Friday, August 5, 2011

Configuring IPSEC VPN between Linux and Cisco

In this blogtorial we are going to talk about how to configure a IPSEC VPN between a linux machine (CentOS) and a Cisco router. I  had to do this because we installed a Cisco router at a customer site with a DHCP ip Comcast connection. So in-order to get into the Cisco router to do management I created a ipsec vpn tunnel back to one of my Linux machines. I know I could have done dyndns or something else but it was more fun this way :)


Here is my topology and I will post relevant configuration from the Cisco router and the Linux machine. So let's get started.


Thursday, August 4, 2011

Configuring basic OSPFv3

In this blogtorial we are going to talk briefly about OSPFv3. I will not be going into much detail and writing paragraphs explaining the details of OSPFv3 but rather give you a simple "how-to" on configuring OSPFv3. 


We will be using a simple 3 router topology below. So let's get started. 




Objective: 
  • Configure ipv6 address on R1, R2, R3. 
  • Configure loopbacks so the OSPFv3 process can start. 
  • Verify ipv6 connectivity.


Wednesday, August 3, 2011

Configuring OSPF - NSSA (Not-So-Stubby-Areas)

In this blogtorial we are going to talk about OSPF Not-So-Stubby-Area (NSSA). So we learned from my previous blogtorial that we can turn an Area into a stubby area to reduce the size of the database, but what if that Area is also connected to another domain such as an EIGRP? Well that's where NSSA comes in.


We will be building on this topology. Similar to the topology from my previous blogtorial but slightly different. Note that the topology shows more than what we really need so just pay attention to Area 0, Area 1 and eigrp domain 20. Alright let's get started.
Relevant configurations are posted below. 

Configuring OSPF - Totally Stubby Area

In this blogtorial we are going to talk about OSPF Totally Stubby Areas. If an area does not connect to any other areas or if the area is really a spoke then Totally Stubby Areas are the way to go. It will inject a default route and that's it. 


We will be using the same topology from my previous blogtorials. So let's get started. 


Objective: To configure Area 1 as a Totally Stubby Area and see how it affects the routing table of R5 (in Area 1). 


Configuring OSPF - Stub Area

In this blogtorial we are going to talk about OSPF Stub Areas. We can use stubby areas to limit the size of the OSPF database and when you have 100s of routers and 1000s of routes this can be very useful. 


We will be using the same topology from my previous blogtorials. So let's get started. 




Tuesday, August 2, 2011

Configuring OSPF inbound route filtering

In this blogtorial we are going to talk about inbound route filtering meaning we will not take a certain "route". We are going to see 4 different ways of doing it -- prefix lists, route-maps, area filtering (LSA type 3), and area summary not-advertise.


We are building on the topology from my previous blogtorials. So let's get started.



Objective: Filter R5 loopback (172.16.5.0/24) from making it into R4 routing table and allow everything else into R4 routing table. Filter R5 loopback (172.16.5.1/32 which is in Area 1) from making it into Area 0.


Relevant configurations are posted below.

Configuring OSPF Virtual Links w/ GRE tunnels

In this blogtorial we are going to discuss on how to link an OSPF area which is not directly connected to Area 0 using GRE tunnels. Why would you ever want to do this? I don't know :) maybe in the CCIE lab exam. I strongly recommend not using GRE or Virtual links but they do exists for a reason. 


We are going to be building on the topology from my previous blogtorials. So let's get started.



Relevant configurations are posted below but basically all we are doing is creating a GRE tunnel between R5 and R4 and putting the tunnel in Area 0.

Configuring Advanced OSPF - Virtual Links

In this blogtorial we are going to talk about OSPF virtual links. As you already know all areas must connect to area 0. However, if you have an area not connected to area 0 it is possible to use virtua links to accomplish this.


We are going to be building on the topology from my previous blogtorial "Configuring Advanced OSPF". So let's get started.



Relevant configurations are posted below.

Configuring Advanced OSPF

In this blogtorial we are going to talk about OSPF redistribution, authentication, ASBR, and default routes.


OSPF redistribution: We can redistribute networks into OSPF from static, connected, or from other protocols such as EIGRP.


Authenticate: We can configure md5 authentication on OSPF to provide security.


ASBR: Autonomous System Boundary Router -- basically a router which connects to networks using a routing protocol other than OSPF and inject routes into OSPF from those routing protocols.


Overview: We have Area 1 connected to Area 0 and EIGRP AS 10 connected to Area 0 through R2. We will take routes learned through EIGRP and inject them into OSPF and we will also take routes learned from Area 1 and inject them into Area 0 and vice-versa.

We are going to be building on the topology from my previous blogtorial "Configuring Basic OSPF". So let's get started.

Configuring basic OSPF


Brief tutorial on how to configure a single area OSPF with no authentication. 
Overview: 4 routers configured with 4 loopbacks. 




Relevant configurations for R1, R2, R3, R4 are posted below.