GNS: OSPF Multi Area
A lot of people did like the early project: GNS: Routing redistribution example, so I decied to do another project, this one about OSPF Multi Area, subject suggested by a user at Linked In. Just like the previous project this subject is very important for those whishing todo the 642-901 (BSCI) test. A better understanding about stub areas, not so stub areas and virtual links are the main point of this project.
This is the scenary:
- Area 0: R1 and R2 (Area backbone)
- Area 1: R2 and R3 (Area configured as virtual link)
- Area 2: R3 and R4 (Area connected to ISP and nssa)
- Area 3: R1 and R5 (Area totally stub)
GNS: Route redistribution example
Nowadays I'm Cisco CCNA, and I plan to take the CCNP certification during this year. The first test I decided to do is the BSCI. A important topic for this test is route redistribution, so I made this GNS Project to explore some aspects of this feature, and I would like to share with anyone interested.
This is the scenario:
- Routers running RIP: R1, R2, R4 and R5
- Routers running OSPF (Area 0): R1, R3 and R5
- R1 has both routing protocols and it is the responsible to redistribute they.
- R4 and R5 are interconnected through RIP too, and the default behavior of R5 is try to reach R4's networks through OSPF routes (longer path), because OSPF has a better administrative distance than RIP.
Cisco IOS configuration management using SCP
SCP is a powerfull featured introduced in IOS 12.2(2)T which allows administrators to securely transfer files to and from routers. Beside the file transfering through encrypted connections we can also authenticate accesses on the router.
It's easy to deploy, easy to use and Cisco recommends to use in the Guide to Harden Cisco IOS Devices, so why do not use it?
It relays on SSH and AAA, so both features have to be enabled on the device:
Router(config)#hostname MRXROUTER
MRXROUTER(config)#crypto key generate rsa general-keys modulus 512
% The key modulus size is 512 bits % Generating 512 bit RSA keys, keys will be non-exportable...[OK]
MRXROUTER(config)#
MRXROUTER(config)#aaa new-model
MRXROUTER(config)#aaa authentication login default local
MRXROUTER(config)#aaa authorization exec default local
In order to use scp to manage configuration we must have an user account with enough privileges to access it:
MRXROUTER(config)#
MRXROUTER(config)#username admin privilege 15 secret 0 topsecret
Finally, we can turn the scp server on:
MRXROUTER(config)#ip scp server enable
On the client side we can use an utility such as pscp from PuTTY suite (windows) or the native scp client on Linux, to interact with our SCP server – the router!
C:\>pscp.exe PuTTY Secure Copy client Release 0.59
Usage: pscp [options] [user@]host:source target
pscp [options] source [/source] [user@]host:target
pscp [options] -ls [user@]host:filespec
For example, we can download the startup-config and put it on a directory (a backup?):
C:\>pscp.exe admin@192.168.0.42:nvram:startup-config C:\MyConfigs\MRXROUTER.cfg
admin@192.168.0.42's password: MRXROUTER.cfg | 0 kB | 0.6 kB/s | ETA: 00:00:00 | 100%
C:\>
It's already time to left tftp rest in peace
References
Cisco.com: Cisco Guide to Harden Cisco IOS Devices
Cisco.com: Cisco Secure Copy (SCP) Feature Guide – 12.2T
PuTTY: A Free Telnet/SSH Client
About me
My name is André and I'm 27 years old. I've been working in various areas of IT in the last years and this blog is about the most interesting things I found into my day after day... See more
here.
Find me on
Read in
Categories
- BSD (1)
- Cisco (3)
- GNS (2)
- London (2)
- Networking (3)
- Sem categoria (2)
- Solaris (1)