Archive for February, 2016

IP SLA tracking

Posted: February 12, 2016 in CISCO

IP SLA generates packets that can be used to  check route availability,and if it fails,we can define and configure specific actions.

Untitled

In this example,we’ll monitor link between R1 and ISP1_DNS_SERVER  and between R1 and web_server.If link between R1 and ISP1_DNS1_SERVER  fails,SLA will detect these changes and it will set new static route to point to R3 router.

R2:

!
interface FastEthernet0/0
ip address 209.165.201.31 255.255.255.0
duplex full
!
interface Serial1/0
ip address 209.165.200.225 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 209.165.202.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 209.165.100.1 255.255.255.0
shutdown
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255
!

R3:

!
interface FastEthernet0/0
ip address 209.165.203.157 255.255.255.0
duplex full
!
interface Serial1/0
ip address 209.165.200.226 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 209.165.202.129 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
ip address 209.165.110.251 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255

R4:

!
interface FastEthernet0/0
ip address 209.165.200.253 255.255.255.0
duplex full
!
interface Serial1/2
ip address 209.165.100.254 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
ip address 209.165.110.254 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255

Configuring IP SLA

IP SLA will be configured to ping a  IP address on the R2’s s1/1 interface,every 10 seconds (frequency 10).The probe will start now and it will run forever

 

!11 is only locally significant
R1(config)# ip sla 11
ping R2's s1/1 interface
R1(config-ip-sla)# icmp-echo 209.165.201.30
run every 10 seconds
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit
!start now and run forever
R1(config)# ip sla schedule 11 life forever start-time now

Create a second probe to test connectivity between R1 and web_server (209.165.200.254)

R1(config)# ip sla 22
R1(config-ip-sla)# icmp-echo 209.165.200.254
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit
R1(config)# ip sla schedule 22 life forever start-time now

Create static routes which will be used/deleted based on success or failures of IP SLA probes and assign

!route to R2's s1/1 AD 2
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.1 2
!route to R3's s1/1 AD 3
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.129 3

Because AD of 2 209.165.202.1 is default route

R1(config)#do sh ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 209.165.202.1 to network 0.0.0.0

S*    0.0.0.0/0 [2/0] via 209.165.202.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback0
L        192.168.1.1/32 is directly connected, Loopback0
D     209.165.110.0/24 [90/2681856] via 209.165.202.129, 00:23:42, Serial1/1
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
D        209.165.200.0/24
[90/2684416] via 209.165.202.129, 00:23:42, Serial1/1
D        209.165.200.224/30
[90/2681856] via 209.165.202.129, 00:23:42, Serial1/1
[90/2681856] via 209.165.202.1, 00:23:42, Serial1/0

 

Define an object that tracks the SLA probe:

!track the state of the IP SLA operation
R1(config)#track 1 ip sla 11 reachability
!down delay 10 seconds and 1 second of UP delay
!if destination (209.165.201.30) fails immediately
!and comes back in 10 seconds,no impact
R1(config-track)#delay down 10 up 1
R1(config)# track 2 ip sla 22 reachability
R1(config-track)#delay down 10 up 1

Add the track statement to the default routes

!route to R2's s1/1 AD 2
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.1 2 track 11
route to R3's s1/1 AD 3
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.129 3 track 22
R1(config)#do debug ip routing

Simulate R1-ISP1_DNS_SERVER link failure by shutting down R2’s f0/0 interface

R1(config)#
*Feb 12 22:39:59.599: RT: delete route to 209.165.201.0 via 209.165.202.1, eigrp metric [90/2172416]
*Feb 12 22:39:59.599: RT: no routes to 209.165.201.0, delayed flush
*Feb 12 22:39:59.603: RT: delete network route to 209.165.201.0/24
*Feb 12 22:39:59.607: RT: updating eigrp 209.165.201.0/24 (0x0):
via 209.165.202.1 Se1/0  1048578

*Feb 12 22:39:59.611: RT: rib update return code: 5
*Feb 12 22:39:59.615: RT: updating eigrp 209.165.201.0/24 (0x0):
via 209.165.202.129 Se1/1  1048578

*Feb 12 22:39:59.619: RT: rib update return code: 5
R1(config)#
*Feb 12 22:40:15.795: %TRACKING-5-STATE: 1 ip sla 11 reachability Up->Down
*Feb 12 22:40:15.799: RT: del 0.0.0.0 via 209.165.202.1, static metric [2/0]
*Feb 12 22:40:15.799: RT: delete network route to 0.0.0.0/0
*Feb 12 22:40:15.803: RT: default path has been cleared
*Feb 12 22:40:15.807: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.202.129   1048578

*Feb 12 22:40:15.811: RT: add 0.0.0.0/0 via 209.165.202.129, static metric [3/0]
*Feb 12 22:40:15.815: RT: default path is now 0.0.0.0 via 209.165.202.129
*Feb 12 22:40:15.819: RT: updating static 0.0.0.0/0 (0x0):

Tracking changes 1 changes tracking states from up to down,deletes default route

0.0.0.0 0.0.0.0 209.165.202.1,and shortly adds new default route 0.0.0.0 0.0.0.0 209.165.202.129

R1#
*Feb 12 22:40:34.871: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 209.165.202.129 to network 0.0.0.0

S*    0.0.0.0/0 [3/0] via 209.165.202.129
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback0
L        192.168.1.1/32 is directly connected, Loopback0
D     209.165.110.0/24 [90/2681856] via 209.165.202.129, 00:44:06, Serial1/1
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
D        209.165.200.0/24
[90/2684416] via 209.165.202.129, 00:44:06, Serial1/1
D        209.165.200.224/30
[90/2681856] via 209.165.202.129, 00:44:06, Serial1/1
[90/2681856] via 209.165.202.1, 00:44:06, Serial1/0

R1#trace 209.165.200.254
Type escape sequence to abort.
Tracing the route to 209.165.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.202.129 132 msec 96 msec 8 msec
2 209.165.110.254 168 msec 100 msec 208 msec
3 209.165.200.254 96 msec 88 msec 96 msec

 

R1#sh ip sla stat
IPSLAs Latest Operation Statistics

IPSLA operation id: 11
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 22:48:03 UTC Fri Feb 12 2016
Latest operation return code: Timeout
Number of successes: 116
Number of failures: 67
Operation time to live: Forever

IPSLA operation id: 22
Latest RTT: 72 milliseconds
Latest operation start time: 22:48:00 UTC Fri Feb 12 2016
Latest operation return code: OK
Number of successes: 19
Number of failures: 0
Operation time to live: Forever

Note that IP SLA 11 last return code is Timeout (R1-ISP1_DNS1_SERVER) and

IP SLA 22 returns OK (R1-web_server)

 

Advertisements

Policy Based Routing

Posted: February 8, 2016 in CISCO

Policy Based Routing (PBR) is used to make routing decision based on policy.PBR can be used when we have 2 links to same locations:one with a high bandwidth, low delay and the other a low bandwidth,high delay link.With PBR we can route higher priority traffic over the high bandwidth/low delay link while sending all other traffic over the low bandwidth delay link.

Untitled.png

 

In this example we will configure computers from 10.1.1.0 network to use (higher bandwith) link over R2 to reach 10.1.101. network on the right

R1:

!
interface FastEthernet0/0
ip address 10.1.1.5 255.255.255.0
ip policy route-map r1-s1
duplex full
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.13.1 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255
!

 

R2:

!
interface FastEthernet0/0
ip address 10.1.100.1 255.255.255.248
shutdown
duplex full
!
interface Serial1/0
ip address 10.1.12.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R3:

!
interface FastEthernet0/0
ip address 10.1.100.3 255.255.255.248
duplex full
!
interface FastEthernet2/0
ip address 10.1.101.1 255.255.255.0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R4:

!
interface FastEthernet0/0
ip address 10.1.100.2 255.255.255.248
duplex full
!
interface Serial1/1
ip address 10.1.13.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

Configure ACL:

Access list is needed to tell PBR logic where routing decisions should be made (from 10.1.1.0 to 10.1.101 networks)

R1(config)#access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.101.0 0.0.0.255

Create policy map to match packets defined with access list 101

R1(config)#route-map r1-s1 permit 10
R1(config-route-map)#match ip address 101
!set where packets destined for 10.1.101.0 network should be routed (R2)
R1(config-route-map)#set ip next-hop 10.1.12.2

 

Finally,apply route map to R1 inteface facing source network (f0/0)

R1(config)#int f0/0
R1(config-if)#ip policy route route-map r1-s1
!turn on debugging for access list 101
R1(config)#do debug ip policy 101

 

Ping from PC1 to S1

PC1(config)#do trace 10.1.101.2 source 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.101.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.5 140 msec 136 msec 164 msec
2 10.1.12.2 144 msec 96 msec 64 msec
3 10.1.12.1 92 msec 144 msec 120 msec
4 10.1.13.2 172 msec 128 msec 116 msec
5 10.1.100.3 124 msec 96 msec 76 msec
6 10.1.101.2 188 msec 224 msec 164 msec

We can see that traffic is router over R2 router (10.1.12.2)

Debug output from R1:

*Feb  8 21:22:18.979: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:18.983: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.083: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (Fa
R1#stEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.119: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.291: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.415: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.419: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR

Forwarding Information Base (FIB) contains Layer 3 forwarding information

 

Untitled

 

R1:

!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.48.1 255.255.255.0
!
interface Loopback2
ip address 192.168.49.1 255.255.255.0
!
interface Loopback3
ip address 192.168.50.1 255.255.255.0
!
interface Loopback4
ip address 192.168.51.1 255.255.255.0
!
interface Loopback5
ip address 192.168.70.1 255.255.255.0
!
interface Serial1/0
ip address 172.16.12.1 255.255.255.0
serial restart-delay 0
!
router rip
version 2
network 172.16.0.0
network 192.168.48.0
network 192.168.49.0
network 192.168.50.0
network 192.168.51.0
network 192.168.70.0
no auto-summary

R2:

!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Serial1/0
ip address 172.16.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.23.2 255.255.255.0
!
router ospf 1
network 172.16.23.0 0.0.0.255 area 0
!
router rip
version 2
network 172.16.0.0
no auto-summary

  R3:

 

!
interface Loopback0
ip address 172.16.3.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip address 192.168.20.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback2
ip address 192.168.25.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback3
ip address 192.168.30.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback4
ip address 192.168.35.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback5
ip address 192.168.40.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/1
ip address 172.16.23.3 255.255.255.0
serial restart-delay 0
!
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0

 

Under RIP configuration,redistribute OSPF route

R2 is Autonomous System Border Router (ASBR) because connects RIP (R1) and OSPF (R2) router,so we need on that router to configure redistribution

R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 4

If metric is not specified,it defines infinite metric which causes no routes to be advertised

 

R1(config-router)#do sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

R 192.168.30.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
R 192.168.25.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
R 192.168.40.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
172.16.0.0/24 is subnetted, 5 subnets
R 172.16.23.0 [120/1] via 172.16.12.2, 00:00:01, Serial1/0
C 172.16.12.0 is directly connected, Serial1/0
C 172.16.1.0 is directly connected, Loopback0
R 172.16.2.0 [120/1] via 172.16.12.2, 00:00:01, Serial1/0
R 172.16.3.0 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
R 192.168.20.0/24 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
C 192.168.51.0/24 is directly connected, Loopback4
C 192.168.50.0/24 is directly connected, Loopback3
R 192.168.35.0/24 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
C 192.168.49.0/24 is directly connected, Loopback2
C 192.168.70.0/24 is directly connected, Loopback5
C 192.168.48.0/24 is directly connected, Loopback1

As we can see from the R1 route table,192.168.20-40 networks are advertised

Uder OSPF configuration,redistribute RIP routes

R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R2(config-router)#default-metric 10000

subnet keyword must be specified,otherwise,RIP only advertised classful routes.

Default metric for all redistributed OSPF routes is 20,setting metric for higher value makes it less preferable to routes redistributed from other routing protocols

R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Loopback3
C 192.168.25.0/24 is directly connected, Loopback2
C 192.168.40.0/24 is directly connected, Loopback5
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.23.0 is directly connected, Serial1/1
C 172.16.3.0 is directly connected, Loopback0
C 192.168.20.0/24 is directly connected, Loopback1
C 192.168.35.0/24 is directly connected, Loopback4
O E2 192.168.48.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.49.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.50.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.70.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.70.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1

We can see that routes from RIP are advertised as External routes (E2) with metric 10000 (set as default metric).

E2 means default metric.If there are only one ASBR E2 metric can be used.E2 ignores internal metric when calculating route to network.E1,from other side calculate internal metric (metric to the ASBR router in same area),plus cost to reach specific network.Default metric is E2.To change it to E1 type:

R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets metric-type 1

 

For router R3 to reach ASBR (R2),cost will be 64

R3#sh ip ospf border-routers

OSPF Process 1 internal Routing Table

Codes: i - Intra-area route, I - Inter-area route

i 172.16.2.1 [64] via 172.16.23.2, Serial1/1, ASBR, Area 0, SPF 20

C 192.168.30.0/24 is directly connected, Loopback3
C 192.168.25.0/24 is directly connected, Loopback2
C 192.168.40.0/24 is directly connected, Loopback5
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.23.0 is directly connected, Serial1/1
C 172.16.3.0 is directly connected, Loopback0
C 192.168.20.0/24 is directly connected, Loopback1
C 192.168.35.0/24 is directly connected, Loopback4
O E1 192.168.48.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.49.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.50.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.51.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.70.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1

Cost is now 10064 (default metric 10000+internal metric 64=10064) and marked as E1

E1 metric is used when there are multiple ASBR’s ,when we want to load-balance between ASBR’s

 

 

OSPF route filtering

Posted: February 1, 2016 in CISCO

Untitled

In this example route 10.16.3.0 from area 0 will be filtered on ARB R1 router,so that route won’t be advertised on R3 router on area 34

R3(config-router)#do sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks

O IA    10.16.3.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0

Route 10.16.3.0 is advertised to R3 via R1,so we must filter that route on R1.

R1:

!
interface FastEthernet0/0
ip address 10.11.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.11.1.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.3.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.1.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.1 255.255.255.252
!
router ospf 1
network 10.11.1.2 0.0.0.0 area 34
network 10.11.3.2 0.0.0.0 area 34
network 10.11.7.1 0.0.0.0 area 0
network 10.11.5.1 0.0.0.0 area 0
network 10.11.6.1 0.0.0.0 area 0
network 10.11.9.1 0.0.0.0 area 0
network 10.12.1.2 0.0.0.0 area 5

 

R2:

 

!
interface FastEthernet0/0
ip address 10.11.8.1 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
!
interface Serial1/0
ip address 10.11.2.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.2.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.2 255.255.255.252
!
router ospf 3
network 10.11.2.2 0.0.0.0 area 34
network 10.11.4.2 0.0.0.0 area 34
network 10.11.5.1 0.0.0.0 area 0
network 10.11.8.1 0.0.0.0 area 0
network 10.11.9.2 0.0.0.0 area 0
network 10.12.2.2 0.0.0.0 area 5

 

R3:

 

!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.11.1.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.2.1 255.255.255.252
!
router ospf 1
network 10.1.1.1 0.0.0.0 area 34
network 10.11.1.1 0.0.0.0 area 34
network 10.11.2.1 0.0.0.0 area 5

R4:

!
interface Serial1/0
ip address 10.11.3.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.1 255.255.255.252
!
router ospf 2
network 10.1.1.2 0.0.0.0 area 34
network 10.11.3.1 0.0.0.0 area 34
network 10.11.4.1 0.0.0.0 area 5

R5:

interface Loopback0
ip address 10.2.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.12.2.1 255.255.255.252
!
interface Serial1/1
ip address 10.12.1.1 255.255.255.252
!
router ospf 2
log-adjacency-changes
network 10.2.1.1 0.0.0.0 area 5
network 10.0.0.0 0.255.255.255 area 5

SW1:

!
interface Loopback0
ip address 10.16.1.1 255.255.255.0
!
interface Loopback1
ip address 10.16.2.1 255.255.255.0
!
interface Loopback2
ip address 10.16.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.11.6.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.1 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
network 10.11.4.0 0.0.3.255 area 0
network 10.16.0.0 0.0.3.255 area 0

SW2:

!
interface FastEthernet0/0
ip address 10.11.8.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
log-adjacency-changes
network 10.11.5.2 0.0.0.0 area 0
network 10.11.7.2 0.0.0.0 area 0
network 10.11.8.2 0.0.0.0 area 0

Create prefix list for subnet we want to exclude from reaching area 34:

R1(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24

Allow all other traffic:

R1(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply filter list incoming (in) in area 34:

R1(config-router)#area 34 filter-list prefix deny_10_16_3 in

This will prevent route 10.16.3.0 reaching all routers in Area 34.

If we want to prevent reaching route to specific router,we need on that router to create prefix list (the same way as in previous example)

R3(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24
R3(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply prefix list using distribute list:

R3(config)#router ospf 1
R3(config)#distribute-list prefix deny_10_16_3 in

R3#sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0