From: Kal Han (calikali2006@gmail.com)
Date: Mon Nov 13 2006 - 22:53:18 ART
Hi
All the show outputs I sent before are from R5
Here im sending R5 and R3 running configs.
R3, R5 and R6 are like a triangle with multi-point links.
[R6 running config is not included]
R5#sh run | be r ospf
router ospf 1
router-id 55.55.55.55
log-adjacency-changes
redistribute eigrp 500 metric 150 metric-type 1 subnets
network 195.3.56.0 0.0.0.255 area 100
!
R5#sh run
Building configuration...
Current configuration : 4173 bytes
!
! Last configuration change at 16:47:28 MST Mon Nov 13 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
logging queue-limit 100
!
memory-size iomem 10
clock timezone MST -9
ip subnet-zero
!
!
no ip domain lookup
ip dhcp excluded-address 195.1.5.1 195.1.5.50
!
ip dhcp pool Net145
network 195.1.5.0 255.255.255.0
dns-server 195.1.5.53
netbios-name-server 195.1.5.135
default-router 195.1.5.5
!
ip inspect max-incomplete high 1000
ip inspect max-incomplete low 800
ip inspect one-minute high 1000
ip inspect one-minute low 800
ip inspect tcp max-incomplete host 250 block-time 1
ip inspect name ids tcp
ip inspect name ids udp timeout 90
ip inspect name ids icmp
ip inspect name ids ftp
ip inspect name idsin http
ip inspect name idsin icmp
ip audit notify log
ip audit po max-events 100
ip port-map ftp port 2100
!
!
!
crypto isakmp policy 20
hash md5
authentication pre-share
!
!
!
!
!
crypto ipsec client ezvpn myezvpn
connect auto
group EZVPN key trinetnt
mode client
peer 195.1.114.4
!
!
!
!
key chain AUTH
key 1
key-string cciesec
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 55.55.55.55 255.255.255.0
!
interface Loopback55
ip address 10.55.55.55 255.255.255.0
crypto ipsec client ezvpn myezvpn inside
!
interface FastEthernet0/0
ip address 195.1.5.5 255.255.255.0
ip authentication mode eigrp 500 md5
ip authentication key-chain eigrp 500 AUTH
speed auto
half-duplex
!
interface Serial0/0
ip address 195.3.56.5 255.255.255.0
ip access-group 102 in
ip access-group 101 out
ip inspect idsin in
ip inspect ids out
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cciesec
ip ospf network point-to-multipoint
frame-relay map ip 195.3.56.3 503 broadcast
frame-relay map ip 195.3.56.6 506 broadcast
no frame-relay inverse-arp
frame-relay lmi-type cisco
crypto ipsec client ezvpn myezvpn
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 500
redistribute ospf 1 metric 150 10000 200 200 1500
network 55.55.55.0 0.0.0.255
network 195.1.5.0
distribute-list 1 out
no auto-summary
!
router ospf 1
router-id 55.55.55.55
log-adjacency-changes
redistribute eigrp 500 metric 150 metric-type 1 subnets
network 195.3.56.0 0.0.0.255 area 100
!
ip http server
no ip http secure-server
ip classless
!
!
!
access-list 1 deny 44.44.44.0 0.0.0.255
access-list 1 permit any
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq ftp
access-list 101 permit udp any any eq domain
access-list 101 deny ip any any log
access-list 102 permit ospf host 195.3.56.3 host 195.3.56.5
access-list 102 permit ospf host 195.3.56.6 host 195.3.56.5
access-list 102 permit udp host 195.3.56.3 host 195.3.56.5 eq ntp
access-list 102 permit icmp any any
access-list 102 permit tcp any host 195.1.5.25 eq www
access-list 102 permit tcp any host 195.1.5.25 eq 443
access-list 102 permit udp host 195.1.114.4 host 195.3.56.5 eq isakmp
access-list 102 permit udp host 195.1.114.4 host 195.3.56.5 eq non500-isakmp
access-list 102 permit esp host 195.1.114.4 host 195.3.56.5
access-list 102 permit ospf host 195.3.56.3 host 224.0.0.9
access-list 102 permit ospf host 195.3.56.3 host 224.0.0.5
access-list 102 permit ospf host 195.3.56.6 host 224.0.0.5
access-list 102 deny ip any any log
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
alias exec wr wr mem
alias exec sip show ip int brie
alias exec sroute show ip route
alias exec sroutee show ip route eigrp
alias exec srouteb show ip route bgp
alias exec srouter show ip route rip
alias exec srouteo show ip route ospf
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
ntp clock-period 17179803
ntp source Serial0/0
ntp server 195.3.56.3
!
end
R5#
************************************************************************
************************************************************************
************************************************************************
R3(config)#do sh run | be r ospf
router ospf 1
router-id 33.33.33.33
log-adjacency-changes
area 0 authentication message-digest
area 100 authentication message-digest
network 33.33.33.0 0.0.0.255 area 100
network 195.1.113.0 0.0.0.255 area 0
network 195.3.56.0 0.0.0.255 area 100
!
R3(config)#do sh run
Building configuration...
Current configuration : 3096 bytes
!
! Last configuration change at 20:38:09 PST Sun Nov 12 2006
! NVRAM config last updated at 21:03:52 PST Sun Nov 12 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
logging queue-limit 100
!
memory-size iomem 10
clock timezone PST -8
ip subnet-zero
!
!
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 33.33.33.33 255.255.255.0
!
interface Loopback100
ip address 100.3.3.3 255.255.255.0
!
interface Loopback101
ip address 113.1.1.1 255.255.255.0
!
interface Loopback102
ip address 113.1.2.1 255.255.255.0
!
interface Loopback103
ip address 113.1.3.1 255.255.255.0
!
interface Loopback104
ip address 113.1.4.1 255.255.255.0
!
interface FastEthernet0/0
ip address 195.1.113.3 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cciesec
duplex auto
speed auto
!
interface Serial0/0
ip address 195.3.56.3 255.255.255.0
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cciesec
ip ospf network point-to-multipoint
ntp broadcast
frame-relay map ip 195.3.56.5 305 broadcast
frame-relay map ip 195.3.56.6 306 broadcast
no frame-relay inverse-arp
frame-relay lmi-type cisco
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 33.33.33.33
log-adjacency-changes
area 0 authentication message-digest
area 100 authentication message-digest
network 33.33.33.0 0.0.0.255 area 100
network 195.1.113.0 0.0.0.255 area 0
network 195.3.56.0 0.0.0.255 area 100
!
router bgp 300
no synchronization
bgp router-id 33.33.33.33
bgp cluster-id 1895891969
bgp log-neighbor-changes
network 100.3.3.0 mask 255.255.255.0
network 113.1.1.0 mask 255.255.255.0
network 113.1.2.0 mask 255.255.255.0
network 113.1.3.0 mask 255.255.255.0
network 113.1.4.0 mask 255.255.255.0
neighbor 172.16.2.2 remote-as 12
neighbor 172.16.2.2 ebgp-multihop 255
neighbor 172.16.2.2 password cciesec
neighbor 195.3.56.6 remote-as 65500
no auto-summary
!
ip local policy route-map denytelnet
no ip http server
no ip http secure-server
ip classless
!
!
!
access-list 8 permit 195.3.56.5
access-list 8 permit 195.3.56.6
access-list 160 permit tcp any eq telnet any
!
route-map denytelnet permit 10
match ip address 160
set interface Null0
!
route-map denytelnet permit 20
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
alias exec wr wr mem
alias exec sip show ip int brie
alias exec sroute show ip route
alias exec sroutee show ip route eigrp
alias exec srouteb show ip route bgp
alias exec srouter show ip route rip
alias exec srouteo show ip route ospf
!
line con 0
exec-timeout 0 0
logging synchronous
transport output rlogin ssh
line aux 0
transport output rlogin ssh
line vty 0 4
password cisco
login
rotary 3
transport output rlogin ssh
!
ntp master 2
!
end
R3(config)#
Thanks
Kal
On 11/13/06, Victor Cappuccio <vcappuccio@desca.com> wrote:
>
> Upps sorry and also the show runn of the OSPF process at the hub and
> spokes
>
>
> Thanks
>
> Sorry for the Spam
>
>
>
>
> ------------------------------
>
> *From:* Victor Cappuccio
> *Sent:* Lunes, 13 de Noviembre de 2006 08:38 p.m.
> *To:* 'Kal Han'
> *Cc:* Cisco certification; ccielab
> *Subject:* RE: ip ospf network point-to-multipoint
>
>
>
> Yes do you mind to show the running of one of the spokes please
>
>
>
>
> ------------------------------
>
> *From:* Kal Han [mailto:calikali2006@gmail.com]
> *Sent:* Lunes, 13 de Noviembre de 2006 08:31 p.m.
> *To:* Victor Cappuccio
> *Cc:* Cisco certification; ccielab
> *Subject:* Re: ip ospf network point-to-multipoint
>
>
>
> Thanks Victor.
>
> I am using the broadcast network... as shown below
>
>
>
> R5#sh run int s0/0
> Building configuration...
>
> Current configuration : 480 bytes
> !
> interface Serial0/0
> ip address 195.3.56.5 255.255.255.0
> ip access-group 102 in
> ip access-group 101 out
> ip inspect idsin in
> ip inspect ids out
> encapsulation frame-relay
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 cciesec
> ip ospf network point-to-multipoint
> frame-relay map ip 195.3.56.3 503 broadcast
> frame-relay map ip 195.3.56.6 506 broadcast
> no frame-relay inverse-arp
> frame-relay lmi-type cisco
> crypto ipsec client ezvpn myezvpn
> end
>
> and if I look at the inbound access-list, you will notice that
>
> both the host-to-host and host-to-ospf_multicast address have hit counts.
>
> Can you please let me know why this is so ?
>
>
>
> R5#sh access-li 102
> Extended IP access list 102
> * 1 permit ospf host 195.3.56.3 host 195.3.56.5 (178 matches)**
> 2 permit ospf host 195.3.56.6 host 195.3.56.5 (204 matches)
> * 5 permit udp host 195.3.56.3 host 195.3.56.5 eq ntp (412 matches)
> 10 permit tcp any host 195.1.5.25 eq www
> 20 permit tcp any host 195.1.5.25 eq 443
> 30 permit udp host 195.1.114.4 host 195.3.56.5 eq isakmp (24 matches)
> 40 permit udp host 195.1.114.4 host 195.3.56.5 eq non500-isakmp
> 50 permit esp host 195.1.114.4 host 195.3.56.5 (32 matches)
> 60 permit ospf host 195.3.56.3 host 224.0.0.9
> * 70 permit ospf host 195.3.56.3 host 224.0.0.5 (477 matches)**
> 80 permit ospf host 195.3.56.6 host 224.0.0.5 (476 matches)
> * 90 deny ip any any log (192 matches)
>
>
>
> Thanks
>
> Kal
>
>
>
> On 11/13/06, *Victor Cappuccio* <vcappuccio@desca.com> wrote:
>
> Hi Kal, this is very well explained in the Internetwork Experts CODs.
>
> Frame-relay is NBMA as you stated, but you can add support to use
> broadcast using the frame-relay map ip x.x.x.x DLCI broadcast if the SP
> Equipment allows that off course.
>
> Now the point-to-multipoint is used to low the number of frame-relay map
> needed at the spokes because this network type would create a /32 of
> every router in the frame-relay cloud
>
> There is a ospf network type named ip ospf point-to-multipoint
> nonbroadcast, that u use when you do not have broadcast capabilities in
> the NBMA Cloud
> (in this case you need to specify the neighbors because you are not
> multicasting (broadcast) traffic out those interfaces)
>
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_feature_
> guide09186a0080087d4e.html#xtocid272779
>
>
> Saludos,
> Victor.-
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On Behalf Of
> Kal Han
> Sent: Lunes, 13 de Noviembre de 2006 08:03 p.m.
> To: Cisco certification; ccielab
> Subject: ip ospf network point-to-multipoint
>
> Hi
> when I use the ip ospf network point-to-multipoint command,
> on a point to multipoint serial interface ,
> will the neighbors talk using multicast ospf messages or
> do they unicast ?
> How will the neighbor relationship come up ?
> I understand this is NBMA but I didnt understand how it will
> use the unicast messages.
> Will it get the neighbor IP based on "frame-relay map ip"
> command we configure ?
> Its just confusing !
>
> Thanks
> Kal
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART