5.1.2 Lab – Implement EIGRP for IPv6 (Answers)

5.1.2 Lab – Implement EIGRP for IPv6 (Answers)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

5.1.2 Lab - Implement EIGRP for IPv6 (Answers) 2

Addressing Table

Device Interface IPv6 Address/Prefix Length Link Local Address
R1 G0/0/0 2001:db8:cafe:1::1/64 fe80::1:1
G0/0/1.1 2001:db8:acad:1::1/64 fe80::1:2
G0/0/1.2 2001:db8:acad:2::1/64 fe80::1:3
R2 G0/0/0 2001:db8:cafe:1::2/64 fe80::2:1
G0/0/1 2001:db8:cafe:2::2/64 fe80::2:2
Loopback 0 2001:db8:ff:999:153/64 fe80::2:3
Loopback 1 2001:db8:cede::1/64 fe80::2:4
Loopback 2 2001:db8:cede:1::1/64 fe80::2:5
R3 G0/0/0 2001:db8:cafe:2::1/64 fe80::3:1
G0/0/1 2001:db8:acad:3::1/64 fe80::3:2
Loopback 1 2001:db8:abcd:8::1/64 fe80::3:3
Loopback 2 2001:db8:abcd:9::1/64 fe80::3:4
Loopback 3 2001:db8:abcd:10::1/64 fe80::3:5
Loopback 4 2001:db8:abcd:11::1/64 fe80::3:6
Loopback 5 2001:db8:abcd:12::1/64 fe80::3:7
D2 G1/0/1 2001:db8:acad:1::2/64 fe80::d2:1
G1/0/11 2001:db8:acad:3::2/64 fe80::d2:2
PC1 NIC SLAAC EUI-64

Objectives

  • Part 1: Build the Network and Configure Basic Device Settings
  • Part 2: Implement EIGRP for IPv6 and Named EIGRP
  • Part 3: Tune and Optimize EIGRP for IPv6

Background / Scenario

EIGRP for IPv6 has the same overall operation and features as EIGRP for IPv4. However, there are a few major differences between them:

• IPv6 unicast routing must be enabled before the routing process can be configured.
• In the absence of the router having any IPv4 addresses, a 32-bit router ID must be configured for the routing process to start.
• EIGRP for IPv6 is configured directly on the router interfaces.

In this lab, you will configure the network with EIGRP for IPv6. You will also configure passive interfaces, propagate a default route, configure a summary route, implement routing protocol authentication, modify load balancing, and filter routes with a prefix list.

Note: This lab is an exercise in configuring the options available with EIGRP for IPv6. It does not necessarily reflect implementation best practices.

Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources

• 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 1 PC (Choice of operating system with terminal emulation program installed)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology

Instructions

Part 1: Build the Network and Configure Basic Device Settings

In Part 1, you will set up the network topology and configure basic settings and interface addressing on routers.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each device.

a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below.

Router R1

hostname R1
no ip domain lookup
ipv6 unicast-routing
banner motd # R1, Implement EIGRP for IPv6 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
line vty 0 4
 privilege level 15
 exec-timeout 0 0
 password cisco123
 login
 exit
interface g0/0/0
 ipv6 address 2001:db8:cafe:1::1/64
 ipv6 address fe80::1:1 link-local
 no shutdown
 exit
interface g0/0/1
 no ip address
 no shutdown
 exit
interface g0/0/1.1
 description VLAN 1 Interface
 encapsulation dot1q 1
 ipv6 address fe80::1:2 link-local
 ipv6 address 2001:db8:acad:1::1/64
 no shutdown
 exit
interface g0/0/1.2
 description VLAN 2 Interface
 encapsulation dot1q 2
 ipv6 address fe80::1:3 link-local
 ipv6 address 2001:db8:acad:2::1/64
 no shutdown
 exit
end

Router R2

hostname R2
no ip domain lookup
ipv6 unicast-routing
banner motd # R2, Implement EIGRP for IPv6 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
line vty 0 4
 privilege level 15
 exec-timeout 0 0
 password cisco123
 login
 exit
interface g0/0/0
 ipv6 address fe80::2:1 link-local
 ipv6 address 2001:db8:cafe:1::2/64
 no shutdown
 exit
interface g0/0/1
 ipv6 address fe80::2:2 link-local
 ipv6 address 2001:db8:cafe:2::2/64
 no shutdown
 exit
interface loopback 0
 description Internet host
 ipv6 address fe80::2:3 link-local
 ipv6 address 2001:db8:ff:999::153/64
 no shutdown
 exit
interface loopback 1
 ipv6 address fe80::2:4 link-local
 ipv6 address 2001:db8:cede::1/64
 no shutdown
 exit
interface loopback 2
 ipv6 address fe80::2:5 link-local
 ipv6 address 2001:db8:cede:1::1/64
 no shutdown
 exit
end

Router R3

hostname R3
no ip domain lookup
ipv6 unicast-routing
banner motd # R3, Implement EIGRP for IPv6 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
line vty 0 4
 privilege level 15
 exec-timeout 0 0
 password cisco123
 login
 exit
interface g0/0/0
 ipv6 address fe80::3:1 link-local
 ipv6 address 2001:db8:cafe:2::1/64
 no shutdown
 exit
interface g0/0/1
 ipv6 address fe80::3:2 link-local
 ipv6 address 2001:db8:acad:1::3/64
 no shutdown
 exit
interface loopback 1
 ipv6 address fe80::3:3 link-local
 ipv6 address 2001:db8:abcd:8::1/64
 no shutdown
interface loopback 2
 ipv6 address fe80::3:4 link-local
 ipv6 address 2001:db8:abcd:9::1/64
 no shutdown
interface loopback 3
 ipv6 address fe80::3:5 link-local
 ipv6 address 2001:db8:abcd:10::1/64
 no shutdown
interface loopback 4
 ipv6 address fe80::3:6 link-local
 ipv6 address 2001:db8:abcd:11::1/64
 no shutdown
interface loopback 5
 ipv6 address fe80::3:7 link-local
 ipv6 address 2001:db8:abcd:12::1/64
 no shutdown
end

Router D1

hostname D1
no ip domain lookup
banner motd # D1, Implement EIGRP for IPv6 #
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 privilege level 15
 exec-timeout 0 0
 password cisco123
 login
vlan 2
 name HOST-VLAN
interface range g1/0/1 - 24, g1/1/1 - 2
 switchport mode access
 shutdown
interface range g1/0/1, g1/0/11
 switchport mode trunk
 no shutdown
 exit
interface g1/0/23
 switchport mode access
 switchport access vlan 2
 spanning-tree portfast
 no shutdown
 exit
end

Router D2

hostname D2
no ip domain lookup
ipv6 unicast-routing
banner motd # D2, Implement EIGRP for IPv6 #
line con 0
 exec-timeout 0 0
 logging synchronous
 exit
line vty 0 4
 privilege level 15
 exec-timeout 0 0
 password cisco123
 login
 exit
interface range g1/0/1 - 24, g1/1/1 - 2
 shutdown
 exit
interface g1/0/1
 no switchport
 ipv6 address fe80::d1:1 link-local
 ipv6 address 2001:Db8:acad:1::2/64
 no shutdown
 exit
interface g1/0/11
 no switchport
 ipv6 address fe80::d1:2 link-local
 ipv6 address 2001:db8:acad:3::2/64
 no shutdown
 exit
end

b. Set the clock on each device to UTC time.

c. Save the running configuration to startup-config.

d. Verify that PC1 generates an IPv6 address.

e. Verify that PC1 can ping its default gateway at fe80::1:3.

Part 2: Implement EIGRP for IPv6 and Named EIGRP

In this part of the lab, you will configure and verify EIGRP in the network. Routers R1 and R3 will used Named EIGRP, while router R2 will use Classic EIGRP. After you have established the network, you will examine the differences in how each version of EIGRP deals with metrics.

For the lab, you will use the Autonomous System number 43 on all routers.

Step 1: Configure EIGRP for IPv6 on R2

a. Start the configuration of Classic EIGRP by issuing the ipv6 router eigrp 43 command.

R2(config)# ipv6 router eigrp 43

b. Configure the EIGRP Router ID using the eigrp router-id command. Use the number 2.2.2.2 for R2.

R2(config-router)# eigrp router-id 2.2.2.2

c. Identify the interfaces that should be configured with EIGRP and the networks that should be included in the EIGRP topology table. This is done on the interfaces with the ipv6 eigrp command.

R2(config)# interface g0/0/0
R2(config-if)# ipv6 eigrp 43
R2(config-if)# exit
R2(config)# interface g0/0/1
R2(config-if)# ipv6 eigrp 43
R2(config-if)# exit
R2(config)# interface loopback0
R2(config-if)# ipv6 eigrp 43
R2(config-if)# exit
R2(config)# interface loopback1
R2(config-if)# ipv6 eigrp 43
R2(config-if)# exit
R2(config)# interface loopback 2
R2(config-if)# ipv6 eigrp 43
R2(config-if)# end

d. Verify the interfaces now involved in EIGRP with the show ipv6 eigrp interfaces command.

R2# show ipv6 eigrp interfaces
EIGRP-IPv6 Interfaces for AS(43)
                              Xmit Queue   PeerQ        Mean   Pacing Time   Multicast    Pending
Interface              Peers  Un/Reliable  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Gi0/0/0                  0        0/0       0/0           0       0/0 0           0
Gi0/0/1                  0        0/0       0/0           0       0/0 0           0
Lo0                      0        0/0       0/0           0       0/0 0           0
Lo1                      0        0/0       0/0           0       0/0 0           0
Lo2                      0        0/0       0/0           0       0/0 0           0
Step 2: Configure Named EIGRP for IPv6 on R1 and R3

a. Start the configuration of Named EIGRP by issuing the router eigrp [ name ] command. The name parameter can be a number, but the number does not identify an Autonomous System as it does with Classic EIGRP, it simply identifies the process. For our purposes, name the process EIGRP_IPV6.

R1(config)# router eigrp EIGRP_IPV6
R1(config-router)#

b. Enter into address-family configuration mode with the address-family ipv6 unicast autonomous-system 43 command. It is not necessary to configure EIGRP for IPv6 on the interfaces. In named-mode configuration, EIGRP for IPv6 is automatically enabled on all interfaces that are configured with an IPv6 address.

R1(config-router)# address-family ipv6 unicast autonomous-system 43

c. Configure the EIGRP Router ID using the eigrp router-id command. Use the number 1.1.1.1.

R1(config-router-af)# eigrp router-id 1.1.1.1

d. Repeat the configuration process on R3 and D2. For the R3 router ID use 3.3.3.3, and for the D2 router ID use 132.132.132.132.

Step 3: Verify EIGRP for IPv6

a. A few seconds after configuring the network statements on R1, R3 and D2, you should have seen EIGRP adjacencies being formed, as noted at the console by messages similar to the one below.

*Mar 9 13:42:47.969: %DUAL-5-NBRCHANGE: EIGRP-IPv6 43: Neighbor FE80::3:2 (GigabitEthernet1/0/11) is up: new adjacency

b. To verify that routing is working, ping from PC1 to Interface Loopback 1 on R3 (2001:db8:abcd:8::1). The ping should be successful.

c. On R1, examine the EIGRP entries in the IPv6 routing table using the show ipv6 route eigrp command. As you can see, R1 is aware of all of the networks that have been configured in the topology. The remote networks that were learned from EIGRP and that appear in the routing table were learned from routers R2 and R3 as indicated by the link local address that is displayed for these entries. Note that in some cases, EIGRP for IPv6 has two equal cost routes for a network.

R1# show ipv6 route eigrp
IPv6 Routing Table - default - 17 entries
<output omitted>
D   2001:DB8:FF:999::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:ABCD:8::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:9::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:10::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:11::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:12::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ACAD:3::/64 [90/15360]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:CAFE:2::/64 [90/15360]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:CEDE::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:CEDE:1::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0

d. Now examine the EIGRP topology table using the show ipv6 eigrp topology all-links command. The all-links parameter instructs the router to display routes that are not successors or feasible successors. We will focus on the routes to 2001:db8:abcd:10::/64 and 2001:db8:cafe:2::/64. There are several things to notice.

Remember that the topology table is EIGRP’s database of route information. EIGRP selects the best paths, based on the DUAL algorithm, and offers them to the IP routing table. However, the IP routing table does not have to use those offered paths, because the router may have learned about the same network from a more reliable routing source, which would be a routing source with a lower administrative distance.

R1# show ipv6 eigrp topology all-links
EIGRP-IPv6 VR(EIGRP_IPV6) Topology Table for AS(43)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 2001:DB8:CEDE:1::/64, 1 successors, FD is 328990720, serno 7
        via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0
P 2001:DB8:CEDE::/64, 1 successors, FD is 328990720, serno 6
        via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0
P 2001:DB8:ABCD:10::/64, 2 successors, FD is 2048000, serno 16
        via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0
        via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1
P 2001:DB8:ACAD:1::/64, 1 successors, FD is 1310720, serno 2
        via Connected, GigabitEthernet0/0/1.1
        via FE80::D1:1 (1966080/1310720), GigabitEthernet0/0/1.1
P 2001:DB8:ABCD:12::/64, 2 successors, FD is 2048000, serno 18
        via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0
        via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1
P 2001:DB8:CAFE:2::/64, 1 successors, FD is 1966080, serno 4
        via FE80::2:1 (1966080/1310720), GigabitEthernet0/0/0
        via FE80::D1:1 (2621440/1966080), GigabitEthernet0/0/1.1
P 2001:DB8:ABCD:9::/64, 2 successors, FD is 2048000, serno 15
        via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0
        via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1
P 2001:DB8:ABCD:11::/64, 2 successors, FD is 2048000, serno 17
        via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0
        via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1
P 2001:DB8:ACAD:2::/64, 1 successors, FD is 1310720, serno 3
        via Connected, GigabitEthernet0/0/1.2
P 2001:DB8:ABCD:8::/64, 2 successors, FD is 2048000, serno 14
        via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0
        via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1
P 2001:DB8:CAFE:1::/64, 1 successors, FD is 1310720, serno 1
        via Connected, GigabitEthernet0/0/0
        via FE80::2:1 (1966080/1310720), GigabitEthernet0/0/0
P 2001:DB8:FF:999::/64, 1 successors, FD is 328990720, serno 5
        via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0
P 2001:DB8:ACAD:3::/64, 1 successors, FD is 1966080, serno 13
        via FE80::D1:1 (1966080/1310720), GigabitEthernet0/0/1.1

We will focus on the routes, highlighted in the above output, to 2001:db8:abcd:10::/64 and 2001:db8:cafe:2::/64. There are several things to notice:

– The entry for the 2001:db8:abcd:10::/64 network shows two successors, while the entry for 2001:db8:cafe:2::/64 shows only one successor. Both entries show two paths. The path with the lowest Feasible Distance (FD) is selected as the successor and is offered to the routing table. For 2001:db8:abcd:10::/64, there are two paths with equal FD, so they are both successors and both are offered to the global routing table. In the case of 2001:db8:cafe:2::/64, the FD is listed as 19660800. The path via fe80::2:1 shows that number as the FD (first number in parentheses). The path via fe80::d1:1 shows an FD of 2621440, which is higher than the current FD. So that path, although valid, is a higher cost path and is not offered to the routing table.

– The FD listed in the topology table does not match the metric listed in the routing table. For 2001:db8:abcd:10::/64, the routing table shows the metric value 16000 while the topology table shows the FD as 2048000. This is due to the routing table having a limit of 4 bytes (32 bits) for metric information, while EIGRP on R1 is using EIGRP wide metrics, which are 64 bits. Wide metrics are used by Named EIGRP by default. To work around the 32-bit metric size limitation in the routing table, EIGRP divides the wide-metric value by the EIGRP_RIB_SCALE value, which defaults to 128. The value 2048000 divided by 128 is 16000.

Note: A network with mixed EIGRP implementations (Named and Classic in the same routing domain), will have some loss of route clarity, which could lead to sub-optimal path selection. The recommended implementation is to use Named EIGRP in all cases.

– There are no feasible successors listed in the topology table for 2001:db8:abcd:10::/64 or 2001:db8:cafe:2::/64. The feasibility condition requires that the reported distance (RD) to a destination network be less than the current FD for a next-hop to be considered a feasible successor to the route. In the case of 2001:db8:cafe:2::/64, the RD of the path via fe80::d1:1 is listed as 1966080, which is equal to the current FD, which disqualifies this path as a feasible successor. If the path via fe80::2:1 were to be lost, R1 would have to send queries to find a new way to get to 2001:db8:cafe:2::/64. Feasible successors appear only in the topology table. Only successors appear in the routing table.

e. To see the RIB Scale and metric version values, as well as other protocol information, issue the show ipv6 protocols | section EIGRP_IPv6 command.

R1# show ipv6 protocols | section EIGRP_IPV6
EIGRP-IPv6 VR(EIGRP_IPV6) Address-Family Protocol for AS(43)
  Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
  Metric rib-scale 128
  Metric version 64bit
  Soft SIA disabled
  NSF-aware route hold timer is 240
  EIGRP NSF disabled
     NSF signal timer is 20s
     NSF converge timer is 120s
  Router-ID: 1.1.1.1
  Topology : 0 (base)
    Active Timer: 3 min
    Distance: internal 90 external 170
    Maximum path: 16
    Maximum hopcount 100
    Maximum metric variance 1
    Total Prefix Count: 13
    Total Redist Count: 0

f. To examine details about a particular path, issue the show ipv6 eigrp topology [address] command. Among other things in this output, you can see the values used in calculating the metric.

R1# show ipv6 eigrp topology 2001:db8:cafe:2::/64
EIGRP-IPv6 VR(EIGRP_IPV6) Topology Entry for AS(43)/ID(1.1.1.1) for 2001:DB8:CAFE:2::/64
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1966080, RIB is 15360
  Descriptor Blocks:
  FE80::2:1 (GigabitEthernet0/0/0), from FE80::2:1, Send flag is 0x0
      Composite metric is (1966080/1310720), route is Internal
      Vector metric:
        Minimum bandwidth is 1000000 Kbit
        Total delay is 20000000 picoseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
        Originating router is 2.2.2.2
  FE80::D1:1 (GigabitEthernet0/0/1.1), from FE80::D1:1, Send flag is 0x0
      Composite metric is (2621440/1966080), route is Internal
      Vector metric:
        Minimum bandwidth is 1000000 Kbit
        Total delay is 30000000 picoseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
        Originating router is 3.3.3.3

Part 3: Tune and Optimize EIGRP for IPv6

In this part of the lab, you will tune and optimize EIGRP for IPv6 through the use of passive interfaces, default router redistribution, summary routes, authentication, load balancing, and route filtering.

Step 1: Configure specific interfaces as passive.

Passive interfaces are interfaces that only partially participate in the operation of a routing protocol. The network that a passive interface is connected to is advertised, while the routing protocol does not actually transmit routing protocol-specific traffic on that interface. Use passive interfaces when you have a connected network that you want to advertise, but you do not want protocol neighbors to appear on that interface. Interfaces supporting users should always be configured as passive. There are two ways to configure interfaces as passive. The first is specifically by interface. The other is to make all interfaces default to passive default. Normally a device with many LAN interfaces will use the default option, and then use the no form of the command on the specific interfaces that should be sending and receiving EIGRP messages.

a. On PC1, run Wireshark and set the display capture filter to eigrp. You should see a hello message roughly every five seconds. If PC 1 is capable of running EIGRP for IPv6, you might be able to form an adjacency and interact in the routing domain. This is not desirable.

b. On R1, configure af-interface g0/0/1 to be passive.

R1(config)# router eigrp EIGRP_IPV6
R1(config-router)# address-family ipv6 unicast autonomous-system 43
R1(config-router-af)# af-interface g0/0/1.2
R1(config-router-af-interface)# passive-interface
R1(config-router-af-interface)# end

c. On PC1, restart the Wireshark capture with the eigrp capture filter. You should no longer see EIGRP Hello messages.

Step 2: Configure interfaces from default to passive.

The second option for configuring passive interfaces is to configure them all as passive and then issue the no passive-interface command for certain interfaces. This approach is suitable in a security-focused scenario, or when the device has many LAN interfaces. The commands vary depending on whether you are using Classic or Named EIGRP.

a. In Classic EIGRP configuration, issue the passive-interface default command followed by no passive-interface [interface designation] command on the interfaces that should be participating in EIGRP. As an example, configure this on R2, and then make interfaces G0/0/0 and G0/0/1 active. Note that you will lose EIGRP adjacencies until the interfaces are active.

R2(config)# ipv6 router eigrp 43
R2(config-rtr)# passive-interface default
R2(config-rtr)# no passive-interface g0/0/0
R2(config-rtr)# no passive-interface g0/0/1
R2(config-rtr)# end

b. In Named EIGRP configuration, you apply the passive-interface command to the af-interface default configuration, and then no passive-interface command to the af-interface specific interface. On R3, set the af-interface default as passive and then configure G0/0/0 and S0/1/0 as active. Note that you will lose EIGRP adjacencies until the interfaces are active.

R3(config)# router eigrp EIGRP_IPV6
R3(config-router)# address-family ipv6 unicast autonomous-system 43
R3(config-router-af)# af-interface default
R3(config-router-af-interface)# passive-interface
R3(config-router-af-interface)# exit-af-interface
R3(config-router-af)# af-interface g0/0/0
R3(config-router-af-interface)# no passive-interface
R3(config-router-af-interface)# exit-af-interface
R3(config-router-af)# af-interface g0/0/1
R3(config-router-af-interface)# no passive-interface
R3(config-router-af-interface)# end

c. The output of show ip protocols | include (passive) will give you a list of passive interfaces configured for EIGRP.

R3# show ipv6 protocols | include (passive)
    Loopback5 (passive)
    Loopback4 (passive)
    Loopback3 (passive)
    Loopback2 (passive)
    Loopback1 (passive)
Step 3: Propagate a default route.

EIGRP for IPv6 can be configured to propagate a default route to other EIGRP routers in the AS. This lab will explore two methods of propagating a default route, either by redistributing a default static route or by sharing a summary default route.

In this topology, interface Loopback 0 on R2 has been configured to simulate an internet destination. Therefore, we will configure a default route on R2 and then configure EIGRP for IPv6 to redistribute the route.

a. Configure a static default route on R2 with an exit interface of Loopback0s IPv6 address.

R2(config)# ipv6 route ::/0 2001:db8:ff:999::1

b. Go into EIGRP configuration add the redistribute static command.

R2(config)# ipv6 router eigrp 43
R2(config-rtr)# redistribute static
R2(config-rtr)# end

c. At R1, issue the show ipv6 route eigrp | begin EX :: command. Notice the default route is present as an EIGRP external route with an AD of 170. Further, notice that individual routes for the 2001:db8:cede::/64 and 2001:db8:cede:1::/64 networks, representing R2 interfaces Lo1 and Lo2, are present in the routing table.

R1# show ipv6 route eigrp | begin EX  ::
EX  ::/0 [170/2570240]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:FF:999::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:ABCD:8::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:9::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:10::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:11::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:12::/64 [90/16000]
     via FE80::2:1, GigabitEthernet0/0/0
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ACAD:3::/64 [90/15360]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:CAFE:2::/64 [90/15360]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:CEDE::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:CEDE:1::/64 [90/2570240]
     via FE80::2:1, GigabitEthernet0/0/0

d. On R2, remove the redistribute static command from EIGRP and remove the static default route.

e. On R2, configure the ipv6 summary-address command on the GigabitEthernet0/0/0 and GigabtEthernet0/0/1 interfaces. Specify the eigrp 43 and the route ::/0

R2(config)# interface GigabitEthernet0/0/0
R2(config-if)# ipv6 summary-address eigrp 43 ::/0
R2(config-if)# interface GigabitEthernet0/0/1
R2(config-if)# ipv6 summary-address eigrp 43 ::/0

f. Go to router R1 and use the show ipv6 route eigrp command to see the default route that has been injected into the routing table. Notice in the output that the route now appears as an internal EIGRP route with an AD of 90. Also notice that individual routes for the 2001:db8:cede::/64 and 2001:db8:cede:1::/64 networks, representing R2 interfaces Lo1 and Lo2, are no longer present in the routing table. The ipv6 summary-address ::/0 command replaced all individual routes that R2 was advertising.

Note: If you were to add another summary address on R2, similar to what you will do in the next sub-step, that summary would be advertised as well.

R1# show ipv6 route eigrp
<output omitted>
D   ::/0 [90/15360]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:ABCD:8::/64 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:9::/64 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:10::/64 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:11::/64 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ABCD:12::/64 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ACAD:3::/64 [90/15360]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:CAFE:2::/64 [90/20480]
     via FE80::D1:1, GigabitEthernet0/0/1.1
Step 4: Configure an EIGRP for IPv6 Summary Address.

Router R3 is configured with five loopback interfaces that simulate five IPv6 LANs. Those LAN addresses appear in the other EIGRP routers as five individual routes. In order to limit the impact of these five LANs on routing tables and routing protocol traffic, the routes can be configured with a single route summary address that will enable all five networks to be reached without requiring separate information to be shared for each network.

a. To optimize EIGRP for IPv6, on R3 summarize the loopback addresses as a single route and advertise the summary route in R3’s EIGRP updates to R1 and R2. Use the same summarization method that is used for IPv4 by finding the bits that all five addresses have in common. The IPv6 loopback addresses could be summarized as 2001:db8:abcd::/61, but common practice is not to split the summary at the nibble level. Therefore, summary masks will normally be 48, 52, 56, and 60 bits. For our exercise, we will specify a 56 bit mask, even though that summary would indicate more networks than R3 is hosting. After configuring the summary route on the interface, notice that the neighbor adjacency between R3 and R2 and R1 is resynchronized (restarted).

R3(config)# router eigrp EIGRP_IPV6
R3(config-router)# address-family ipv6 unicast autonomous-system 43
R3(config-router-af)# af-interface g0/0/0
R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56
R3(config-router-af-interface)# exit
R3(config-router-af)# af-interface g0/0/1
R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56
R3(config-router-af-interface)# end

b. Examine the routing table of R1 to verify that R1 is receiving only one summary route for the loopback interfaces.

R1# show ipv6 route eigrp
<output omitted>
D   ::/0 [90/15360]
     via FE80::2:1, GigabitEthernet0/0/0
D   2001:DB8:ABCD::/56 [90/16000]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:ACAD:3::/64 [90/15360]
     via FE80::D1:1, GigabitEthernet0/0/1.1
D   2001:DB8:CAFE:2::/64 [90/20480]
     via FE80::D1:1, GigabitEthernet0/0/1.1
Step 5: Configure EIGRP authentication.

EIGRP for IPv6 supports authentication on an interface basis. In other words, each interface can be configured to require authentication of the connected peer. This ensures that connected devices that try to form an adjacency are authorized to do so. Classic EIGRP supports key-chain based MD5-hashed keys, while Named EIGRP adds support for SHA256-hashed keys. The two are not compatible.

In this step, you will configure both types of authentication to exercise the range of options available.

a. On R1, R2, and R3, create a key-chain named EIGRPv6-AUTHEN-KEY with a single key. The key should have the key-string $3cre7!!

R1(config)# key chain EIGRPv6-AUTHEN-KEY
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string $3cre7!!
R1(config-keychain-key)# end

b. On R2, configure interfaces G0/0/0 and G0/0/1 to use the key chain that you just created with MD5. Note that you will lose EIGRP adjacencies until the neighbor interfaces are configured.

R2(config)# interface g0/0/0
R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY
R2(config-if)# ipv6 authentication mode eigrp 43 md5
R2(config-if)# exit
R2(config)# interface g0/0/1
R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY
R2(config-if)# ipv6 authentication mode eigrp 43 md5
R2(config-if)# end

c. Configure interfaces GigabitEthernet0/0/0 on R1 and R3 to use the key chain with MD5. EIGRP adjacencies with R2 should be restored.

R1(config)# router eigrp EIGRP_IPV6
R1(config-router)# address-family ipv6 unicast autonomous-system 43
R1(config-router-af)# af-interface g0/0/0
R1(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY
R1(config-router-af-interface)# authentication mode md5
R1(config-router-af-interface)# end

d. Use the show ip eigrp interface detail | section Gi0/0/0 command to verify authentication is in place and what type it is.

R1# show ipv6 eigrp interface detail | section Gi0/0/0
Gi0/0/0                  1        0/0       0/0           1       0/050           0
  Hello-interval is 5, Hold-time is 15
  Split-horizon is enabled
  Next xmit serial <none>
  Packetized sent/expedited: 14/2
  Hello's sent/expedited: 186/4
  Un/reliable mcasts: 0/11  Un/reliable ucasts: 15/7
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 0
  Retransmissions sent: 3  Out-of-sequence rcvd: 0
  Topology-ids on interface - 0
  Authentication mode is md5,  key-chain is "EIGRP-AUTHEN-KEY"
  Topologies advertised on this interface:  base
  Topologies not advertised on this interface:

e. On R1, R3 and D2, configure HMAC-SHA-256 based authentication using the same shared secret, $3cre7!!, on R1 interface G0/0/1.1, R3 interface G0/0/1, and D2 interfaces G1/0/1 and G1/0/11. Note that EIGRP adjacency will be lost until both ends of a link are configured.

R1(config)# router eigrp EIGRP_IPV6
R1(config-router)# address-family ipv6 unicast autonomous-system 43
R1(config-router-af)# af-interface g0/0/1.1
R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!!
R1(config-router-af-interface)# end

f. Use the show ipv6 eigrp interface detail command to verify authentication is in place and what type it is.

R1# show ipv6 eigrp interface detail | section Gi0/0/1.1
Gi0/0/1.1                1        0/0       0/0           3       0/050           0
  Hello-interval is 5, Hold-time is 15
  Split-horizon is enabled
  Next xmit serial <none>
  Packetized sent/expedited: 27/1
  Hello's sent/expedited: 582/3
  Un/reliable mcasts: 0/28  Un/reliable ucasts: 35/11
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 0
  Retransmissions sent: 2  Out-of-sequence rcvd: 0
  Topology-ids on interface - 0
  Authentication mode is HMAC-SHA-256, key-chain is not set
  Topologies advertised on this interface:  base
  Topologies not advertised on this interface:
Step 6: Manipulate load balancing with variance.

By default, load balancing occurs only over equal-cost paths. EIGRP supports up to four equal cost paths by default but can be configured to support as many as 32 with the maximum-paths command.

EIGRP has the added capability to load balance over unequal-cost paths. Load balancing is controlled by the variance parameter. Its value is a multiplier that is used to determine how to deal with multiple paths to the same destination.

Variance is set to 1 by default, so any paths up to the configured maximum number of paths that have an FD equal to the best current FD are also offered to the routing table. This provides equal cost load balancing.

The variance parameter can also be set to zero, which dictates that no load balancing takes place.
The variance parameter can be adjusted so that paths that have an FD that is less than or equal to variance times current best FD are also considered as successors and installed into the routing table. There is an extremely important differentiation here — to be a feasible successor, the RD of a path must be less than the current best FD. To be considered for unequal load balancing, the FD of the feasible successor is multiplied by the variance value, and if the product of this calculation is less than the current best FD, the feasible successor is promoted to successor.

There are two caveats; first, only feasible successors are considered and second, with unequal cost load balancing, traffic share is proportional to the best metric in the routing table for the given path.

Note: Keep in mind that your routing table may be different than the one created by the examples in this lab. If your results are different, examine them carefully to determine why so that you can thoroughly understand how EIGRP is operating.

a. Before manipulating variance, R3 needs to see individual routes from R2 instead of a summary. Therefore, remove the summary routes on R2 so that it will again advertise more specific EIGRP routes to R3.

R2(config-if)# interface g0/0/0
R2(config-if)# no ipv6 summary-address eigrp 43 ::/0
R2(config-if)# exit
R2(config)# interface g0/0/1
R2(config-if)# no ipv6 summary-address eigrp 43 ::/0
R2(config-if)# end

b. On R3, verify that there are again two equal-cost paths to 2001:db8:acad:2::64. In this example, the IPv6 address must be entered in ALL CAPS.

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64
D   2001:DB8:ACAD:2::/64 [90/20480]
     via FE80::D1:2, GigabitEthernet0/0/1
     via FE80::2:2, GigabitEthernet0/0/0

c. To change this and allow for the demonstration of variance, change the interface bandwidth for the R2 interfaces G0/0/0 and G0/0/1 to 800000.

R2(config)# interface g0/0/0
R2(config-if)# bandwidth 800000
R2(config-if)# exit
R2(config)# interface g0/0/1
R2(config-if)# bandwidth 800000
R2(config-if)# end

d. When you examine the routing table on R3, you see that there is no load balancing occurring. All destinations have a single path.

R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64
D   2001:DB8:ACAD:2::/64 [90/20480]
     via FE80::D1:2, GigabitEthernet0/0/1

e. However, we know there are multiple paths in the network. The first consideration for manipulating variance is that it only works with feasible successors. Examining the topology table on R3 shows that there is a feasible successor for the 2001:db8:acad:2::/64 network. The route via fe80::2:2 out the G0/0/0 interface has an RD less than the FD for the current successor.

R3# show ipv6 eigrp topology | section 2001:DB8:ACAD:2::/64
P 2001:DB8:ACAD:2::/64, 1 successors, FD is 2621440
        via FE80::D1:2 (2621440/1966080), GigabitEthernet0/0/1
        via FE80::2:2 (2785280/2129920), GigabitEthernet0/0/0

f. To use the other route for unequal cost load balancing, we can set the variance parameter to 2. This will mean that any path with an RD less than or equal to 5242880 will qualify as a successor (2 x 2621440 = 5242880).

R3(config)# router eigrp EIGRP_IPV6
R3(config-router)# address-family ipv6 unicast autonomous-system 43
R3(config-router-af)# topology base
R3(config-router-af-topology)# variance 2
R3(config-router-af-topology)# exit
R3(config-router-af)# exit
R3(config-router)# exit
R3(config)# end

g. The output of the show ipv6 route eigrp command now displays two paths available to the 2001:db8:acad:2::/64 network. Notice that the routes have different metrics, but are listed and used just the same. Also, notice adding variance 2 adds a second path to the 2001:db8:cafe:1::/64 network.

R3# show ipv6 route eigrp
<output omitted>
D   2001:DB8:FF:999::/64 [90/2570240]
     via FE80::2:2, GigabitEthernet0/0/0
D   2001:DB8:ABCD::/56 [5/1280]
     via Null0, directly connected
D   2001:DB8:ACAD:2::/64 [90/20480]
     via FE80::D1:2, GigabitEthernet0/0/1
     via FE80::2:2, GigabitEthernet0/0/0
D   2001:DB8:ACAD:3::/64 [90/15360]
     via FE80::D1:2, GigabitEthernet0/0/1
D   2001:DB8:CAFE:1::/64 [90/16640]
     via FE80::2:2, GigabitEthernet0/0/0
     via FE80::D1:2, GigabitEthernet0/0/1
D   2001:DB8:CEDE::/64 [90/2570240]
     via FE80::2:2, GigabitEthernet0/0/0
D   2001:DB8:CEDE:1::/64 [90/2570240]
     via FE80::2:2, GigabitEthernet0/0/0
Step 7: Filter EIGRP routes using a prefix list.

In this step, you will configure a filter at R2 to block propagation of the network 2001:db8:cafe:1::/64 to R3.

a. On R3, issue the command show ipv6 route 2001:db8:cafe:1::/64 command. The output should list two successors, one via fe80::2:2 and one via fe90::d2:2. We want to filter route via fe80::2:1.

R3# show ipv6 route 2001:db8:cafe:1::/64
Routing entry for 2001:DB8:CAFE:1::/64
  Known via "eigrp 43", distance 90, metric 16640, type internal
  Route count is 2/2, share count 0
  Routing paths:
    FE80::2:2, GigabitEthernet0/0/0
      From FE80::2:2
      Last updated 00:05:00 ago
    FE80::D1:2, GigabitEthernet0/0/1
      From FE80::D1:2
      Last updated 00:04:35 ago

b. On R2, create an IPv6 prefix list that matches the 2001:db8:cafe:1::/64 network.

R2(config)# ipv6 prefix-list DROP-CAFE-1 seq 10 deny 2001:db8:cafe:1::/64
R2(config)# ipv6 prefix-list DROP-CAFE-1 seq 20 permit ::/0
R2(config)# end

c. On R2, apply the prefix list as a distribute list for updates exiting the G0/0/1 interface towards R3.

R2(config)# ipv6 router eigrp 43
R2(config-rtr)# distribute-list prefix-list DROP-CAFE-1 out g0/0/1
R2(config-rtr)# exit
R2(config)# end

d. On R3, issue the show ipv6 route 2001:db8:cafe:1::/64 command. The output should now list one successor fe80::d1:2. Verify that R3 no longer has a successor route via fe80::2:2 to the 2001:db8:cafe:1::/64 network.

e.

R3# show ipv6 route 2001:db8:cafe:1::/64
Routing entry for 2001:DB8:CAFE:1::/64
  Known via "eigrp 43", distance 90, metric 20480, type internal
  Route count is 1/1, share count 0
  Routing paths:
    FE80::D1:2, GigabitEthernet0/0/1
      From FE80::D1:2
      Last updated 00:15:29 ago

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs – Final

Router R1

R1# show run
Building configuration...


Current configuration : 2181 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
!
login on-success
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
key chain EIGRPv6-AUTHEN-KEY
 key 1
  key-string $3cre7!!
!
spanning-tree extend system-id
!
redundancy
 mode none
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 ipv6 address FE80::1:1 link-local
 ipv6 address 2001:DB8:CAFE:1::1/64
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1.1
 description VLAN 1 Interface
 encapsulation dot1Q 1 native
 ipv6 address FE80::1:2 link-local
 ipv6 address 2001:DB8:ACAD:1::1/64
!
interface GigabitEthernet0/0/1.2
 description VLAN 2 Interface
 encapsulation dot1Q 2
 ipv6 address FE80::1:3 link-local
 ipv6 address 2001:DB8:ACAD:2::1/64
!
interface Serial0/1/0
 no ip address
!
interface Serial0/1/1
 no ip address
!
router eigrp EIGRP_IPV6
 !
 address-family ipv6 unicast autonomous-system 43
  !
  af-interface GigabitEthernet0/0/1.2
   passive-interface
  exit-af-interface
  !
  af-interface GigabitEthernet0/0/0
   authentication mode md5
   authentication key-chain EIGRPv6-AUTHEN-KEY
  exit-af-interface
  !
  af-interface GigabitEthernet0/0/1.1
   authentication mode hmac-sha-256 $3cre7!!
  exit-af-interface
  !
  topology base
  exit-af-topology
  eigrp router-id 1.1.1.1
 exit-address-family
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
control-plane
!
banner motd ^C R1, Implement EIGRP for IPv6 ^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 login
!
end

Router R2

R2# show run
Building configuration...


Current configuration : 2355 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
key chain EIGRPv6-AUTHEN-KEY
 key 1
  key-string $3cre7!!
!
spanning-tree extend system-id
!
redundancy
 mode none
!
interface Loopback0
 description Internet host
 no ip address
 ipv6 address FE80::2:3 link-local
 ipv6 address 2001:DB8:FF:999::153/64
 ipv6 eigrp 43
!
interface Loopback1
 no ip address
 ipv6 address FE80::2:4 link-local
 ipv6 address 2001:DB8:CEDE::1/64
 ipv6 eigrp 43
!
interface Loopback2
 no ip address
 ipv6 address FE80::2:5 link-local
 ipv6 address 2001:DB8:CEDE:1::1/64
 ipv6 eigrp 43
!
interface GigabitEthernet0/0/0
 bandwidth 800000
 no ip address
 negotiation auto
 ipv6 address FE80::2:1 link-local
 ipv6 address 2001:DB8:CAFE:1::2/64
 ipv6 eigrp 43
 ipv6 authentication mode eigrp 43 md5
 ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY
!
interface GigabitEthernet0/0/1
 bandwidth 800000
 no ip address
 negotiation auto
 ipv6 address FE80::2:2 link-local
 ipv6 address 2001:DB8:CAFE:2::2/64
 ipv6 eigrp 43
 ipv6 authentication mode eigrp 43 md5
 ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
ipv6 router eigrp 43
 distribute-list prefix-list DROP-CAFE-1 out GigabitEthernet0/0/1
 passive-interface default
 no passive-interface GigabitEthernet0/0/0
 no passive-interface GigabitEthernet0/0/1
 eigrp router-id 2.2.2.2
!
ipv6 prefix-list DROP-CAFE-1 seq 10 deny 2001:DB8:CAFE:1::/64
ipv6 prefix-list DROP-CAFE-1 seq 20 permit ::/0
!
control-plane
!
banner motd ^C R2, Implement EIGRP for IPv6 ^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 login
!
end

Router R3

R3# show run
Building configuration...


Current configuration : 2622 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
key chain EIGRPv6-AUTHEN-KEY
 key 1
  key-string $3cre7!!
!
spanning-tree extend system-id
!
redundancy
 mode none
!
interface Loopback1
 no ip address
 ipv6 address FE80::3:3 link-local
 ipv6 address 2001:DB8:ABCD:8::1/64
!
interface Loopback2
 no ip address
 ipv6 address FE80::3:4 link-local
 ipv6 address 2001:DB8:ABCD:9::1/64
!
interface Loopback3
 no ip address
 ipv6 address FE80::3:5 link-local
 ipv6 address 2001:DB8:ABCD:10::1/64
!
interface Loopback4
 no ip address
 ipv6 address FE80::3:6 link-local
 ipv6 address 2001:DB8:ABCD:11::1/64
!
interface Loopback5
 no ip address
 ipv6 address FE80::3:7 link-local
 ipv6 address 2001:DB8:ABCD:12::1/64
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 ipv6 address FE80::3:1 link-local
 ipv6 address 2001:DB8:CAFE:2::1/64
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 ipv6 address FE80::3:2 link-local
 ipv6 address 2001:DB8:ACAD:1::3/64
!
interface Serial0/1/0
 no ip address
!
interface Serial0/1/1
 no ip address
!
router eigrp EIGRP_IPV6
 !
 address-family ipv6 unicast autonomous-system 43
  !
  af-interface default
   passive-interface
  exit-af-interface
  !
  af-interface GigabitEthernet0/0/0
   summary-address 2001:DB8:ABCD::/56
   authentication mode md5
   authentication key-chain EIGRPv6-AUTHEN-KEY
   no passive-interface
  exit-af-interface
  !
  af-interface GigabitEthernet0/0/1
   summary-address 2001:DB8:ABCD::/56
   authentication mode hmac-sha-256 $3cre7!!
   no passive-interface
  exit-af-interface
  !
  topology base
   variance 2
  exit-af-topology
  eigrp router-id 3.3.3.3
 exit-address-family
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
control-plane
!
banner motd ^C R3, Implement EIGRP for IPv6 ^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 login
!
end

Switch D1

D1# show run
Building configuration...

Current configuration : 7193 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D1
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24td
!
no ip domain lookup
!
login on-success log
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
transceiver type all
 monitoring
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/3
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/4
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/5
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/6
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/7
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/8
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/9
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/10
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/11
 switchport mode trunk
!
interface GigabitEthernet1/0/12
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/13
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/14
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/15
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/16
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/17
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/18
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/20
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/21
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/22
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/23
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport mode access
 shutdown
!
interface GigabitEthernet1/1/1
 switchport mode access
 shutdown
!
interface GigabitEthernet1/1/2
 switchport mode access
 shutdown
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
 service-policy input system-cpp-policy
!
banner motd ^C D1, Implement EIGRP for IPv6 ^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 login
line vty 5 15
 login
!
end

Switch D2

D2# show run
Building configuration...

Current configuration : 7142 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24td
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
transceiver type all
 monitoring
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 no switchport
 no ip address
 ipv6 address FE80::D2:1 link-local
 ipv6 address 2001:DB8:ACAD:1::2/64
!
interface GigabitEthernet1/0/2
 shutdown
!
interface GigabitEthernet1/0/3
 shutdown
!
interface GigabitEthernet1/0/4
 shutdown
!
interface GigabitEthernet1/0/5
 shutdown
!
interface GigabitEthernet1/0/6
 shutdown
!
interface GigabitEthernet1/0/7
 shutdown
!
interface GigabitEthernet1/0/8
 shutdown
!
interface GigabitEthernet1/0/9
 shutdown
!
interface GigabitEthernet1/0/10
 shutdown
!
interface GigabitEthernet1/0/11
 no switchport
 no ip address
 ipv6 address FE80::D1:2 link-local
 ipv6 address 2001:DB8:ACAD:3::2/64
!
interface GigabitEthernet1/0/12
 shutdown
!
interface GigabitEthernet1/0/13
 shutdown
!
interface GigabitEthernet1/0/14
 shutdown
!
interface GigabitEthernet1/0/15
 shutdown
!
interface GigabitEthernet1/0/16
 shutdown
!
interface GigabitEthernet1/0/17
 shutdown
!
interface GigabitEthernet1/0/18
 shutdown
!
interface GigabitEthernet1/0/19
 shutdown
!
interface GigabitEthernet1/0/20
 shutdown
!
interface GigabitEthernet1/0/21
 shutdown
!
interface GigabitEthernet1/0/22
 shutdown
!
interface GigabitEthernet1/0/23
 shutdown
!
interface GigabitEthernet1/0/24
 shutdown
!
interface GigabitEthernet1/1/1
 shutdown
!
interface GigabitEthernet1/1/2
 shutdown
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 no ip address
!
router eigrp EIGRP_IPV6
 !
 address-family ipv6 unicast autonomous-system 43
  !
  af-interface GigabitEthernet1/0/1
   authentication mode hmac-sha-256 $3cre7!!
  exit-af-interface
  !
  af-interface GigabitEthernet1/0/112
   authentication mode hmac-sha-256 $3cre7!!
  exit-af-interface
  !
  topology base
  exit-af-topology
  eigrp router-id 132.132.132.132
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
 service-policy input system-cpp-policy
!
banner motd ^C D2, Implement EIGRP for IPv6 ^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco123
 login
line vty 5 15
 login
!
end

Download 5.1.2 Lab – Implement EIGRP for IPv6 .PDF file:


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments