Now, if we make use of the auto-summarization feature on R1, it would tell the other routers that it has the route to 172.16.0.0/16. If there are any other 172.16.0.0 routes anywhere else, it would cause some problems. In some cases, it would also cause EIGRP to improperly load balance across wrong links. Auto-summarization happens on classful boundaries.
To turn off auto-summarization, type:
no auto
To manually summarize, we'll go under the interface, and use the "ip summary-address" command:
in s0/0
ip summary-address eigrp 1 172.30.0.0 255.255.248.0
Summary helps make routers more efficient, and also it prevents unnecessary recalculation for the DUAL algorithm if a network within a summary goes down. Keep in mind that "ip summary-address" would reset neighbors.
When summarizing, make sure that you summarize carefully. In our case, we need to summarize to both R2 and R3. If R3 does not have the summarized routes, it would advertise more specific routes to R2 and R2 would choose to route through R3 instead of directly to R1 to reach the routes behind.
in s0/1
ip summary-address eigrp 1 172.30.0.0 255.255.248.0
EIGRP can load-balance across 4 paths. By default, equal paths are load-balanced, but to load-balance across unequal paths, we can use the "variance" command:
router eigrp 1
variance 2
Variance 2 means that it would load-balance across links of up to 1/2 the metric of the best route. You may have to reset the router process for variance to take place. To do this, we can type:
clear ip eigrp nei
For EIGRP, the load is accurately and fairly load-balanced across the links.
Now we'll deal with EIGRP authentication. EIGRP authentication supports MD5 hashing. EIGRP makes use of a feature-packed and secure method known as the key chain. Key chain allows you to set the keys to use across time ranges. The time ranges of the keys should be overlapping so that it gives the routers some headroom for time differences. During the overlapping period, both keys are accepted. The keys, however, have to be manually entered on all routers. You can set the keys before activating authentication (you can also set the routers to begin authentication in a future time). To set the keys, we'll use:
key chain EIGRP_1
key 0
key-string cisco
accept-lifetime local 5:30:00 Nov 5 2010 5:30:00 Dec 5 2010
send-lifetime local 5:30:00 Nov 5 2010 5:30:00 Dec 5 2010
exit
key 1
key-string cisco2
accept-lifetime local 5:30:00 Dec 4 2010 5:30:00 Jan 5 2010
send-lifetime local 5:30:00 Dec 4 2010 5:30:00 Jan 5 2010
exit
key 2
key-string cisco3
accept-lifetime local 5:30:00 Jan 4 2010 5:30:00 Feb 5 2010
send-lifetime local 5:30:00 Jan 4 2010 5:30:00 Feb 5 2010
In the above example, I used a day of overlapping. To turn on authentication, we'll go under the interface:
in s0/0
ip authen mode eigrp 1 md5
ip authen key eigrp 1 EIGRP_1
We'll need to type this on R2 as well:
key chain EIGRP_1
key 0
key-string cisco
accept-lifetime local 5:30:00 Nov 5 2010 5:30:00 Dec 5 2010
send-lifetime local 5:30:00 Nov 5 2010 5:30:00 Dec 5 2010
exit
key 1
key-string cisco2
accept-lifetime local 5:30:00 Dec 4 2010 5:30:00 Jan 5 2010
send-lifetime local 5:30:00 Dec 4 2010 5:30:00 Jan 5 2010
exit
key 2
key-string cisco3
accept-lifetime local 5:30:00 Jan 4 2010 5:30:00 Feb 5 2010
send-lifetime local 5:30:00 Jan 4 2010 5:30:00 Feb 5 2010
in s0/0
ip authen mode eigrp 1 md5
ip authen key eigrp 1 EIGRP_1
No comments :
Post a Comment