We will stick with the same old Topology to finish EIGRP review off, I have one more article after this, then I really need to double time some other topics before exam day to freshen up the ol’ steel trap!
Now a couple of things that separates “Original mode” from “Named mode” EIGRP is:
- It is a newer flavor of EIGRP, created from what I can tell to keep all EIGRP configs in one spot, also with the idea of starting to use “instances” instead of right to the AS
- It uses address families, which is a logical grouping of prefixes, which with EIGRP it is grouped actually by AS
So this new and improved “Named Mode” EIGRP from what I can tell is a step in the right direction for Routing Protocols, breaking EIGRP down into processes like OSPF so more than one can run concurrently on the same router, then the “address-family” command for EIGRP will define the AS # and this is where you add your networks and what I call your ‘Utility’ command like “no auto” and “variance” all under one Umbrella.
** One commonality I see about address families among all routing protocols (but not worked with just yet) is that they define a group of Prefixes under one logical Umbrella**
One thing it really does well other than prepare networking for the next step in virtual routing by separating not only routing with VRF, but now breaking up the other major Protocol into separate routing instances or processes, it now keeps ALL EIGRP configurations under one EIGRP config in the show run.
For example, setting authentication and summary-addresses in the EIGRP configuration rather than on the interface itself, however you do still need to define the interface within EIGRP.
That being said and saying how great it is, along with this address-family stuff, when working with IPv6 routing protocols will still be configured directly on the interface (for now) even though you will see an IPv6 option in there.
So I learned it better I think seeing it visually configured on live equipment, so here we go, I’ll see if I can neighbor up with my other non-Named Mode spokes R2 and R3:
R1(config)#router eigrp CCNP
R1(config-router)#address-family ?
ipv4 Address family IPv4
ipv6 Address family IPv6
R1(config-router)#address-family ipv4 ?
autonomous-system Specify Address-Family Autonomous System Number
multicast Address Family Multicast
unicast Address Family Unicast
vrf Specify a specific virtual routing/forwarding instance
R1(config-router)#address-family ipv4 autonomous-system ?
Autonomous System
R1(config-router)#address-family ipv4 autonomous-system 100
So let’s start at the beginning, with the “router eigrp CCNP” command, I just want to clarify this is exactly like defining an OSPF process and just separates and allows for multiples AS’s to be running concurrently on a single router. *high five Cisco*
So the next line, is defining an Autonomous-System with the “address-family” command. I went ? by ? to show the modifiers, as said IPv6 will still make you configure EIGRP (and all routing protocols on the interface anyways), so I won’t be getting into that in this post.
Next you can see “autonomous-system / multicast / unicast / vrf” as modifiers after you pick your IP version, of course the autonomous-system drops you right into the network configuration portion of it, and as it’s default is “Unicast” you can but don’t have to define it whereas you can also define Multicast traffic which is beyond the scope of the CCNP exam.
Finally there is also a VRF option in there I wanted to touch on quick in configuration example:
R1(config-router)#address-family ipv4 vrf ?
WORD Virtual Routing/Forwarding instance name
R1(config-router)#address-family ipv4 vrf GREEN ?
autonomous-system Specify Address-Family Autonomous System Number
R1(config-router)#address-family ipv4 vrf GREEN au
R1(config-router)#address-family ipv4 vrf GREEN autonomous-system ?
Autonomous System
R1(config-router)#address-family ipv4 vrf GREEN autonomous-system 150 ?
So you can also define which VRF instance is going to be attached to this address-family’s autonomous-system number, which I didn’t create but I wanted you to be aware of in case there is some sort of Easy Virtual Network (EVN) question which uses VRF and Address-Families for configuration – It is present in Named Mode!
Now, lets take a look at the “address-family” configuration prompt and our options:
R1(config-router-af)#?
Address Family configuration commands:
af-interface Enter Address Family interface configuration
default Set a command to its defaults
eigrp EIGRP Address Family specific commands
exit-address-family Exit Address Family configuration mode
help Description of the interactive help system
maximum-prefix Maximum number of prefixes acceptable in aggregate
metric Modify metrics and parameters for advertisement
neighbor Specify an IPv4 neighbor router
network Enable routing on an IP network
no Negate a command or set its defaults
shutdown Shutdown address family
timers Adjust peering based timers
topology Topology configuration mode
R1(config-router-af)#network 172.12.123.0 0.0.0.255
R1(config-router-af)#
*May 16 04:29:45.439: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is up: new adjacency
*May 16 04:29:45.459: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is up: new adjacency
R1(config-router-af)#do sh ip eigrp nei
EIGRP-IPv4 VR(CCNP) Address-Family Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.12.123.2 Se0/0/0 168 00:00:14 1264 5000 0 7
0 172.12.123.3 Se0/0/0 168 00:00:14 1042 5000 0 8
R1(config-router-af)#
Before I get into my WTF is that highlighted in Green, I highlighted in red a few things we’d normally see in the configuration for EIGRP, and in blue are two sub-configuration modes within address-family we need to know about and are coming up here shortly.
First of all, I want to note this is where you through in your network statements for the AS, as you can see I put in the NBMA’s address (which spokes are using Original Mode) and the Adjacencies came right up showing it’s backward compatibility which is cool since I will not be configured Named Mode on my spoke routers because I am a slacker.
Now since when do we get a Help option in any modifier output EVER with Cisco?? I have to see what this looks like:
R1(config-router-af)#help ?
R1(config-router-af)#help
Help may be requested at any point in a command by entering
a question mark ‘?’. If nothing matches, the help list will
be empty and you must backup until entering a ‘?’ shows the
available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. ‘show ?’) and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
and you want to know what arguments match the input
(e.g. ‘show pr?’.)
R1(config-router-af)#
That is just absolutely hilarious to me. EVERY student from back when I was a young punk studying for my CCNA up to now when I’m an old punk studying for my CCNP, that has always been used in both the context of seeing modifiers after a word but also during a word to observe auth? can mean authorization or authentication so keep typing that command for the router to understand what you’re getting at.
It just seems like an ancient command that should no longer be in the IOS, however the first time I noticed it is under address-family mode, that just cracked me up.
Moving on beyond what makes Cisco IT nerds laugh, notice that your general neighbor and network type statements are in the “address-family” configuration mode which can be identified by the little “-af” on the end of the prompt, as well as as timers – In fact lets bring that down again:
R1(config-router-af)#?
Address Family configuration commands:
af-interface Enter Address Family interface configuration
default Set a command to its defaults
eigrp EIGRP Address Family specific commands
exit-address-family Exit Address Family configuration mode
help Description of the interactive help system
maximum-prefix Maximum number of prefixes acceptable in aggregate
metric Modify metrics and parameters for advertisement
neighbor Specify an IPv4 neighbor router
network Enable routing on an IP network
no Negate a command or set its defaults
shutdown Shutdown address family
timers Adjust peering based timers
topology Topology configuration mode
You can configure network statements here (which I did and immediately brought up my non-Named mode EIGRP neighbors), neighbor statements to configure static neighbors, adjust timers as well as a new command “shutdown” which actually would shut down this address family within the CCNP process we configured with “router eigrp CCNP” if we wanted a different one to run.
Now we have the commands in blue highlighted from the output, and these will be our sub-menus to configure. I think the top one is pretty self explanatory, that is where you can configure the commands that used to go on the interface within our EIGRP AF, whereas the Topology one is a bit less vague so lets take a look:
R1(config-router-af)#topology ?
base Base Topology
R1(config-router-af)#topology base ?
R1(config-router-af)#topology base
R1(config-router-af-topology)#
Well that didn’t give much option or modifiers… I like it! As can be seen it drops us into the next sub-menu down in the configuration, “… -af-topology#” in the address-family configuration, and this is where I say the ‘Utility’ commands for EIGRP are entered (probably a better name to describe them that is escaping me). Lets take a look:
R1(config-router-af-topology)#?
Address Family Topology configuration commands:
auto-summary Enable automatic network number summarization
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter entries in eigrp updates
eigrp EIGRP specific commands
exit-af-topology Exit from Address Family Topology configuration mode
maximum-paths Forward packets over multiple paths
metric Modify metrics and parameters for advertisement
no Negate a command or set its defaults
offset-list Add or subtract offset from EIGRP metrics
redistribute Redistribute IPv4 routes from another routing protocol
snmp Modify snmp parameters
summary-metric Specify summary to apply metric/filtering
timers Adjust topology specific timers
traffic-share How to compute traffic share over alternate paths
variance Control load balancing variance
I won’t name them but highlighted in red what I call the ‘Utility’ commands for EIGRP, anything that changes its behaviors on the local router (and beyond), however there is another segment I’ve highlight in a nice pretty pink through the configuration to exit the address family mode whether its “exit-address-family” in that mode or “exit-af-topology” that you are supposed to use to exit the mode.
I’ve seen just regular exits done and it works all the same, but on exam day, got with the IOS and use the exit-address-family / etc commands to back out to Named Mode main configuration prompt.
So you can see from the above list we have offset-list to add Metric weight, our Redistribution is done here (and setting default Metrics for redistributed routes), our distribute-list for Route Filtering, Variance for Unequal Cost load balancing, Max Paths to increase or disable load sharing, distance to change the local AD’s of EIGRP routes, etc.
So that is that. Now, lets check out the other more obvious mode I had highlighted in blue, interface configuration mode in address family:
R1(config-router-af)#af-interface s0/0/0 ?
<cr>
R1(config-router-af)#af-interface s0/0/0
R1(config-router-af-interface)#
I spared the output of a ? after af-interface because it just listed all possible interfaces, however once you enter one the command stops there.
So lets look at what we have available here in this sub-configuration mode of AF:
R1(config-router-af-interface)#?
Address Family Interfaces configuration commands:
authentication authentication subcommands
bandwidth-percent Set percentage of bandwidth percentage limit
bfd Enable Bidirectional Forwarding Detection
dampening-change Percent interface metric must change to cause update
dampening-interval Time in seconds to check interface metrics
default Set a command to its defaults
exit-af-interface Exit from Address Family Interface configuration mode
hello-interval Configures hello interval
hold-time Configures hold time
next-hop-self Configures EIGRP next-hop-self
no Negate a command or set its defaults
passive-interface Suppress address updates on an interface
shutdown Disable Address-Family on interface
split-horizon Perform split horizon
summary-address Perform address summarization
R1(config-router-af-interface)#
So everything we would expect to see on EIGRP configuration on the interface, however it hiding one ‘Utility’ command that has always been configured in EIGRP router config, that is now hiding in AF-interface configuration mode – “passive-interface”.
I find it hard to believe Cisco would make admins do passive-interface by passive-interface and take our default command away, so we can passive them all and no passive the ones we don’t need to suppress EIGRP traffic on.
So lets take a look at this passive-interface command and see if we still have “default” :
R1(config-router-af-interface)#passive-interface ?
<cr>
R1(config-router-af-interface)#passive-interface
Now I get this configuration behavior due to interfaces probably being in different address-family configurations or VRF instances, however this should be a major consideration when deploying Named EIGRP on something like a 48-Port switch or 3 of them stacked giving you 146 ports, which you may only need a few interfaces not being suppressed.
So keep that in mind, not only that passive-interface is now in the “af-interface” configuration sub-menu, but that with Named EIGRP you are doing it interface by interface, both very important details for exam day!
One thing I want to check out quick with EIGRP is the Authentication command, and what it includes, because in “Original Mode” you configure a key chain in global configuration, but then turn authentication on and define the key-string on the interface:
R1(config-router-af-interface)#authentication ?
key-chain key-chain
mode authentication mode
R1(config-router-af-interface)#authentication key-chain ?
WORD name of key-chain
R1(config-router-af-interface)#authentication key-chain Test
R1(config-router-af-interface)#authentication mode ?
md5 Keyed message digest
R1(config-router-af-interface)#authentication mode md5 ?
<cr>
R1(config-router-af-interface)#authentication mode md5
R1(config-router-af-interface)#
*May 16 06:12:45.915: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is down: authentication mode changed
*May 16 06:12:45.915: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is down: authentication mode changed
R1(config-router-af-interface)#
Well, it dropped our Adjacency again immediately NOT after defining the key-chain, but after turning on authentication, so lets go to R2 and R3 to turn it on AFTER defining that Key Chain called Test it is calling out.
I do like that it’s so simple to turn on, authentication mode md5 and your done, that is pretty sweet, even though I wish they would have added key chain config in here as well but we will probably see that some day.
***Before we segway into a trip down Authentication Lane, I wanted to post the verification command for IP EIGRP Named Mode and where to find the name***
R1#sh ip proto
*** IP Routing is NSF aware ***
Routing Protocol is “eigrp 100”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: eigrp 100
EIGRP-IPv4 VR(CCNP) Address-Family Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 100.100.100.2
Shows the IP Version #, the Process Name configured for that Address-Family that is configured to AS100, everything can be verified from that one command as seen.
WARNING: We are getting into a quick EIGRP Authentication Review now (quickly)!
So lets gets to it:
R1
R1(config-router-af-interface)#exit-af-interface
R1(config-router-af)#exit-address-family
R1(config-router)#exit
R1(config)#key chain Test
R1(config-keychain)#key 1
R1(config-keychain-key)#?
Key-chain key configuration commands:
accept-lifetime Set accept lifetime of key
default Set a command to its defaults
exit Exit from key-chain key configuration mode
key-string Set key string
no Negate a command or set its defaults
send-lifetime Set send lifetime of key
R1(config-keychain-key)#key-string CCIE
R1(config-keychain-key)#^Z
R1#wr
Building configuration…
*May 16 06:18:11.115: %SYS-5-CONFIG_I: Configured from console by console[OK]
R1#
R1#
R2
R2(config)#key chain Test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CCIE
R2(config-keychain-key)#int s0/0
R2(config-if)#ip eigrp authen
R2(config-if)#ip eigrp authent
R2(config-if)#eigrp authen
R2(config-if)#eigrp authent
R2(config-if)#ip eigrp ?
% Unrecognized command
R2(config-if)#eigrp ?
% Unrecognized command
R2(config-if)#ip authentication ?
key-chain key-chain
mode mode
R2(config-if)#ip authentication mode ?
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
R2(config-if)#ip authentication mode eigrp ?
<1-65535> Autonomous system number
R2(config-if)#ip authentication mode eigrp 100 ?
md5 Keyed message digest
R2(config-if)#ip authentication mode eigrp 100 md5 ?
<cr>
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain ?
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
R2(config-if)#ip authentication key-chain eigrp 100 ?
WORD name of key-chain
R2(config-if)#ip authentication key-chain eigrp 100 Test ?
<cr>
R2(config-if)#ip authentication key-chain eigrp 100 Test
R2(config-if)#
*Mar 31 02:18:53.817: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/0) is up: new adjacency
R2(config-if)#
I left all my previous derps in there to illustrate, IT DOES NOT START WITH “eigrp” OR “ip eigrp …” ON THE INTERFACE! It is “ip authentication …” in fact, here is a break down of each command bull point style for reference:
- Below are in Global Configuration:
- key chain (word) – Case Sensitive
- key # – Can be several keys or just 1
- key-string (word) – Case Sensitive
- Below are in Interface Configuration:
- ip authentication mode eigrp (AS #) md5
- ip authentication key-chain eigrp (AS #) (word) – Key Chain name (first command)
A couple things to note with this, beginning with the two references to key chain / key-chain from the global config level to the interface level, in global configuration it DOES NOT have a hyphen, but when referencing on the interface it DOES have a hyphen.
It’s kind of a weird little gotcha, but with odd syntax like that to setup authentication which a CCNP should know, its just begging for a Gotcha question!
Also, notice that EIGRP DOES NOT support clear text, or anything outside of MD5 actually.
Another gotcha for exam day, so don’t let that catch you off guard, EIGRP only supports MD5 Authentication, which can be configured in different ways and still work between neighbors just like OSPF authentication can be turned on in OSPF config then key defined on the interface, where another router both can be configured on the interface and they will still Authenticate if they are in the same Area.
One last dad lecture note, EIGRP Authentication should always be turned on, so if someone with a packet sniffer hits the network or plugs in a rogue EIGRP device they can not form a neighbor relationship with our network to goof it up.
EIGRP Path Manipulation Methods
I know its been a long post, it’s almost 1am, and I’m getting mentally exhausted – Fortunately Path Manipulation is pretty easy as it uses the mechanisms we already learned like distribute-list’s and such.
Lets assume behind R2 and R3 spoke routers is 100 routes, and R2 from the Topology above is a slow Serial-Link, and R3 is a FastEthernet link that is MUCH faster.
In fact lets bring that image down here:
A couple of things we can do is create a Prefix-List that captures a smaller chunk of that address space that R1 will know about via a distribute-list using the prefix-list “le # gr #” which I would configure on the spoke routers EIGRP configuration with the direction “out” as R1 will have both of these Routers coming in on S0/0/0.
Another method is to use a Summary-Address on both spoke routers, with the slower link advertising a Summary-Address for a smaller chunk of all Summary addresses with the faster link taking the larger chunk of the networks via a Summary-Address.
I am too fried at this point to go into examples of this, but I wanted to get this juices flowing of IF you are asked to perform Path manipulation from being doing, what can we use that we already know to help us accomplish the task?
And that is it for EIGRP – Lets move onto another CCNP Topic shall we! 🙂
The DEVNET GRIND! 