Archive for the ‘CISCO’ Category

How to configure IOS on GNS3:http://letusexplain.blogspot.rs/2015/07/cisco-iou-l2-l3-lab-with-gns3-switching.html

 

Inter-VLAN routing is used to route packets between different VLANs.In this example i used Router-on-a-Stick (virtual or logical interfaces-subinterfaces,are used to attach the router to each VLAN

Untitled.png

GATEWAY’s f0/0 interface is used to create subintefaces (logical interface) for VLAN’s 1,100 and 200

ISP:

 

interface Loopback0
ip address 200.200.200.1 255.255.255.0
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
ip route 172.16.0.0 255.255.0.0 192.168.1.1

 

GATEWAY

Created subinterface for VLAN 1,100 and 200

interface FastEthernet0/0.1
description management vlan 1
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0.100
description  vlan 100
encapsulation dot1Q 100
ip address 172.16.100.1 255.255.255.0 !Default gateway for VLAN 100 hosts
!
interface FastEthernet0/0.200
description  vlan 100
encapsulation dot1Q 200
ip address 172.16.200.1 255.255.255.0 !Default gateway for VLAN 200 hosts

 

SW1:

Intefaces E0/0,E0/1 and EO/2 are trunk ports (carry all VLAN’s traffic)

But interfaces E0/1 and E0/2 are aggreggated into one logical interface to provide higher aggregated bandwidth, load balancing, and link redundancy (Channel-group1)

!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
SW1(config)#int range e0/1 - 2
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#channel-group 1 mode desirable
SW1(config)#vtp domain cisco
SW1(config)#int vlan 100
SW1(config)#int vlan 200
SW1(config)#int e0/3
SW1(config-if)#switchport access vlan 100 !assign vlan 100 to port e0/3
SW1(config-if)#switchport mode access
SW1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1 !default route via GATEWAY f0/0.1 subinterface

desirable means try and negotiate with the other side (SW2), and if he agrees, then enable the channel

SW2:

SW2(config)#int range e0/1 - 2
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#channel-group 1 mode desirable
SW2(config)#vtp mode client  ! setting SW2 as VTP client ensures that VLAN's 
SW2(config)#vtp domain cisco !100 and 200 are propagated to SW1 from SW2
SW2(config)#int vlan 200
SW2(config)#int e0/3
SW2(config-if)#switchport access vlan 200 !assign vlan 200 to port e0/3
SW2(config-if)#switchport mode access
SW2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1

PC1 Default gateway is 172.16.100.1 and for PC2 172.16.200.1

 

 

IP SLA tracking

Posted: February 12, 2016 in CISCO

IP SLA generates packets that can be used to  check route availability,and if it fails,we can define and configure specific actions.

Untitled

In this example,we’ll monitor link between R1 and ISP1_DNS_SERVER  and between R1 and web_server.If link between R1 and ISP1_DNS1_SERVER  fails,SLA will detect these changes and it will set new static route to point to R3 router.

R2:

!
interface FastEthernet0/0
ip address 209.165.201.31 255.255.255.0
duplex full
!
interface Serial1/0
ip address 209.165.200.225 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 209.165.202.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 209.165.100.1 255.255.255.0
shutdown
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255
!

R3:

!
interface FastEthernet0/0
ip address 209.165.203.157 255.255.255.0
duplex full
!
interface Serial1/0
ip address 209.165.200.226 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 209.165.202.129 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
ip address 209.165.110.251 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255

R4:

!
interface FastEthernet0/0
ip address 209.165.200.253 255.255.255.0
duplex full
!
interface Serial1/2
ip address 209.165.100.254 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
ip address 209.165.110.254 255.255.255.0
serial restart-delay 0
!
router eigrp 1
network 209.165.0.0 0.0.255.255

Configuring IP SLA

IP SLA will be configured to ping a  IP address on the R2’s s1/1 interface,every 10 seconds (frequency 10).The probe will start now and it will run forever

 

!11 is only locally significant
R1(config)# ip sla 11
ping R2's s1/1 interface
R1(config-ip-sla)# icmp-echo 209.165.201.30
run every 10 seconds
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit
!start now and run forever
R1(config)# ip sla schedule 11 life forever start-time now

Create a second probe to test connectivity between R1 and web_server (209.165.200.254)

R1(config)# ip sla 22
R1(config-ip-sla)# icmp-echo 209.165.200.254
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit
R1(config)# ip sla schedule 22 life forever start-time now

Create static routes which will be used/deleted based on success or failures of IP SLA probes and assign

!route to R2's s1/1 AD 2
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.1 2
!route to R3's s1/1 AD 3
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.129 3

Because AD of 2 209.165.202.1 is default route

R1(config)#do sh ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 209.165.202.1 to network 0.0.0.0

S*    0.0.0.0/0 [2/0] via 209.165.202.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback0
L        192.168.1.1/32 is directly connected, Loopback0
D     209.165.110.0/24 [90/2681856] via 209.165.202.129, 00:23:42, Serial1/1
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
D        209.165.200.0/24
[90/2684416] via 209.165.202.129, 00:23:42, Serial1/1
D        209.165.200.224/30
[90/2681856] via 209.165.202.129, 00:23:42, Serial1/1
[90/2681856] via 209.165.202.1, 00:23:42, Serial1/0

 

Define an object that tracks the SLA probe:

!track the state of the IP SLA operation
R1(config)#track 1 ip sla 11 reachability
!down delay 10 seconds and 1 second of UP delay
!if destination (209.165.201.30) fails immediately
!and comes back in 10 seconds,no impact
R1(config-track)#delay down 10 up 1
R1(config)# track 2 ip sla 22 reachability
R1(config-track)#delay down 10 up 1

Add the track statement to the default routes

!route to R2's s1/1 AD 2
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.1 2 track 11
route to R3's s1/1 AD 3
R1(config)# ip route 0.0.0.0 0.0.0.0 209.165.202.129 3 track 22
R1(config)#do debug ip routing

Simulate R1-ISP1_DNS_SERVER link failure by shutting down R2’s f0/0 interface

R1(config)#
*Feb 12 22:39:59.599: RT: delete route to 209.165.201.0 via 209.165.202.1, eigrp metric [90/2172416]
*Feb 12 22:39:59.599: RT: no routes to 209.165.201.0, delayed flush
*Feb 12 22:39:59.603: RT: delete network route to 209.165.201.0/24
*Feb 12 22:39:59.607: RT: updating eigrp 209.165.201.0/24 (0x0):
via 209.165.202.1 Se1/0  1048578

*Feb 12 22:39:59.611: RT: rib update return code: 5
*Feb 12 22:39:59.615: RT: updating eigrp 209.165.201.0/24 (0x0):
via 209.165.202.129 Se1/1  1048578

*Feb 12 22:39:59.619: RT: rib update return code: 5
R1(config)#
*Feb 12 22:40:15.795: %TRACKING-5-STATE: 1 ip sla 11 reachability Up->Down
*Feb 12 22:40:15.799: RT: del 0.0.0.0 via 209.165.202.1, static metric [2/0]
*Feb 12 22:40:15.799: RT: delete network route to 0.0.0.0/0
*Feb 12 22:40:15.803: RT: default path has been cleared
*Feb 12 22:40:15.807: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.202.129   1048578

*Feb 12 22:40:15.811: RT: add 0.0.0.0/0 via 209.165.202.129, static metric [3/0]
*Feb 12 22:40:15.815: RT: default path is now 0.0.0.0 via 209.165.202.129
*Feb 12 22:40:15.819: RT: updating static 0.0.0.0/0 (0x0):

Tracking changes 1 changes tracking states from up to down,deletes default route

0.0.0.0 0.0.0.0 209.165.202.1,and shortly adds new default route 0.0.0.0 0.0.0.0 209.165.202.129

R1#
*Feb 12 22:40:34.871: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is 209.165.202.129 to network 0.0.0.0

S*    0.0.0.0/0 [3/0] via 209.165.202.129
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback0
L        192.168.1.1/32 is directly connected, Loopback0
D     209.165.110.0/24 [90/2681856] via 209.165.202.129, 00:44:06, Serial1/1
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
D        209.165.200.0/24
[90/2684416] via 209.165.202.129, 00:44:06, Serial1/1
D        209.165.200.224/30
[90/2681856] via 209.165.202.129, 00:44:06, Serial1/1
[90/2681856] via 209.165.202.1, 00:44:06, Serial1/0

R1#trace 209.165.200.254
Type escape sequence to abort.
Tracing the route to 209.165.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.202.129 132 msec 96 msec 8 msec
2 209.165.110.254 168 msec 100 msec 208 msec
3 209.165.200.254 96 msec 88 msec 96 msec

 

R1#sh ip sla stat
IPSLAs Latest Operation Statistics

IPSLA operation id: 11
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 22:48:03 UTC Fri Feb 12 2016
Latest operation return code: Timeout
Number of successes: 116
Number of failures: 67
Operation time to live: Forever

IPSLA operation id: 22
Latest RTT: 72 milliseconds
Latest operation start time: 22:48:00 UTC Fri Feb 12 2016
Latest operation return code: OK
Number of successes: 19
Number of failures: 0
Operation time to live: Forever

Note that IP SLA 11 last return code is Timeout (R1-ISP1_DNS1_SERVER) and

IP SLA 22 returns OK (R1-web_server)

 

Policy Based Routing

Posted: February 8, 2016 in CISCO

Policy Based Routing (PBR) is used to make routing decision based on policy.PBR can be used when we have 2 links to same locations:one with a high bandwidth, low delay and the other a low bandwidth,high delay link.With PBR we can route higher priority traffic over the high bandwidth/low delay link while sending all other traffic over the low bandwidth delay link.

Untitled.png

 

In this example we will configure computers from 10.1.1.0 network to use (higher bandwith) link over R2 to reach 10.1.101. network on the right

R1:

!
interface FastEthernet0/0
ip address 10.1.1.5 255.255.255.0
ip policy route-map r1-s1
duplex full
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.13.1 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255
!

 

R2:

!
interface FastEthernet0/0
ip address 10.1.100.1 255.255.255.248
shutdown
duplex full
!
interface Serial1/0
ip address 10.1.12.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R3:

!
interface FastEthernet0/0
ip address 10.1.100.3 255.255.255.248
duplex full
!
interface FastEthernet2/0
ip address 10.1.101.1 255.255.255.0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R4:

!
interface FastEthernet0/0
ip address 10.1.100.2 255.255.255.248
duplex full
!
interface Serial1/1
ip address 10.1.13.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

Configure ACL:

Access list is needed to tell PBR logic where routing decisions should be made (from 10.1.1.0 to 10.1.101 networks)

R1(config)#access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.101.0 0.0.0.255

Create policy map to match packets defined with access list 101

R1(config)#route-map r1-s1 permit 10
R1(config-route-map)#match ip address 101
!set where packets destined for 10.1.101.0 network should be routed (R2)
R1(config-route-map)#set ip next-hop 10.1.12.2

 

Finally,apply route map to R1 inteface facing source network (f0/0)

R1(config)#int f0/0
R1(config-if)#ip policy route route-map r1-s1
!turn on debugging for access list 101
R1(config)#do debug ip policy 101

 

Ping from PC1 to S1

PC1(config)#do trace 10.1.101.2 source 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.101.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.5 140 msec 136 msec 164 msec
2 10.1.12.2 144 msec 96 msec 64 msec
3 10.1.12.1 92 msec 144 msec 120 msec
4 10.1.13.2 172 msec 128 msec 116 msec
5 10.1.100.3 124 msec 96 msec 76 msec
6 10.1.101.2 188 msec 224 msec 164 msec

We can see that traffic is router over R2 router (10.1.12.2)

Debug output from R1:

*Feb  8 21:22:18.979: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:18.983: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.083: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (Fa
R1#stEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.119: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.291: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.415: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.419: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR

Forwarding Information Base (FIB) contains Layer 3 forwarding information

 

Untitled

 

R1:

!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.48.1 255.255.255.0
!
interface Loopback2
ip address 192.168.49.1 255.255.255.0
!
interface Loopback3
ip address 192.168.50.1 255.255.255.0
!
interface Loopback4
ip address 192.168.51.1 255.255.255.0
!
interface Loopback5
ip address 192.168.70.1 255.255.255.0
!
interface Serial1/0
ip address 172.16.12.1 255.255.255.0
serial restart-delay 0
!
router rip
version 2
network 172.16.0.0
network 192.168.48.0
network 192.168.49.0
network 192.168.50.0
network 192.168.51.0
network 192.168.70.0
no auto-summary

R2:

!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Serial1/0
ip address 172.16.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.23.2 255.255.255.0
!
router ospf 1
network 172.16.23.0 0.0.0.255 area 0
!
router rip
version 2
network 172.16.0.0
no auto-summary

  R3:

 

!
interface Loopback0
ip address 172.16.3.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip address 192.168.20.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback2
ip address 192.168.25.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback3
ip address 192.168.30.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback4
ip address 192.168.35.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback5
ip address 192.168.40.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/1
ip address 172.16.23.3 255.255.255.0
serial restart-delay 0
!
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0

 

Under RIP configuration,redistribute OSPF route

R2 is Autonomous System Border Router (ASBR) because connects RIP (R1) and OSPF (R2) router,so we need on that router to configure redistribution

R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 4

If metric is not specified,it defines infinite metric which causes no routes to be advertised

 

R1(config-router)#do sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

R 192.168.30.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
R 192.168.25.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
R 192.168.40.0/24 [120/4] via 172.16.12.2, 00:00:01, Serial1/0
172.16.0.0/24 is subnetted, 5 subnets
R 172.16.23.0 [120/1] via 172.16.12.2, 00:00:01, Serial1/0
C 172.16.12.0 is directly connected, Serial1/0
C 172.16.1.0 is directly connected, Loopback0
R 172.16.2.0 [120/1] via 172.16.12.2, 00:00:01, Serial1/0
R 172.16.3.0 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
R 192.168.20.0/24 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
C 192.168.51.0/24 is directly connected, Loopback4
C 192.168.50.0/24 is directly connected, Loopback3
R 192.168.35.0/24 [120/4] via 172.16.12.2, 00:00:03, Serial1/0
C 192.168.49.0/24 is directly connected, Loopback2
C 192.168.70.0/24 is directly connected, Loopback5
C 192.168.48.0/24 is directly connected, Loopback1

As we can see from the R1 route table,192.168.20-40 networks are advertised

Uder OSPF configuration,redistribute RIP routes

R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R2(config-router)#default-metric 10000

subnet keyword must be specified,otherwise,RIP only advertised classful routes.

Default metric for all redistributed OSPF routes is 20,setting metric for higher value makes it less preferable to routes redistributed from other routing protocols

R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

C 192.168.30.0/24 is directly connected, Loopback3
C 192.168.25.0/24 is directly connected, Loopback2
C 192.168.40.0/24 is directly connected, Loopback5
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.23.0 is directly connected, Serial1/1
C 172.16.3.0 is directly connected, Loopback0
C 192.168.20.0/24 is directly connected, Loopback1
C 192.168.35.0/24 is directly connected, Loopback4
O E2 192.168.48.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.49.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.50.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.70.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1
O E2 192.168.70.0/24 [110/10000] via 172.16.23.2, 00:00:25, Serial1/1

We can see that routes from RIP are advertised as External routes (E2) with metric 10000 (set as default metric).

E2 means default metric.If there are only one ASBR E2 metric can be used.E2 ignores internal metric when calculating route to network.E1,from other side calculate internal metric (metric to the ASBR router in same area),plus cost to reach specific network.Default metric is E2.To change it to E1 type:

R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets metric-type 1

 

For router R3 to reach ASBR (R2),cost will be 64

R3#sh ip ospf border-routers

OSPF Process 1 internal Routing Table

Codes: i - Intra-area route, I - Inter-area route

i 172.16.2.1 [64] via 172.16.23.2, Serial1/1, ASBR, Area 0, SPF 20

C 192.168.30.0/24 is directly connected, Loopback3
C 192.168.25.0/24 is directly connected, Loopback2
C 192.168.40.0/24 is directly connected, Loopback5
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.23.0 is directly connected, Serial1/1
C 172.16.3.0 is directly connected, Loopback0
C 192.168.20.0/24 is directly connected, Loopback1
C 192.168.35.0/24 is directly connected, Loopback4
O E1 192.168.48.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.49.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.50.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.51.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1
O E1 192.168.70.0/24 [110/10064] via 172.16.23.2, 00:00:25, Serial1/1

Cost is now 10064 (default metric 10000+internal metric 64=10064) and marked as E1

E1 metric is used when there are multiple ASBR’s ,when we want to load-balance between ASBR’s

 

 

OSPF route filtering

Posted: February 1, 2016 in CISCO

Untitled

In this example route 10.16.3.0 from area 0 will be filtered on ARB R1 router,so that route won’t be advertised on R3 router on area 34

R3(config-router)#do sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks

O IA    10.16.3.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0

Route 10.16.3.0 is advertised to R3 via R1,so we must filter that route on R1.

R1:

!
interface FastEthernet0/0
ip address 10.11.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.11.1.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.3.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.1.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.1 255.255.255.252
!
router ospf 1
network 10.11.1.2 0.0.0.0 area 34
network 10.11.3.2 0.0.0.0 area 34
network 10.11.7.1 0.0.0.0 area 0
network 10.11.5.1 0.0.0.0 area 0
network 10.11.6.1 0.0.0.0 area 0
network 10.11.9.1 0.0.0.0 area 0
network 10.12.1.2 0.0.0.0 area 5

 

R2:

 

!
interface FastEthernet0/0
ip address 10.11.8.1 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
!
interface Serial1/0
ip address 10.11.2.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.2.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.2 255.255.255.252
!
router ospf 3
network 10.11.2.2 0.0.0.0 area 34
network 10.11.4.2 0.0.0.0 area 34
network 10.11.5.1 0.0.0.0 area 0
network 10.11.8.1 0.0.0.0 area 0
network 10.11.9.2 0.0.0.0 area 0
network 10.12.2.2 0.0.0.0 area 5

 

R3:

 

!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.11.1.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.2.1 255.255.255.252
!
router ospf 1
network 10.1.1.1 0.0.0.0 area 34
network 10.11.1.1 0.0.0.0 area 34
network 10.11.2.1 0.0.0.0 area 5

R4:

!
interface Serial1/0
ip address 10.11.3.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.1 255.255.255.252
!
router ospf 2
network 10.1.1.2 0.0.0.0 area 34
network 10.11.3.1 0.0.0.0 area 34
network 10.11.4.1 0.0.0.0 area 5

R5:

interface Loopback0
ip address 10.2.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.12.2.1 255.255.255.252
!
interface Serial1/1
ip address 10.12.1.1 255.255.255.252
!
router ospf 2
log-adjacency-changes
network 10.2.1.1 0.0.0.0 area 5
network 10.0.0.0 0.255.255.255 area 5

SW1:

!
interface Loopback0
ip address 10.16.1.1 255.255.255.0
!
interface Loopback1
ip address 10.16.2.1 255.255.255.0
!
interface Loopback2
ip address 10.16.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.11.6.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.1 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
network 10.11.4.0 0.0.3.255 area 0
network 10.16.0.0 0.0.3.255 area 0

SW2:

!
interface FastEthernet0/0
ip address 10.11.8.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
log-adjacency-changes
network 10.11.5.2 0.0.0.0 area 0
network 10.11.7.2 0.0.0.0 area 0
network 10.11.8.2 0.0.0.0 area 0

Create prefix list for subnet we want to exclude from reaching area 34:

R1(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24

Allow all other traffic:

R1(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply filter list incoming (in) in area 34:

R1(config-router)#area 34 filter-list prefix deny_10_16_3 in

This will prevent route 10.16.3.0 reaching all routers in Area 34.

If we want to prevent reaching route to specific router,we need on that router to create prefix list (the same way as in previous example)

R3(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24
R3(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply prefix list using distribute list:

R3(config)#router ospf 1
R3(config)#distribute-list prefix deny_10_16_3 in

R3#sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0

OSPF Virtual Links

Posted: January 30, 2016 in CISCO

Virtual links are used when there are needs to connect backbone area (area 0) and other areas,not directly connected to backbone areas.It happens when backbone area is discontiguous or new area is added to existing ares.

 

Untitled
R1:

!
interface Loopback0
ip address 172.30.30.1 255.255.255.252
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.0
!
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0

 

R2:

!
interface Loopback0
ip address 10.1.2.1 255.255.255.0
!
interface Serial1/0
ip address 10.1.12.2 255.255.255.0
!
interface Serial1/1
ip address 10.1.23.2 255.255.255.0
!
router ospf 1
area 23 virtual-link 192.168.103.1
network 10.1.2.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 23

 

R3:

interface Loopback0
ip address 10.1.3.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback100
ip address 192.168.100.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback101
ip address 192.168.101.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback102
ip address 192.168.102.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback103
ip address 192.168.103.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/1
ip address 10.1.23.3 255.255.255.0
!
router ospf 1
area 23 virtual-link 10.1.2.1
network 10.1.3.0 0.0.0.255 area 23
network 10.1.23.0 0.0.0.255 area 23
network 192.168.100.0 0.0.3.255 area 100

 

Take a look at routing tables on R1 nad R2:

 

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.30.0.0/30 is subnetted, 1 subnets
C       172.30.30.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 4 subnets
C       10.1.12.0 is directly connected, Serial1/0
O IA    10.1.3.0 [110/129] via 10.1.12.2, 00:00:32, Serial1/0
O       10.1.2.0 [110/65] via 10.1.12.2, 00:00:32, Serial1/0
O IA    10.1.23.0 [110/128] via 10.1.12.2, 00:00:32, Serial1/0

R2(config-router)#
*Mar  1 00:45:29.419: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.103.1 on OSPF_VL3 from FULL to DOWN, Neighbor Down: Interface down or detached
R2(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets
C       10.1.12.0 is directly connected, Serial1/0
O       10.1.3.0 [110/65] via 10.1.23.3, 00:14:23, Serial1/1
C       10.1.2.0 is directly connected, Loopback0
C       10.1.23.0 is directly connected, Serial1/1

We can see that routes in Area 100 (192.168.100-103/24) are not shown although are advertised on R3 in OSPF statement.It’s because area 100 is not connects to area 0.Routes on area 23 are not advertised outside that area.

To overcome this issue,we would create virtual link between ABR (R2) and router in area 100 (R3).Prior creating virtual link,we need to identify Router ID on R2 and R3

R2#sh ip ospf
Routing Process "ospf 1" with ID 10.1.2.1

R3(config-router)#do sh ip ospf
Routing Process "ospf 1" with ID 192.168.103.1
R2(config)#router ospf 1
R2(config-router)#area 23 virtual-link 192.168.103.1

R3(config)#router ospf 1
R3(config-router)#area 23 virtual-link 10.1.2.1

 

Again,take a look at routing tables on R1 and R2:

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.30.0.0/30 is subnetted, 1 subnets
C       172.30.30.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 4 subnets
C       10.1.12.0 is directly connected, Serial1/0
O IA    10.1.3.0 [110/129] via 10.1.12.2, 00:00:00, Serial1/0
O       10.1.2.0 [110/65] via 10.1.12.2, 00:00:00, Serial1/0
O IA    10.1.23.0 [110/128] via 10.1.12.2, 00:00:00, Serial1/0
O IA 192.168.102.0/24 [110/129] via 10.1.12.2, 00:00:01, Serial1/0
O IA 192.168.103.0/24 [110/129] via 10.1.12.2, 00:00:01, Serial1/0
O IA 192.168.100.0/24 [110/129] via 10.1.12.2, 00:00:02, Serial1/0
O IA 192.168.101.0/24 [110/129] via 10.1.12.2, 00:00:02, Serial1/0

R2(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets
C       10.1.12.0 is directly connected, Serial1/0
O       10.1.3.0 [110/65] via 10.1.23.3, 00:00:21, Serial1/1
C       10.1.2.0 is directly connected, Loopback0
C       10.1.23.0 is directly connected, Serial1/1
O IA 192.168.102.0/24 [110/65] via 10.1.23.3, 00:00:21, Serial1/1
O IA 192.168.103.0/24 [110/65] via 10.1.23.3, 00:00:21, Serial1/1
O IA 192.168.100.0/24 [110/65] via 10.1.23.3, 00:00:21, Serial1/1
O IA 192.168.101.0/24 [110/65] via 10.1.23.3, 00:00:22, Serial1/1

 

Virtual links,however,add processing overhead and extend backbone area onto routes where they might not belong.

 

Multi-Area OSPF with Stub Areas

Posted: January 29, 2016 in CISCO

In this example i used c3745-advipservicesk9-mz.124-25d.bin,you can download it from here

Untitled.png

 

R1:

!

interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.0
!
router ospf 1
network 10.1.0.0 0.0.255.255 area 0

 

R2:

!
interface Loopback0
ip address 10.1.2.1 255.255.255.0
ip ospf 2 area 0
!
interface Serial1/0
ip address 10.1.12.2 255.255.255.0
ip ospf 2 area 0
!
interface Serial1/1
ip address 10.1.23.2 255.255.255.0
ip ospf 2 area 23

R3

!
interface Loopback0
ip address 10.1.3.1 255.255.255.0
!
interface Loopback1
ip address 172.20.200.1 255.255.255.0
!
interface Serial1/1
ip address 10.1.23.3 255.255.255.0
!
router ospf 3
network 10.1.23.0 0.0.0.255 area 23
network 172.20.200.0 0.0.0.255 area 23

 

Configuring stub area for area 23

Stub areas are used to control injecting external routes (which go through ABR router) into area.In this example R2 is area border router (ABR) because it connects areas O and 23.Stub areas are connected by area <area number> stub command.This command must be executed on ABR and router in related area,otherwise OSPF relationship breaks down.

R2(config)router ospf 2
R2(config-router)#area 23 stub

R2(config)router ospf 3
R3(config-router)#area 23 stub

Area 23 is now stub area which means that this area no longer receives any external route.It receives a default route and OSPF inter area routes

R3(config-router)#do sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 10.1.23.2 to network 0.0.0.0

O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:00:02, Serial1/0
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
O IA 10.1.1.1/32 [110/129] via 10.1.23.2, 00:00:02, Serial1/0
O IA 10.1.2.0/24 [110/65] via 10.1.23.2, 00:00:02, Serial1/0
C 10.1.3.0/24 is directly connected, Loopback0
L 10.1.3.1/32 is directly connected, Loopback0
O IA 10.1.12.0/24 [110/128] via 10.1.23.2, 00:00:02, Serial1/0
C 10.1.23.0/24 is directly connected, Serial1/0
L 10.1.23.3/32 is directly connected, Serial1/0
172.20.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.20.200.0/24 is directly connected, Loopback1

Default route is set to R2’s s1/0 interface (10.1.23.2)

The benefit is that router memory is conserved because router has less routes to handle with.

Totally stubby area alows only a single summary route from backbone area (Area 0).To configure it,command area <area number> no-summary needs to be executed on ABR (R2 in this case)

OSPF database before configuring totally stuby area:

R2(config-router)#do sh ip ospf dat

OSPF Router with ID (10.1.2.1) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 319 0x80000003 0x0062CA 3
10.1.2.1 10.1.2.1 313 0x80000008 0x004DD7 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.1.3.1 10.1.2.1 101 0x80000001 0x00E5F8
10.1.23.0 10.1.2.1 938 0x80000001 0x0009C3
172.20.200.1 10.1.2.1 101 0x80000001 0x003F24

Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 106 0x80000006 0x00258E 2
172.20.200.1 172.20.200.1 106 0x80000004 0x007607 4

Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 180 0x80000001 0x003BF4
10.1.1.1 10.1.2.1 180 0x80000002 0x0018C9
10.1.2.0 10.1.2.1 180 0x80000002 0x00948D
10.1.12.0 10.1.2.1 180 0x80000002 0x009E3A


R3(config-router)#do sh ip ospf dat

OSPF Router with ID (172.20.200.1) (Process ID 2)

Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 168 0x80000006 0x00258E 2
172.20.200.1 172.20.200.1 167 0x80000004 0x007607 4

Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 241 0x80000001 0x003BF4
10.1.1.1 10.1.2.1 241 0x80000002 0x0018C9
10.1.2.0 10.1.2.1 241 0x80000002 0x00948D
10.1.12.0 10.1.2.1 241 0x80000002 0x009E3A

 

R2(config)router ospf 2
R2(config-router)#area 23 stub no summary

We can see now that R2 and R3 has only one,default,summary route.

R2(config)router ospf 2
R2(config-router)#do sh ip ospf dat

OSPF Router with ID (10.1.2.1) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 542 0x80000003 0x0062CA 3
10.1.2.1 10.1.2.1 536 0x80000008 0x004DD7 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.1.3.1 10.1.2.1 324 0x80000001 0x00E5F8
10.1.23.0 10.1.2.1 1162 0x80000001 0x0009C3
172.20.200.1 10.1.2.1 324 0x80000001 0x003F24

Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 329 0x80000006 0x00258E 2
172.20.200.1 172.20.200.1 330 0x80000004 0x007607 4

Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 22 0x80000003 0x0037F6

R3#sh ip ospf dat

OSPF Router with ID (172.20.200.1) (Process ID 2)

Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 341 0x80000006 0x00258E 2
172.20.200.1 172.20.200.1 340 0x80000004 0x007607 4

Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 34 0x80000003 0x0037F6

 

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.23.2 to network 0.0.0.0

172.20.0.0/24 is subnetted, 1 subnets
C 172.20.200.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.3.0 is directly connected, Loopback0
C 10.1.23.0 is directly connected, Serial1/1
O*IA 0.0.0.0/0 [110/65] via 10.1.23.2, 00:35:28, Serial1/1

Routers in the area see default and intra-area routers (routes between areas),this saves router processor times and memory,but drawback is that not optimal routes can be chosen.ARB router is the gateway to the rest of area and is boundary through all LSA’s needs to pass.

Not so stubby area allow routes to be redistributed from ASBR routers into that area which are special LSA types (Type 7),converted to LSA type 5 (known as autonomous system external LSA: The external LSAs are generated by the ASBR) by ABR (R2).To generate an external route into into NSSA,we need to use redistribute connected subnets on R3 router,subnets keyword is used to redistribute classless networks

 

R2(config)router ospf 2 
R2(config-router)#area 23 nssa

R3(config)router ospf 3 
R3(config-router)#area 23 nssa 
R3(config-router)#redistribute connected subnets


R2#sh ip ospf dat

OSPF Router with ID (10.1.2.1) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 123 0x80000005 0x005ECC 3
10.1.2.1 10.1.2.1 263 0x80000006 0x0061C2 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.1.23.0 10.1.2.1 263 0x80000003 0x0005C5
172.20.200.1 10.1.2.1 1818 0x80000002 0x003D25

Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 1818 0x80000006 0x00B2F6 2
172.20.200.1 172.20.200.1 1955 0x80000008 0x004649 3

Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 1567 0x80000002 0x00C066

Type-7 AS External Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Tag
10.1.3.0 172.20.200.1 1956 0x80000002 0x00086A 0

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
10.1.3.0 10.1.2.1 1821 0x80000002 0x005C9C 0

R3#sh ip ospf dat

 OSPF Router with ID (172.20.200.1) (Process ID 3)

 Router Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Link count
10.1.2.1 10.1.2.1 1905 0x80000006 0x00B2F6 2
172.20.200.1 172.20.200.1 48 0x80000009 0x00444A 3

 Summary Net Link States (Area 23)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 10.1.2.1 1654 0x80000002 0x00C066

 Type-7 AS External Link States (Area 23)

Link ID ADV Router Age Seq# Checksum Tag
10.1.3.0 172.20.200.1 48 0x80000003 0x00066B 0

We can see external route,injected in R2 as N2 from R3:

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.20.0.0/32 is subnetted, 1 subnets
O 172.20.200.1 [110/65] via 10.1.23.3, 00:02:23, Serial1/1
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Serial1/0
O N2 10.1.3.0/24 [110/20] via 10.1.23.3, 00:02:23, Serial1/1
C 10.1.2.0/24 is directly connected, Loopback0
O 10.1.1.1/32 [110/65] via 10.1.12.1, 00:03:07, Serial1/0
C 10.1.23.0/24 is directly connected, Serial1/1

Look at routing table on R1:

R1(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.20.0.0/32 is subnetted, 1 subnets
O IA 172.20.200.1 [110/129] via 10.1.12.2, 00:03:12, Serial1/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Serial1/0
O E2 10.1.3.0/24 [110/20] via 10.1.12.2, 00:03:02, Serial1/0
O 10.1.2.1/32 [110/65] via 10.1.12.2, 00:03:45, Serial1/0
C 10.1.1.0/24 is directly connected, Loopback0
O IA 10.1.23.0/24 [110/128] via 10.1.12.2, 00:03:45, Serial1/0

 

Route 10.1.3.0 is now advertised as E2 route becasue R2 transalated type 7 LSA to type 5 LSA