 839
Type-2 LSAs, 795
U
U/L (universal/local) bit, 738
unicast configuration, 317–318
universal/local (U/L) bit, 738
username R4 password Cisco command, 203
V
Value field (CHAP), 199
VIRL (Virtual Internet Routing Lab), 5
virtual links
virtual local area networks. See VLANs (virtual LANs)
virtual private networks. See VPNs (virtual private networks)
Virtual Routing and Forwarding (VRF), 1091–1095, 1134–1136
Virtual-Template interface, 207
VLANs (virtual LANs)
global configuration mode, 12
physical-to-logical topology lab
STP (Spanning Tree Protocol)
MST (Multiple Spanning Tree), 97–99
root bridge configuration, 56–59, 65–67
VLAN 100, 200, 300, and 400, 55–56
VPNID, 1094
VPNs (virtual private networks). See also DMVPNs (dynamic multipoint virtual private networks); IPSec VPN
RIPv2 routing in, 1078
configuration between R1 and PE-2, 1096–1107
configuration between R7 and PE-6, 1096–1107
LDP configuration on core MPLS routers, 1084–1088
MP-BGP AS 100 configuration on R2 to R6, 1088–1090
OSPF configuration on core MPLS routers, 1081–1083
RDs (route distinguishers), 1091–1095
RTs (route targets), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095
VRF (Virtual Routing and Forwarding), 1091–1095, 1134–1136
vrf definition command, 1091
W-X-Y-Z
weight attribute (BGP), 686–695
Wide Metric support (EIGRP), 341–342
Wireshark, 190