Showing posts with label ip. Show all posts
Showing posts with label ip. Show all posts

Wednesday, December 16, 2009

Abusing VLANs With BackTrack

In this post I'm going to have a little fun with VLANs. As I've been studying for the CCNA cert I've been reading how great VLANs are, so in this post i'm going to have a little fun with some really cool tools from the Backtrack distro. My aim is to demonstrate why simlpy placing hosts in a seperate VLAN might sometimes not be enough if you really don't want anyone to have access to them. Let's get started.

Tools
BackTrack
Yersinia
vconfig
Wireshark
Nmap

I start off by connecting to the LAN and getting a network address

dhclient eth0



I can see that I'm attached to the network 10.0.1.0/24

Next I fire up wireshark and check the network for DTP (Dynamic Trunking Protocol) frames and CDP (Cisco Discovery Protocol) frames.



I can see that I have both CDP and DTP frames present.

Now I want to tell the switch that my port is a trunk port, for this I'll use Yersinia and tell it to look at DTP.

yersinia -I



After I see DTP frames appear in Yersinia I launch the attack to configure the port for trunking.



Now I need to know the VLAN number that other networks are on. Before launching Yersinia I could only see traffic from my own network (10.0.1.0/24), now I can start to see traffic from hosts on another network (192.168.2.2).



Looking at the 802.1Q information in the frame I can see that the other network is on VLAN 2.



With this information I'll create a new interface in the new network and configure vconfig to tag the frames for VLAN2.

vconfig add eth0 2
ifconfig eth0.2 up
ifconfig eth0.2 192.168.2.200/24
ifconfig



Now I check I can ping the host I saw with Wireshark and I have a quick look at it's ports with Nmap.

ping -c 2 192.168.2.2
nmap 192.168.2.2




Great, I have plenty here to play with, and on port 80 ...........




Okay obviously this was staged but hopefully it illustrates two things. VLANs can be abused and Yersinia rocks!!!!!!!!!
p0st3d by : at
Label: , , , , , , ,

Discovering Devices with CDP

I touched on CDP briefly in a previous post, but here I'll talk a little more about why CDP is so great and how it can be used to help map and manage your network.

CDP stands for Cisco Discovery Protocol and is basically where your switch or router broadcasts a packet out of every interface stating some information about itself. This information includes:

  • IP Address
  • Port number
  • Port type
  • Device name
  • Device hardware
  • IOS version
  • Port speed
  • Duplex settings
  • Vlan information

That's right, all this really useful information gets thrown out of every port every minute by default and most of us just ignore it. Well if your a Cisco device you don't. If your a Cisco device you'll take that information and keep it in memory and build up a neighbor database. And if your a geek like me you can use that information to help you map your network and have some CDP fun! Here's how.


Configuring CDP

Well there's not much to configure. It's on by default it just works.

Secure#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled

I can see from the output above that CDP packets are sent every 60 seconds. If I wanted to send CDP packets every 30 seconds I could configure that using the following command:

Secure(config)#cdp timer 60

OK, lets see what information CDP gives us.

Secure#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
S1 Eth 0 151 S I WS-C2950-2Fas 0/17
S1 Eth 1 151 S I WS-C2950-2Fas 0/1


Here I can see that I have my routers port Ethernet 0 connected to port FastEthernet 0/17 on a 2950 switch and Ethernet 1 connected to port FastEthernet 0/1 on a 2950 also. I can also see that the Device ID is S1 which is the name of my switch. Wouldn't it be useful if I new the IP Address of the switch as well. Well here's how we find that out.

Secure#show cdp neighbors detail
-------------------------
Device ID: S1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: Ethernet0, Port ID (outgoing port): FastEthernet0/17
Holdtime : 158 sec

Version : Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000F
VTP Management Domain: ''
Duplex: full
Power drawn: 4294967.294 Watts

-------------------------

Device ID: S1 Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: Ethernet1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 158 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000F VTP Management Domain: ''
Duplex: full
Power drawn: 4294967.294 Watts


So from here I can start to diagram my network by hopping from decice to device and adding in detailed information about connected devices that CDP knows about. I can see which ports are fastethernet and which are not, which are full duplex and so much more.

So by now were realising that this CDP information is great to an administrator but probably great to an attacker too so let's say we don't want CDP leaving my router on interface ethernet 1 for example. Here's how we do that.

Before I stop CDP on the router I check the switch and make sure it is working as expected.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 129 R Cisco C831Eth 0
Secure Fas 0/1 129 R Cisco C831Eth 1

I can see that I have 2 CDP entries as expected. Now I go to my router and stop CDP on Ethernet 1.


Secure#conf t
Secure(config)#interface ethernet 1
Secure(config-if)#no cdp enable
Secure(config-if)#exit


I go back to my switch and see whats going on there.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 179 R Cisco C831Eth 0
Secure Fas 0/1 119 R Cisco C831Eth 1

I can see the CDP entry is still there but the holddown timer for Eth1 is still expiring whilst Eth0 has refreshed after it recieved a packet at the 60 second period.

Finally after the 180 seconds has passed I can see the CDP entry for Eth1 drop out.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 159 R Cisco C831Eth 0

And thats about it for CDP.
p0st3d by : at
Label: , , , ,

Discovering Devices with CDP

I touched on CDP briefly in a previous post, but here I'll talk a little more about why CDP is so great and how it can be used to help map and manage your network.

CDP stands for Cisco Discovery Protocol and is basically where your switch or router broadcasts a packet out of every interface stating some information about itself. This information includes:

  • IP Address
  • Port number
  • Port type
  • Device name
  • Device hardware
  • IOS version
  • Port speed
  • Duplex settings
  • Vlan information

That's right, all this really useful information gets thrown out of every port every minute by default and most of us just ignore it. Well if your a Cisco device you don't. If your a Cisco device you'll take that information and keep it in memory and build up a neighbor database. And if your a geek like me you can use that information to help you map your network and have some CDP fun! Here's how.


Configuring CDP

Well there's not much to configure. It's on by default it just works.

Secure#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled

I can see from the output above that CDP packets are sent every 60 seconds. If I wanted to send CDP packets every 30 seconds I could configure that using the following command:

Secure(config)#cdp timer 60

OK, lets see what information CDP gives us.

Secure#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
S1 Eth 0 151 S I WS-C2950-2Fas 0/17
S1 Eth 1 151 S I WS-C2950-2Fas 0/1


Here I can see that I have my routers port Ethernet 0 connected to port FastEthernet 0/17 on a 2950 switch and Ethernet 1 connected to port FastEthernet 0/1 on a 2950 also. I can also see that the Device ID is S1 which is the name of my switch. Wouldn't it be useful if I new the IP Address of the switch as well. Well here's how we find that out.

Secure#show cdp neighbors detail
-------------------------
Device ID: S1
Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: Ethernet0, Port ID (outgoing port): FastEthernet0/17
Holdtime : 158 sec

Version : Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000F
VTP Management Domain: ''
Duplex: full
Power drawn: 4294967.294 Watts

-------------------------

Device ID: S1 Entry address(es):
IP address: 10.0.1.210
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: Ethernet1, Port ID (outgoing port): FastEthernet0/1
Holdtime : 158 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000F VTP Management Domain: ''
Duplex: full
Power drawn: 4294967.294 Watts


So from here I can start to diagram my network by hopping from decice to device and adding in detailed information about connected devices that CDP knows about. I can see which ports are fastethernet and which are not, which are full duplex and so much more.

So by now were realising that this CDP information is great to an administrator but probably great to an attacker too so let's say we don't want CDP leaving my router on interface ethernet 1 for example. Here's how we do that.

Before I stop CDP on the router I check the switch and make sure it is working as expected.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 129 R Cisco C831Eth 0
Secure Fas 0/1 129 R Cisco C831Eth 1

I can see that I have 2 CDP entries as expected. Now I go to my router and stop CDP on Ethernet 1.


Secure#conf t
Secure(config)#interface ethernet 1
Secure(config-if)#no cdp enable
Secure(config-if)#exit


I go back to my switch and see whats going on there.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 179 R Cisco C831Eth 0
Secure Fas 0/1 119 R Cisco C831Eth 1

I can see the CDP entry is still there but the holddown timer for Eth1 is still expiring whilst Eth0 has refreshed after it recieved a packet at the 60 second period.

Finally after the 180 seconds has passed I can see the CDP entry for Eth1 drop out.

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Secure Fas 0/17 159 R Cisco C831Eth 0

And thats about it for CDP.
p0st3d by : at
Label: , , , ,

IP Routing - EIGRP

Right, first a bit about EIGRP from my notes.

EIGRP (Enhanced Interior Gateway Routing Protocol) a cisco proprietry hybrid routing protocol and uses the DUAL algorithm for selecting the best path to remote networks. It has both link state and distance vector characteristics. EIGRP has an administrative distance of 90.

EIGRP uses a multicast address of 224.0.0 to send updates as the topology changes. If the router does not receive a reply from a neighbor after sending the multicast update it will use unicast. A list of neighbors are maintained in the neighborship table. After the router has sent 16 unicasts and recieved no reply the neighbor will be declared dead and removed from the neighborship table.

EIGRP will only share routing information with it's neighbors if they share the same AS number. All updates that EIGRP receives are entered into it's topology table and the best routes are selected by DUAL and entered into the routing table.

EIGRP (unlike IGRP) includes the subnet mask in it's advertisements which allows it to utilise VLSM and summarisation and supports discontiguous networks. By default EIGRP uses bandwidth and delay to calculate the best route to a remote network. EIGRP can loadbalance across up to 6 equal or unequal cost links but the default is 4.


My Lab

I'll be using the same lab as in previous posts.


Router 1 (R1)
FastEthernet 0/0 - 192.168.1.1/24
loopback 0 - 172.16.10.0/24
loopback 1 - 10.1.1.0/24

Router 2 (R2)
FastEthernet 0/0 - 192.168.1.2/24
FastEthernet 1/0 - 192.168.2.1/24

Router 3 (R3)
FastEthernet 0/0 - 192.168.2.2/24


Configuring EIGRP

Below I'm going to remove OSPF which was set up in a previous lab and configure all of my routers with EIGRP.


R1
R1#sh ip protocols
Routing Protocol is "ospf 10"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.16.10.1
It is an autonomous system boundary router
Redistributing External Routes from,
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.10.0 0.0.0.255 area 0
192.168.1.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 110 00:01:01
Distance: (default is 110)


First I'll remove OSPF

R1#conf t
R1(config)#no router ospf 10
R1(config)#end


And now I'll configure EIGRP with an AS of 10. To configure EIGRP on all the routers in the diagram I use the following commands:

R1
R1#conf t
R1(config)#router eigrp 10
R1(config-router)#network 192.168.1.0 0.0.0.255
R1(config-router)#network 172.16.10.0 0.0.0.255
R1(config-router)#end



R2
R2#conf t
R2(config)#no router ospf 10
R2(config)#router eigrp 10
R2(config-router)#network 192.168.1.0 0.0.0.255
R2(config-router)#network 192.168.2.0 0.0.0.255
R2(config-router)#end



R3
R3#conf t
R3(config)#no router ospf 10
R3(config)#router eigrp 10
R3(config-router)#network 192.168.2.0 0.0.0.255
R3(config-router)#end


I now check my routing table on R3 to make sure I see the routes from R1.

R3#sh ip route
Gateway of last resort is not set
D 172.16.0.0/16 [90/158720] via 192.168.2.1, 00:00:14, FastEthernet0/0
D 192.168.1.0/24 [90/30720] via 192.168.2.1, 00:00:14, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0

Routes starting with a D are EIGRP routes. Now I check I can ping one of the remote networks.

R3#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/29/52 ms


I also need to set the default network so it gets advertised through EIGRP.

R1(config)#ip default-network 172.16.10.1
R1(config)#end


Now supposing I want to prevent one of the interfaces on a router from sending out or receiving advertisements.

R2(config)#router eigrp 10
R2(config-router)#passive-interface fastEthernet 1/0

The following message is displayed on the console screen to indicate that the interface will not be sending out EIGRP routes.

00:52:21: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.2.2 (FastEthernet1/0) is down: interface passive


And on R3 I get the following message:

00:52:27: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.2.1 (FastEthernet0/0) is down: Interface Goodbye received

On checking R3's routimg table I see that all the EIGRP routes are dropped.

R3#sh ip route
C 192.168.2.0/24 is directly connected, FastEthernet0/0


Troubleshooting and Debug Commands

R3#sh ip route summary


R1#sh ip protocols


R2#sh ip eigrp interfaces
R3#debug ip eigrp
R2#sh ip eigrp traffic 10
R2#sh ip eigrp neighbors detail


p0st3d by : at
Label: , , , ,

NAT Overload

In this post i'll configure NAT Overload (PAT) on my Cisco router.

NAT is primarily used for the following purposes.

  • To efficiently utilise public IP addresses and slow the depletion of IP version 4 addresses.
  • To help mask the internal IP address ranges from external sources.
  • To aid in the merge of similiarly addressed networks.

NAT can either be used in a one to many configuration (PAT), or a one to one configuration (Static or Dynamic). Here I'll cover NAT Overload.


When used in a one to many configuration the router uses the port numbers to remember connections. For example:

Internal - External
192.168.1.1:4567 - 80.233.1.67:4567
192.168.1.2:3458 - 80.233.1.67:3458

The same external address is used however the external address uses the internal addresses source port number as its own source port number.


Configuration

To configure NAT Overload so all my internal hosts on the address subnet 192.168.2.0 (defined in the access list in step 3) use the address 192.168.2.200 (as defined in the NAT pool in step 2).


1. Name the interfaces.

Secure#conf t
Secure(config)#interface eth 0
Secure(config-if)#ip nat inside
Secure(config)#interface eth 1
Secure(config-if)#ip nat outside
Secure(config-if)#exit



2. Create the Pool of addresses to be used to NAT

Secure(config)#ip nat pool Secure-Pool 192.168.2.10 192.168.2.10 net 255.255.255.0



3. Create a standard ACL that identifies addresses that will be NAT'd

Secure(config)#ip access-list standard 10
Secure(config-std-nacl)#permit 192.168.2.0 0.0.0.255


4. Enable NAT
Secure(config)#ip nat inside source list 10 pool Secure-Pool overload

When I ping the external host all traffic is seen as coming from the address that I set up in the pool.



All works well but because of my lab setup I need to change the pool address to one that works on my other network which connects to the internet.

Secure(config)#no ip nat inside source list 10 pool Secure-Pool overload
Secure(config)#ip nat pool Secure-Pool 10.0.1.199 10.0.1.199 net 255.255.255.0
Secure(config)#ip nat inside source list 10 pool Secure-Pool overload

Now from my lab I can get access to the web and if I ping a host on my lab net I see the correct NAT address returned.





Troubleshooting and Debugging

A useful show command for looking at active translations is:

Secure#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.0.1.199:768 192.168.2.4:768 10.0.1.5:768 10.0.1.5:768
--- 10.0.1.199 192.168.2.4 --- ---



For looking at translations as they happen you can use:

Secure#terminal monitor
Secure#debug ip nat detailed
IP NAT detailed debugging is on
Secure#
*Sep 27 14:09:52.903: NAT*: i: icmp (192.168.2.4, 768) -> (10.0.1.5, 768) [56303]
*Sep 27 14:09:52.903: NAT*: i: icmp (192.168.2.4, 768) -> (10.0.1.5, 768) [56303]
*Sep 27 14:09:52.903: NAT*: s=192.168.2.4->10.0.1.199, d=10.0.1.5 [56303]
*Sep 27 14:09:52.907: NAT*: o: icmp (10.0.1.5, 768) -> (10.0.1.199, 768) [32653]
*Sep 27 14:09:52.907: NAT*: s=10.0.1.5, d=10.0.1.199->192.168.2.4 [32653]
Secure#
*Sep 27 14:09:53.903: NAT*: i: icmp (192.168.2.4, 768) -> (10.0.1.5, 768) [56304]
*Sep 27 14:09:53.903: NAT*: s=192.168.2.4->10.0.1.199, d=10.0.1.5 [56304]
*Sep 27 14:09:53.907: NAT*: o: icmp (10.0.1.5, 768) -> (10.0.1.199, 768) [61886]
*Sep 27 14:09:53.907: NAT*: s=10.0.1.5, d=10.0.1.199->192.168.2.4 [61886]
Secure#
*Sep 27 14:09:54.907: NAT*: i: icmp (192.168.2.4, 768) -> (10.0.1.5, 768) [56305]
*Sep 27 14:09:54.907: NAT*: s=192.168.2.4->10.0.1.199, d=10.0.1.5 [56305]
*Sep 27 14:09:54.907: NAT*: o: icmp (10.0.1.5, 768) -> (10.0.1.199, 768) [47007]
*Sep 27 14:09:54.907: NAT*: s=10.0.1.5, d=10.0.1.199->192.168.2.4 [47007]
Secure#
*Sep 27 14:09:55.907: NAT*: i: icmp (192.168.2.4, 768) -> (10.0.1.5, 768) [56306]
*Sep 27 14:09:55.907: NAT*: s=192.168.2.4->10.0.1.199, d=10.0.1.5 [56306]
*Sep 27 14:09:55.915: NAT*: o: icmp (10.0.1.5, 768) -> (10.0.1.199, 768) [28657]
*Sep 27 14:09:55.915: NAT*: s=10.0.1.5, d=10.0.1.199->192.168.2.4 [28657]
Secure#

In the output above we can see that were looking at ICMP traffic from 192.168.2.4 to 10.0.1.5 which is NAT'd to 10.0.1.199.


For NAT statistics:

Secure#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 1 extended)
Outside interfaces:
Ethernet1
Inside interfaces:
Ethernet0
Hits: 4295 Misses: 212
CEF Translated packets: 3413, CEF Punted packets: 1847
Expired translations: 637
Dynamic mappings:
-- Inside Source
[Id: 7] access-list 2 pool Secure-Pool refcount 2
pool Secure-Pool: netmask 255.255.255.0
start 10.0.1.199 end 10.0.1.199
type generic, total addresses 1, allocated 1 (100%), misses 0
Queued Packets: 0
Secure#
p0st3d by : at
Label: , , , , ,

IP Routing - OSPF

In this post I'm going to describe a few benefits of OSPF and how to configure it.

OSPF stands for Open Shortest Path First and and is a link state, non-proprietary, classless routing protocol. OSPF uses the dijkstra algorithm to calculate routes and has an administrative distance of 110.

The main advantages of OSPF are the fast convergence time and the low bandwidth use. Unlike RIP which is a flat network OSPF networks can be structured. Areas are used to structure the network and each router needs to have an interface in area 0 which is the backbone network. For the CCNA exam only area 0 is used. OSPF can also be configured to use authentication on it's routing updates.



Configuring OSPF

Below is a diagram of the routers I'll be referring to in this post.

Router 1 (R1)
FastEthernet 0/0 - 192.168.1.1/24
loopback 0 - 172.16.10.0/24
loopback 1 - 10.1.1.0/24

Router 2 (R2)
FastEthernet 0/0 - 192.168.1.2/24
FastEthernet 1/0 - 192.168.2.1/24

Router 3 (R3)
FastEthernet 0/0 - 192.168.2.2/24


Okay, lets get started.

I'll remove RIP so router 3 doesn't know about the 172.16.10.0 subnet on router 1.

R3#conf t
R3(config)#no router rip
R3(config)#exit

R3#sh ip route
Gateway of last resort is not set
C 192.168.2.0/24 is directly connected, FastEthernet0/0
R3#


Below I'll remove RIP from Routers 1, 2 and 3, configure them with OSPF and verify routes propagated.

R1#conf t
R1(config)#no router rip
R1(config)#router ospf 10
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#network 172.16.10.0 0.0.0.255 area 0
R1(config-router)#end

I also have an network 10.1.1.0 that I dont want published so I leave this out.


R2#conf t
R2(config)#no router rip
R2(config)#router ospf 10
R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2(config-router)#network 192.168.2.0 0.0.0.255 area 0
R2(config-router)#end


R3#conf t
R3(config)#router ospf 10
R3(config-router)#network 192.168.2.0 0.0.0.255 area 0


Notice, I just create the routes that I want advertised and place them into Area 0. All routers must have at least one interface in Area 0. I have used 10 as the OSPF process ID. this could be different on each router but its easier to remember if it is all the same.

Great. Now I verify that the routes have been propagated.

R3#sh ip route
Gateway of last resort is not set
172.16.0.0/32 is subnetted, 1 subnets
O 172.16.10.1 [110/3] via 192.168.2.1, 00:06:53, FastEthernet0/0
O 192.168.1.0/24 [110/2] via 192.168.2.1, 00:06:53, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0

And can I ping the 172.16.10.1 interface?

R3#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/72/96 ms


Ok this is all good but I can see on the routing table of R3 (shown above) that I have no gateway of last resort set. I want to set this to go to loopback 0 on R1.

To fix this I'll go back to R1, tell OSPF to advertise the gateway route and then create a static route to set the gateway of last resort. Here's how:

R1(config)#router ospf 10
R1(config-router)#default-information originate
R1(config-router)#exit

R1(config)#ip route 0.0.0.0 0.0.0.0 loopback 0
R1(config)#exit

R1#sh ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.10.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Loopback1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O 192.168.2.0/24 [110/2] via 192.168.1.2, 00:20:59, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Loopback0


And I have another look on R3 to make sure it has got to that network.

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

172.16.0.0/32 is subnetted, 1 subnets
O 172.16.10.1 [110/3] via 192.168.2.1, 00:23:59, FastEthernet0/0
O 192.168.1.0/24 [110/2] via 192.168.2.1, 00:23:59, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.2.1, 00:04:23, FastEthernet0/0
R3#

Bingo! All done.

Links
Here is a link to a great article on OSPF
Here is a link to some great OSPF videos
p0st3d by : at
Label: , , , , , ,

IP Routing - RIP

In this post i'm going to describe how to configure RIP as a routing protocol. I'll be using the network layout as shown below.


Router 1 (R1)
FastEthernet 0/0 - 192.168.1.1/24
loopback 0 - 172.16.10.0/24

Router 2 (R2)
FastEthernet 0/0 - 192.168.1.2/24
FastEthernet 1/0 - 192.168.2.1/24

Router 3 (R3)
FastEthernet 0/0 - 192.168.2.2/24



About RIP

First a bit about RIP. RIP is a distance vector dynamic routing protocol. That means it populates its routing table based on the routing updates its recieves from it's neighbors and it calculates the best path based on distance (or hops).
RIP comes in 2 versions, version 1 and version 2. RIP V1 has been around since the late 60's, is classless meaning it doesnt send subnet information, it has no authentication and it works by broadcasting the routes it knows about every 30 seconds. RIP V2 is classfull, supports authentication and uses multicast (224.0.0.9). RIP is non-proprietry so it is supported on a range of equipment and not just cisco. RIP (V1 and V2) both have an administrative distance of 120.



Configuring RIP

Okay, now the fun part. I'll be setting up RIP V2 in this post.
The way RIP works is I enable it on my router, tell it to use version 2, and tell it what networks to advertise.

To start with lets see what routes R1 knows already:

R1#show ip route
C 172.16.10.0 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, FastEthernet0/0

Okay, so it knows about the directly connrected routes. What about R3?


R3#show ip route
C 192.168.2.0/24 is directly connected, FastEthernet0/0

Great. No chance of pinging the 172.16.10.1 interface on R1 then. For this pinging business to be sucessfull I need to enable RIP V2 on all the routers. I then need to list all the networks that each router knows about. Like this.

Router 1 (R1)
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.1.0 255.255.255.0
R1(config-router)#network 172.16.10.0 255.255.255.0

Router 2 (R2)
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 192.168.1.0 255.255.255.0
R2(config-router)#network 192.168.2.0 255.255.255.0

Router 3 (R3)
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.2.0 255.255.255.0


Great. Now i'll check R3 routing table.

R3#show ip route
Gateway of last resort is not set
R 172.16.0.0/16 [120/1] via 192.168.2.1, 00:00:17, FastEthernet0/0
R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:17, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0

Brilliant. I can now see the routes to 172.16.0.0 network. And can I ping it?

R3#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/72/92 ms


So remember, you have to tell the router which networks you want to advertise and if you dont list the network which an interface is configured for, RIP won't advertise out of that interface.
Lastly in this section I will cover how to turn off RIP propogating out of an Interface. This could be because you have RIP enabled but on of your interfaces is connected to a untrusted network for example. To prevent the propogation you wolud make the interface passive. You will still recieve RIP updates onthe interface bt will not send them.

In the example below I'll prevent Router 2 from sending updates to Router 3.

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 192.168.1.0 255.255.255.0
R2(config-router)#network 192.168.2.0 255.255.255.0
R2(config-router)#passive-interface fastethernet 1/0



Configuring Authentication

Below I am going to configure authentication on my RIP updates. What I noticed in my lab was as soon as I set this up on a router the remote routers lost all routes until they too were configured for authentication. So it seems that this is an all or nothing thing.

Below I enter global config mode, create a keychain called homelab, a key, and I give the key a password of cisco.

R1#configure terminal
R1(config)#key chain homelab
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco


Now I enter the interface configuration and, tell it what key chain I'm using and tell it to use MD5. This has to be done on each interface that RIP will be sent or received on. Also, each neighboring router needs to use the same key (cisco) as set up in the steps above.

R1#configure terminal
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip rip authentication key-chain homelab
R1(config-if)#ip rip authentication mode md5
R1(config-if)#end


Running a show ip protocols lists what the router knows about the authentication you have configured.

R2#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 3 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 2 2 homelab
FastEthernet1/0 2 2 homelab
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.16.0.0
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:08:39
192.168.1.1 120 00:00:03
Distance: (default is 120)



Troubleshooting RIP

The commands that I have found useful in helping to troubleshoot RIP are:


R1#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 25 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 2 2
Loopback0 2 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.16.0.0
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
192.168.1.2 120 00:00:20
Distance: (default is 120)

In the output above there are a bunch of timers (Update, Invalid, Holddown and Flush). These need to be the same on each router.


R2#show ip rip database
172.16.0.0/16 auto-summary
172.16.0.0/16
[1] via 192.168.1.1, 00:00:00, FastEthernet0/0
192.168.1.0/24 auto-summary
192.168.1.0/24 directly connected, FastEthernet0/0
192.168.2.0/24 auto-summary
192.168.2.0/24 directly connected, FastEthernet1/0


R2#show ip route rip
R 172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:16, FastEthernet0/0


R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:02, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet1/0

R2#debug ip rip events
RIP event debugging is on
R2#
01:30:43: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.1.2)
01:30:43: RIP: Update contains 1 routes
01:30:43: RIP: Update queued
01:30:43: RIP: Update sent via FastEthernet0/0

The command above will turn on debugging for RIP updates.


Okay. That's about all I have on RIP.
p0st3d by : at
Label: , , , , , , ,

IP Routing - Static Routes

In this post i'm going to detail what static routes are and how to set them up.

A packet needs to know howto get from one network to another. To achieve this you can either use static or dynamic routes.

One of the benifits of using static routes is it gives you complete control over where the packets go which is great from a security point of view. The downside is that as your network grows, so does the administrative overhead.

Below I'm just going to detail how to set up routing between 2 networks.


Router 1 (R1)
FastEthernet 0/0 - 192.168.1.1/24

Router 2 (R2)
FastEthernet 0/0 - 192.168.1.2/24
FastEthernet 0/1 - 192.168.2.1/24

Router 3 (R3)
FastEthernet 0/0 - 192.168.2.2/24

Looking at my routing table on R3 I can see that I just have the connected network of 192.168.2.0

Router3#show ip route

Gateway of last resort is not set
C 192.168.2.0/24 is directly connected, FastEthernet0/0


I'll set up a new static route to the network 192.168.1.0 . I use the IP ROUTE command, list the network I want to get to and either the interface i'll be going out of or the next hop address.

Router3#configure terminal
Router3(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
Router3(config)#end

Router3#show ip route

Gateway of last resort is not set
S 192.168.1.0/24 [1/0] via 192.168.2.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0


I'll talk here a bit about administrative distances. Administrative distances are importantant in routing as each route will have one and that will be the router that the router places in the routing table.

As shown above we have 2 routes. One a Static (preceeded with a S) and the other a directly connected route (preceeded with a C)

By default, connected routes will have an administrative distance of 0 and static routes will be 1.
I could override the defaults by adding an administrative distance at the end of the command. This would be useful in creating static routes with values that are higher than those used by dynamic routing protocols. Then if a dynamic routing protocol is implimeted is will be entered into the routing table and used instead of the static route.

Now I try to ping the remote network and as long as that network knows how to get back to me my ping succeeds.

Router3#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/77/140 ms


Another option that can be appended to the end of the static route is PERMANENT. If this is used the route will stay in the routing table no matter what. Below is an example:

Router3#configure terminal
Router3(config)#ip route 192.168.1.0 255.255.255.0 fastethernet 0/0 permanent
Router3(config)#end

Here endeth my static routing post!
p0st3d by : at
Label: , , , , ,
Subscribe to: Posts (Atom)

+++

Share |

"make something then You never be lost"

wibiya widget