Enter OSPF configuration mode. The 1 is simply the OSPF process ID - a router can run more than one OSPF process if required.
The network statement has two functions and its use varies depending on the function required.
The first use is to enable OSPF on all interfaces which match the given IP address + "wildmask". A wildmask is used in access control lists to select a range of addresses. A "0" bit in the wildmask means the corresponding address bit must match, and a "1" means the corresponding address bit is "don't care". Examples:
network 81.199.108.17 0.0.0.0 area 0 network 81.199.108.98 0.0.0.0 area 0 -- talk OSPF only on those interfaces with these addresses network 81.199.108.192 0.0.0.3 area 0 -- talk OSPF on the serial interface with this address (this is an alternative to the previous examples and has the same functionality) network 81.199.108.0 0.0.0.255 area 0 -- talk OSPF on every interface whose IP address is 81.199.108.X network 0.0.0.0 255.255.255.255 area 0 -- talk OSPF on every interface we have
By talking OSPF on an interface the router will automatically inject the network block used on that interface into OSPF.
Note that it is important that we only talk OSPF to our own networks, never to customers or other ISPs (they could break our network by injecting bad information), so usually it is best just to list the interfaces we want to talk on.
The second use of the network statement is to inject prefixes into OSPF. For this function the network statement must match both the network and the network's mask on that interface. The mask is called an "inverse mask", and is the one's complement of the network mask for the network block. This technique is used to inject prefixes from non-OSPF speaking interfaces into OSPF.
network 81.199.108.192 0.0.0.3 area 0 -- announce the network 81.199.108.192/30 to OSPF network 81.199.108.0 0.0.0.255 area 0 -- announce the network 81.199.108.0/24 to OSPF
Advertise all networks to which we are connected, including those which are not being used to talk to other OSPF routers. The use of this command is not recommended within ISP backbones, but is included here for completeness.
("redistributed connected" by itself only distributes classful routes, i.e. whole class A/B/C networks, so it's important to add "subnets")
Advertise all static routes we have (except defaultroute). The use of this command isn't ordinarily required or recommended. However, there will be circumstances where redistribution of statics into OSPF are required. An example will be shown in the lab.
Advertise a default route into OSPF, with a cost of "n". Typically this would go on your border router(s). Without 'always', the announcement will only be made if the router already has a valid defaultroute from somewhere else (e.g. a static route to a link which is up)
Use MD5 authentication on all OSPF packets
ip ospf cost <n> Set outbound interface cost ip ospf message-digest-key 1 md5 <string> Set MD5 authentication key
A loopback interface is a single (/32) IP address which belongs to a device, independent of its physical interface addresses. It's very convenient when managing routers, because you can use the loopback address as a fixed address to telnet to, or monitor using SNMP, which will continue to work even if one or more of the interfaces has failed.
t2-router1#conf t t2-router1(config)#no router ospf 1 t2-router1(config-if)# [Hit ctrl-Z] t2-router1#write mem
t2-router1#show ip route The only routes you should see are (C)onnected routes for your own interfaces. If you have any (S)tatic routes, delete them like this: t2-router1#conf t t2-router1(config)#no ip route 81.199.108.128 255.255.255.240 81.199.108.254 t2-router1(config-if)# [Hit ctrl-Z] t2-router1#write mem
t2-router1#reload
(Your PC won't be able to ping any other PCs though, because your router doesn't have the routes any more)
You will need to subdivide your assigned network space. You will need one subnet for your desk network, and a /32 for the loopback. (In real life you would have a number of routers, and say a /29 block would be enough for 8 loopbacks). Configure your loopback address into your router.
The example below is for the router belonging to Team A. They have decided to subdivide their address block 81.199.108.80 such that 81.199.108.95/32 is the address of the loopback interface of their router.
t2-router1#conf t t2-router1(config)#int loopback0 t2-router1(config-if)#ip address 81.199.108.95 255.255.255.255 t2-router1(config-if)# [Hit ctrl-Z]
t2-router1#write mem
The initial network topology is the same as for the static routing exercise
We will use a new feature in IOS 12.0 which explicitly disables OSPF on all interfaces except those you nominate.
t2-router1#conf t t2-router1(config)#router ospf 1 t2-router1(config-router)#log-adjacency-changes t2-router1(config-router)#passive-interface default t2-router1(config-router)#no passive-interface e0/0 t2-router1(config-router)#network 81.199.108.0 0.0.0.15 area 0 t2-router1(config-router)#network 81.199.108.95 0.0.0.0 area 0 t2-router1(config-router)#network 81.199.108.80 0.0.0.7 area 0 t2-router1(config-router)# [Hit ctrl-Z]
If you are still using a router with an IOS image prior to 12.0, you cannot use the above passive-interface default but will have to explicitly passive every interface which is not talking OSPF. The above example would then become:
t2-router1(config)#router ospf 1 t2-router1(config-router)#ospf log-adjacency-changes t2-router1(config-router)#passive-interface Loopback0 t2-router1(config-router)#passive-interface e0/1 t2-router1(config-router)#network 81.199.108.1 0.0.0.15 area 0 t2-router1(config-router)#network 81.199.108.95 0.0.0.0 area 0 t2-router1(config-router)#network 81.199.108.80 0.0.0.7 area 0 ...
This configuration can get somewhat unwieldy on a router with a large number of interfaces, hence the new schema introduced in 12.0 is the preferred option to use. (The "workaround" in releases prior to 12.0 was to use redistribute connected subnets and then only list interfaces which spoke OSPF with explicit network statements.)
t2-router1(config)#router ospf 1 t2-router1(config-router)#area 0 authentication message-digest t2-router1(config-router)#int e0/0 (or int e0/1) t2-router1(config-if)#ip ospf message-digest-key 1 md5 t2@afnog t2-router1(config-if)#ip ospf cost 100 t2-router1(config-if)# [Hit ctrl-Z]
In real life you should use an MD5 key which is different from your login, enable and SNMP strings
t2-router1#show ip ospf int t2-router1#show ip ospf neighbor
To interpret the neighbor information:
2WAY = we are neighbors (we have established 2-way exchange of hellos), but neither of us is a designated router FULL = we are neighbors and we exchange routes (one of us is DR or BDR) DR = we are the Designated Router for this network BDR = we are the Backup Designated Router for this network DROTHER = we are neither DR nor BDR
If you see other states, they are intermediate steps on the way to establishing the final relationship, and should change after a few seconds.
DR = BDR =
t2-router1#show ip route
Routes learned through OSPF are tagged with O. Check that the next hop IP address for each route is correct
Also, the far router should also have picked up your route. You can go over to the other desk and ask to see "show ip route"
$ ping 81.199.108.129 ...
Don't type this - it goes on the class border router t2-border-1(config)#router ospf 1 t2-border-1(config-router)#default-information originate metric 100
This should be sufficient to establish connectivity to the outside Internet! Use ping, traceroute etc. to test this
t2-router1#write mem
/etc/resolv.conf
on
your PC
domain ws.afnog.org nameserver 81.199.109.1
You should then be able to ssh/telnet to the outside world.
For safety, at this point you will also store a copy of your router configuration on your Unix PC.
# vi /etc/hosts.allow Add the following lines at or near the top: use your router's IP address tftpd : 81.199.108.81 : allow tftpd : ALL : deny Exit and save # vi /etc/inetd.conf Find the line for tftp. Uncomment it, by removing the # at the front Exit and save # killall -1 inetd # mkdir /tftpboot # touch /tftpboot/t2-config # chmod 666 /tftpboot/t2-config
(Note that the tftp daemon requires a file to already exist, and be publicly writable, before it will allow writes)
t2-router1#copy running-config tftp Address or name of remote host? 81.199.108.82 Destination filename [running-config]? t2-config !! 774 bytes copied in 2.836 seconds (387 bytes/sec) t2-router1#
$ less /tftpboot/t2-config(To return to a saved configuration: do "copy tftp startup-config" to download it into flash, then "reload" to reboot the router).
Above you showed how OSPF can learn routes from the rest of your network, without having to manually insert static routes. Now you can show how OSPF can adapt to topology changes and choose better (lower cost) routes when they are available
t2-router1#conf t t2-router1(config)#int s0/0 (or int s0/1) t2-router1(config-if)#description Serial link to desk B t2-router1(config-if)#ip address 81.199.108.89 255.255.255.252 t2-router1(config-if)#no shutdown
Note: If the remote router does not support HDLC, then you will need to use PPP as the encapsulation.
t2-router1#conf t t2-router1(config)#int s0/0 t2-router1(config-if)#encap ppp
Once this is done on both routers, "show int s0" should show that the Interface is up (layer 1), but Line protocol is down (layer 2).
t2-router1(config-if)#clock rate 64000
This is only because this is a back-to-back cable; normally you would use synchronous modems which generate clock
t2-router1#ping 81.199.108.90
t2-router1#conf t t2-router1(config)#router ospf 1 t2-router1(config-router)#network 81.199.108.88 0.0.0.3 area 0 t2-router1(config-router)#no passive-interface s0/0 (or s0/1) t2-router1(config-router)#int s0/0 (or s0/1) t2-router1(config-if)#ip ospf message-digest-key 1 md5 t2@afnog t2-router1(config-if)#ip ospf cost 500 t2-router1(config-if)# [Hit ctrl-Z]
t2-router1#show ip route
Look carefully at the route to your neighbor's desk network, and your neighbor's router loopback interface, and make a note of it.
Does the desk which had its ethernet unplugged still have connectivity to the Internet? When you traceroute, what route do the packets take?
Look at the routes again. What has happened to the route to your neighbor's desk network, and to their loopback interface?
Check the forwarding table ("show ip route"). Now what do you notice about the route to your neighboring desk's network?
Before finishing this exercise, remove the serial links and reboot the router to get back to the saved configuration.
There are cross ethernet cables available if you wish to try some more complex topologies linking to other desks.