5.1.2 Lab – Implement EIGRP for IPv6 (Answers)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Device | Interface | IPv6 Address/Prefix Length | Link Local Address |
---|---|---|---|
R1 | G0/0/0 | 2001:db8:cafe:1::1/64 | fe80::1:1 |
G0/0/1.1 | 2001:db8:acad:1::1/64 | fe80::1:2 | |
G0/0/1.2 | 2001:db8:acad:2::1/64 | fe80::1:3 | |
R2 | G0/0/0 | 2001:db8:cafe:1::2/64 | fe80::2:1 |
G0/0/1 | 2001:db8:cafe:2::2/64 | fe80::2:2 | |
Loopback 0 | 2001:db8:ff:999:153/64 | fe80::2:3 | |
Loopback 1 | 2001:db8:cede::1/64 | fe80::2:4 | |
Loopback 2 | 2001:db8:cede:1::1/64 | fe80::2:5 | |
R3 | G0/0/0 | 2001:db8:cafe:2::1/64 | fe80::3:1 |
G0/0/1 | 2001:db8:acad:3::1/64 | fe80::3:2 | |
Loopback 1 | 2001:db8:abcd:8::1/64 | fe80::3:3 | |
Loopback 2 | 2001:db8:abcd:9::1/64 | fe80::3:4 | |
Loopback 3 | 2001:db8:abcd:10::1/64 | fe80::3:5 | |
Loopback 4 | 2001:db8:abcd:11::1/64 | fe80::3:6 | |
Loopback 5 | 2001:db8:abcd:12::1/64 | fe80::3:7 | |
D2 | G1/0/1 | 2001:db8:acad:1::2/64 | fe80::d2:1 |
G1/0/11 | 2001:db8:acad:3::2/64 | fe80::d2:2 | |
PC1 | NIC | SLAAC | EUI-64 |
Objectives
- Part 1: Build the Network and Configure Basic Device Settings
- Part 2: Implement EIGRP for IPv6 and Named EIGRP
- Part 3: Tune and Optimize EIGRP for IPv6
Background / Scenario
EIGRP for IPv6 has the same overall operation and features as EIGRP for IPv4. However, there are a few major differences between them:
• IPv6 unicast routing must be enabled before the routing process can be configured.
• In the absence of the router having any IPv4 addresses, a 32-bit router ID must be configured for the routing process to start.
• EIGRP for IPv6 is configured directly on the router interfaces.
In this lab, you will configure the network with EIGRP for IPv6. You will also configure passive interfaces, propagate a default route, configure a summary route, implement routing protocol authentication, modify load balancing, and filter routes with a prefix list.
Note: This lab is an exercise in configuring the options available with EIGRP for IPv6. It does not necessarily reflect implementation best practices.
Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 1 PC (Choice of operating system with terminal emulation program installed)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology
Instructions
Part 1: Build the Network and Configure Basic Device Settings
In Part 1, you will set up the network topology and configure basic settings and interface addressing on routers.
Step 1: Cable the network as shown in the topology.
Attach the devices as shown in the topology diagram, and cable as necessary.
Step 2: Configure basic settings for each device.
a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below.
Router R1
hostname R1 no ip domain lookup ipv6 unicast-routing banner motd # R1, Implement EIGRP for IPv6 # line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 privilege level 15 exec-timeout 0 0 password cisco123 login exit interface g0/0/0 ipv6 address 2001:db8:cafe:1::1/64 ipv6 address fe80::1:1 link-local no shutdown exit interface g0/0/1 no ip address no shutdown exit interface g0/0/1.1 description VLAN 1 Interface encapsulation dot1q 1 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:acad:1::1/64 no shutdown exit interface g0/0/1.2 description VLAN 2 Interface encapsulation dot1q 2 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:acad:2::1/64 no shutdown exit end
Router R2
hostname R2 no ip domain lookup ipv6 unicast-routing banner motd # R2, Implement EIGRP for IPv6 # line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 privilege level 15 exec-timeout 0 0 password cisco123 login exit interface g0/0/0 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:cafe:1::2/64 no shutdown exit interface g0/0/1 ipv6 address fe80::2:2 link-local ipv6 address 2001:db8:cafe:2::2/64 no shutdown exit interface loopback 0 description Internet host ipv6 address fe80::2:3 link-local ipv6 address 2001:db8:ff:999::153/64 no shutdown exit interface loopback 1 ipv6 address fe80::2:4 link-local ipv6 address 2001:db8:cede::1/64 no shutdown exit interface loopback 2 ipv6 address fe80::2:5 link-local ipv6 address 2001:db8:cede:1::1/64 no shutdown exit end
Router R3
hostname R3 no ip domain lookup ipv6 unicast-routing banner motd # R3, Implement EIGRP for IPv6 # line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 privilege level 15 exec-timeout 0 0 password cisco123 login exit interface g0/0/0 ipv6 address fe80::3:1 link-local ipv6 address 2001:db8:cafe:2::1/64 no shutdown exit interface g0/0/1 ipv6 address fe80::3:2 link-local ipv6 address 2001:db8:acad:1::3/64 no shutdown exit interface loopback 1 ipv6 address fe80::3:3 link-local ipv6 address 2001:db8:abcd:8::1/64 no shutdown interface loopback 2 ipv6 address fe80::3:4 link-local ipv6 address 2001:db8:abcd:9::1/64 no shutdown interface loopback 3 ipv6 address fe80::3:5 link-local ipv6 address 2001:db8:abcd:10::1/64 no shutdown interface loopback 4 ipv6 address fe80::3:6 link-local ipv6 address 2001:db8:abcd:11::1/64 no shutdown interface loopback 5 ipv6 address fe80::3:7 link-local ipv6 address 2001:db8:abcd:12::1/64 no shutdown end
Router D1
hostname D1 no ip domain lookup banner motd # D1, Implement EIGRP for IPv6 # line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 privilege level 15 exec-timeout 0 0 password cisco123 login vlan 2 name HOST-VLAN interface range g1/0/1 - 24, g1/1/1 - 2 switchport mode access shutdown interface range g1/0/1, g1/0/11 switchport mode trunk no shutdown exit interface g1/0/23 switchport mode access switchport access vlan 2 spanning-tree portfast no shutdown exit end
Router D2
hostname D2 no ip domain lookup ipv6 unicast-routing banner motd # D2, Implement EIGRP for IPv6 # line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 privilege level 15 exec-timeout 0 0 password cisco123 login exit interface range g1/0/1 - 24, g1/1/1 - 2 shutdown exit interface g1/0/1 no switchport ipv6 address fe80::d1:1 link-local ipv6 address 2001:Db8:acad:1::2/64 no shutdown exit interface g1/0/11 no switchport ipv6 address fe80::d1:2 link-local ipv6 address 2001:db8:acad:3::2/64 no shutdown exit end
b. Set the clock on each device to UTC time.
c. Save the running configuration to startup-config.
d. Verify that PC1 generates an IPv6 address.
e. Verify that PC1 can ping its default gateway at fe80::1:3.
Part 2: Implement EIGRP for IPv6 and Named EIGRP
In this part of the lab, you will configure and verify EIGRP in the network. Routers R1 and R3 will used Named EIGRP, while router R2 will use Classic EIGRP. After you have established the network, you will examine the differences in how each version of EIGRP deals with metrics.
For the lab, you will use the Autonomous System number 43 on all routers.
Step 1: Configure EIGRP for IPv6 on R2
a. Start the configuration of Classic EIGRP by issuing the ipv6 router eigrp 43
command.
R2(config)# ipv6 router eigrp 43
b. Configure the EIGRP Router ID using the eigrp router-id
command. Use the number 2.2.2.2 for R2.
R2(config-router)# eigrp router-id 2.2.2.2
c. Identify the interfaces that should be configured with EIGRP and the networks that should be included in the EIGRP topology table. This is done on the interfaces with the ipv6 eigrp
command.
R2(config)# interface g0/0/0 R2(config-if)# ipv6 eigrp 43 R2(config-if)# exit R2(config)# interface g0/0/1 R2(config-if)# ipv6 eigrp 43 R2(config-if)# exit R2(config)# interface loopback0 R2(config-if)# ipv6 eigrp 43 R2(config-if)# exit R2(config)# interface loopback1 R2(config-if)# ipv6 eigrp 43 R2(config-if)# exit R2(config)# interface loopback 2 R2(config-if)# ipv6 eigrp 43 R2(config-if)# end
d. Verify the interfaces now involved in EIGRP with the show ipv6 eigrp interfaces
command.
R2# show ipv6 eigrp interfaces EIGRP-IPv6 Interfaces for AS(43) Xmit Queue PeerQ Mean Pacing Time Multicast Pending Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes Gi0/0/0 0 0/0 0/0 0 0/0 0 0 Gi0/0/1 0 0/0 0/0 0 0/0 0 0 Lo0 0 0/0 0/0 0 0/0 0 0 Lo1 0 0/0 0/0 0 0/0 0 0 Lo2 0 0/0 0/0 0 0/0 0 0
Step 2: Configure Named EIGRP for IPv6 on R1 and R3
a. Start the configuration of Named EIGRP by issuing the router eigrp [ name ]
command. The name parameter can be a number, but the number does not identify an Autonomous System as it does with Classic EIGRP, it simply identifies the process. For our purposes, name the process EIGRP_IPV6.
R1(config)# router eigrp EIGRP_IPV6 R1(config-router)#
b. Enter into address-family configuration mode with the address-family ipv6 unicast autonomous-system 43
command. It is not necessary to configure EIGRP for IPv6 on the interfaces. In named-mode configuration, EIGRP for IPv6 is automatically enabled on all interfaces that are configured with an IPv6 address.
R1(config-router)# address-family ipv6 unicast autonomous-system 43
c. Configure the EIGRP Router ID using the eigrp router-id
command. Use the number 1.1.1.1
.
R1(config-router-af)# eigrp router-id 1.1.1.1
d. Repeat the configuration process on R3 and D2. For the R3 router ID use 3.3.3.3, and for the D2 router ID use 132.132.132.132.
Step 3: Verify EIGRP for IPv6
a. A few seconds after configuring the network statements on R1, R3 and D2, you should have seen EIGRP adjacencies being formed, as noted at the console by messages similar to the one below.
*Mar 9 13:42:47.969: %DUAL-5-NBRCHANGE: EIGRP-IPv6 43: Neighbor FE80::3:2 (GigabitEthernet1/0/11) is up: new adjacency
b. To verify that routing is working, ping from PC1 to Interface Loopback 1 on R3 (2001:db8:abcd:8::1). The ping should be successful.
c. On R1, examine the EIGRP entries in the IPv6 routing table using the show ipv6 route eigrp
command. As you can see, R1 is aware of all of the networks that have been configured in the topology. The remote networks that were learned from EIGRP and that appear in the routing table were learned from routers R2 and R3 as indicated by the link local address that is displayed for these entries. Note that in some cases, EIGRP for IPv6 has two equal cost routes for a network.
R1# show ipv6 route eigrp IPv6 Routing Table - default - 17 entries <output omitted> D 2001:DB8:FF:999::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:ABCD:8::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:9::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:10::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:11::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:12::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ACAD:3::/64 [90/15360] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:CAFE:2::/64 [90/15360] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:CEDE::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:CEDE:1::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0
d. Now examine the EIGRP topology table using the show ipv6 eigrp topology all-links
command. The all-links parameter instructs the router to display routes that are not successors or feasible successors. We will focus on the routes to 2001:db8:abcd:10::/64 and 2001:db8:cafe:2::/64. There are several things to notice.
Remember that the topology table is EIGRP’s database of route information. EIGRP selects the best paths, based on the DUAL algorithm, and offers them to the IP routing table. However, the IP routing table does not have to use those offered paths, because the router may have learned about the same network from a more reliable routing source, which would be a routing source with a lower administrative distance.
R1# show ipv6 eigrp topology all-links EIGRP-IPv6 VR(EIGRP_IPV6) Topology Table for AS(43)/ID(1.1.1.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 2001:DB8:CEDE:1::/64, 1 successors, FD is 328990720, serno 7 via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0 P 2001:DB8:CEDE::/64, 1 successors, FD is 328990720, serno 6 via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0 P 2001:DB8:ABCD:10::/64, 2 successors, FD is 2048000, serno 16 via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0 via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1 P 2001:DB8:ACAD:1::/64, 1 successors, FD is 1310720, serno 2 via Connected, GigabitEthernet0/0/1.1 via FE80::D1:1 (1966080/1310720), GigabitEthernet0/0/1.1 P 2001:DB8:ABCD:12::/64, 2 successors, FD is 2048000, serno 18 via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0 via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1 P 2001:DB8:CAFE:2::/64, 1 successors, FD is 1966080, serno 4 via FE80::2:1 (1966080/1310720), GigabitEthernet0/0/0 via FE80::D1:1 (2621440/1966080), GigabitEthernet0/0/1.1 P 2001:DB8:ABCD:9::/64, 2 successors, FD is 2048000, serno 15 via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0 via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1 P 2001:DB8:ABCD:11::/64, 2 successors, FD is 2048000, serno 17 via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0 via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1 P 2001:DB8:ACAD:2::/64, 1 successors, FD is 1310720, serno 3 via Connected, GigabitEthernet0/0/1.2 P 2001:DB8:ABCD:8::/64, 2 successors, FD is 2048000, serno 14 via FE80::2:1 (2048000/1392640), GigabitEthernet0/0/0 via FE80::D1:1 (2048000/1392640), GigabitEthernet0/0/1.1 P 2001:DB8:CAFE:1::/64, 1 successors, FD is 1310720, serno 1 via Connected, GigabitEthernet0/0/0 via FE80::2:1 (1966080/1310720), GigabitEthernet0/0/0 P 2001:DB8:FF:999::/64, 1 successors, FD is 328990720, serno 5 via FE80::2:1 (328990720/327761920), GigabitEthernet0/0/0 P 2001:DB8:ACAD:3::/64, 1 successors, FD is 1966080, serno 13 via FE80::D1:1 (1966080/1310720), GigabitEthernet0/0/1.1
We will focus on the routes, highlighted in the above output, to 2001:db8:abcd:10::/64 and 2001:db8:cafe:2::/64. There are several things to notice:
– The entry for the 2001:db8:abcd:10::/64 network shows two successors, while the entry for 2001:db8:cafe:2::/64 shows only one successor. Both entries show two paths. The path with the lowest Feasible Distance (FD) is selected as the successor and is offered to the routing table. For 2001:db8:abcd:10::/64, there are two paths with equal FD, so they are both successors and both are offered to the global routing table. In the case of 2001:db8:cafe:2::/64, the FD is listed as 19660800. The path via fe80::2:1 shows that number as the FD (first number in parentheses). The path via fe80::d1:1 shows an FD of 2621440, which is higher than the current FD. So that path, although valid, is a higher cost path and is not offered to the routing table.
– The FD listed in the topology table does not match the metric listed in the routing table. For 2001:db8:abcd:10::/64, the routing table shows the metric value 16000 while the topology table shows the FD as 2048000. This is due to the routing table having a limit of 4 bytes (32 bits) for metric information, while EIGRP on R1 is using EIGRP wide metrics, which are 64 bits. Wide metrics are used by Named EIGRP by default. To work around the 32-bit metric size limitation in the routing table, EIGRP divides the wide-metric value by the EIGRP_RIB_SCALE value, which defaults to 128. The value 2048000 divided by 128 is 16000.
Note: A network with mixed EIGRP implementations (Named and Classic in the same routing domain), will have some loss of route clarity, which could lead to sub-optimal path selection. The recommended implementation is to use Named EIGRP in all cases.
– There are no feasible successors listed in the topology table for 2001:db8:abcd:10::/64 or 2001:db8:cafe:2::/64. The feasibility condition requires that the reported distance (RD) to a destination network be less than the current FD for a next-hop to be considered a feasible successor to the route. In the case of 2001:db8:cafe:2::/64, the RD of the path via fe80::d1:1 is listed as 1966080, which is equal to the current FD, which disqualifies this path as a feasible successor. If the path via fe80::2:1 were to be lost, R1 would have to send queries to find a new way to get to 2001:db8:cafe:2::/64. Feasible successors appear only in the topology table. Only successors appear in the routing table.
e. To see the RIB Scale and metric version values, as well as other protocol information, issue the show ipv6 protocols | section EIGRP_IPv6
command.
R1# show ipv6 protocols | section EIGRP_IPV6 EIGRP-IPv6 VR(EIGRP_IPV6) Address-Family Protocol for AS(43) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0 Metric rib-scale 128 Metric version 64bit Soft SIA disabled NSF-aware route hold timer is 240 EIGRP NSF disabled NSF signal timer is 20s NSF converge timer is 120s Router-ID: 1.1.1.1 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 16 Maximum hopcount 100 Maximum metric variance 1 Total Prefix Count: 13 Total Redist Count: 0
f. To examine details about a particular path, issue the show ipv6 eigrp topology [address]
command. Among other things in this output, you can see the values used in calculating the metric.
R1# show ipv6 eigrp topology 2001:db8:cafe:2::/64 EIGRP-IPv6 VR(EIGRP_IPV6) Topology Entry for AS(43)/ID(1.1.1.1) for 2001:DB8:CAFE:2::/64 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1966080, RIB is 15360 Descriptor Blocks: FE80::2:1 (GigabitEthernet0/0/0), from FE80::2:1, Send flag is 0x0 Composite metric is (1966080/1310720), route is Internal Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 20000000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 2.2.2.2 FE80::D1:1 (GigabitEthernet0/0/1.1), from FE80::D1:1, Send flag is 0x0 Composite metric is (2621440/1966080), route is Internal Vector metric: Minimum bandwidth is 1000000 Kbit Total delay is 30000000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Originating router is 3.3.3.3
Part 3: Tune and Optimize EIGRP for IPv6
In this part of the lab, you will tune and optimize EIGRP for IPv6 through the use of passive interfaces, default router redistribution, summary routes, authentication, load balancing, and route filtering.
Step 1: Configure specific interfaces as passive.
Passive interfaces are interfaces that only partially participate in the operation of a routing protocol. The network that a passive interface is connected to is advertised, while the routing protocol does not actually transmit routing protocol-specific traffic on that interface. Use passive interfaces when you have a connected network that you want to advertise, but you do not want protocol neighbors to appear on that interface. Interfaces supporting users should always be configured as passive. There are two ways to configure interfaces as passive. The first is specifically by interface. The other is to make all interfaces default to passive default. Normally a device with many LAN interfaces will use the default option, and then use the no form of the command on the specific interfaces that should be sending and receiving EIGRP messages.
a. On PC1, run Wireshark and set the display capture filter to eigrp. You should see a hello message roughly every five seconds. If PC 1 is capable of running EIGRP for IPv6, you might be able to form an adjacency and interact in the routing domain. This is not desirable.
b. On R1, configure af-interface g0/0/1
to be passive.
R1(config)# router eigrp EIGRP_IPV6 R1(config-router)# address-family ipv6 unicast autonomous-system 43 R1(config-router-af)# af-interface g0/0/1.2 R1(config-router-af-interface)# passive-interface R1(config-router-af-interface)# end
c. On PC1, restart the Wireshark capture with the eigrp capture filter. You should no longer see EIGRP Hello messages.
Step 2: Configure interfaces from default to passive.
The second option for configuring passive interfaces is to configure them all as passive and then issue the no passive-interface
command for certain interfaces. This approach is suitable in a security-focused scenario, or when the device has many LAN interfaces. The commands vary depending on whether you are using Classic or Named EIGRP.
a. In Classic EIGRP configuration, issue the passive-interface default
command followed by no passive-interface [interface designation]
command on the interfaces that should be participating in EIGRP. As an example, configure this on R2, and then make interfaces G0/0/0 and G0/0/1 active. Note that you will lose EIGRP adjacencies until the interfaces are active.
R2(config)# ipv6 router eigrp 43 R2(config-rtr)# passive-interface default R2(config-rtr)# no passive-interface g0/0/0 R2(config-rtr)# no passive-interface g0/0/1 R2(config-rtr)# end
b. In Named EIGRP configuration, you apply the passive-interface
command to the af-interface default configuration, and then no passive-interface
command to the af-interface specific interface. On R3, set the af-interface default as passive and then configure G0/0/0 and S0/1/0 as active. Note that you will lose EIGRP adjacencies until the interfaces are active.
R3(config)# router eigrp EIGRP_IPV6 R3(config-router)# address-family ipv6 unicast autonomous-system 43 R3(config-router-af)# af-interface default R3(config-router-af-interface)# passive-interface R3(config-router-af-interface)# exit-af-interface R3(config-router-af)# af-interface g0/0/0 R3(config-router-af-interface)# no passive-interface R3(config-router-af-interface)# exit-af-interface R3(config-router-af)# af-interface g0/0/1 R3(config-router-af-interface)# no passive-interface R3(config-router-af-interface)# end
c. The output of show ip protocols | include (passive)
will give you a list of passive interfaces configured for EIGRP.
R3# show ipv6 protocols | include (passive) Loopback5 (passive) Loopback4 (passive) Loopback3 (passive) Loopback2 (passive) Loopback1 (passive)
Step 3: Propagate a default route.
EIGRP for IPv6 can be configured to propagate a default route to other EIGRP routers in the AS. This lab will explore two methods of propagating a default route, either by redistributing a default static route or by sharing a summary default route.
In this topology, interface Loopback 0 on R2 has been configured to simulate an internet destination. Therefore, we will configure a default route on R2 and then configure EIGRP for IPv6 to redistribute the route.
a. Configure a static default route on R2 with an exit interface of Loopback0s IPv6 address.
R2(config)# ipv6 route ::/0 2001:db8:ff:999::1
b. Go into EIGRP configuration add the redistribute static
command.
R2(config)# ipv6 router eigrp 43 R2(config-rtr)# redistribute static R2(config-rtr)# end
c. At R1, issue the show ipv6 route eigrp | begin EX ::
command. Notice the default route is present as an EIGRP external route with an AD of 170. Further, notice that individual routes for the 2001:db8:cede::/64 and 2001:db8:cede:1::/64 networks, representing R2 interfaces Lo1 and Lo2, are present in the routing table.
R1# show ipv6 route eigrp | begin EX :: EX ::/0 [170/2570240] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:FF:999::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:ABCD:8::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:9::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:10::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:11::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:12::/64 [90/16000] via FE80::2:1, GigabitEthernet0/0/0 via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ACAD:3::/64 [90/15360] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:CAFE:2::/64 [90/15360] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:CEDE::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:CEDE:1::/64 [90/2570240] via FE80::2:1, GigabitEthernet0/0/0
d. On R2, remove the redistribute static
command from EIGRP and remove the static default route.
e. On R2, configure the ipv6 summary-address
command on the GigabitEthernet0/0/0 and GigabtEthernet0/0/1 interfaces. Specify the eigrp 43 and the route ::/0
R2(config)# interface GigabitEthernet0/0/0 R2(config-if)# ipv6 summary-address eigrp 43 ::/0 R2(config-if)# interface GigabitEthernet0/0/1 R2(config-if)# ipv6 summary-address eigrp 43 ::/0
f. Go to router R1 and use the show ipv6 route eigrp
command to see the default route that has been injected into the routing table. Notice in the output that the route now appears as an internal EIGRP route with an AD of 90. Also notice that individual routes for the 2001:db8:cede::/64 and 2001:db8:cede:1::/64 networks, representing R2 interfaces Lo1 and Lo2, are no longer present in the routing table. The ipv6 summary-address ::/0
command replaced all individual routes that R2 was advertising.
Note: If you were to add another summary address on R2, similar to what you will do in the next sub-step, that summary would be advertised as well.
R1# show ipv6 route eigrp <output omitted> D ::/0 [90/15360] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:ABCD:8::/64 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:9::/64 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:10::/64 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:11::/64 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ABCD:12::/64 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ACAD:3::/64 [90/15360] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:CAFE:2::/64 [90/20480] via FE80::D1:1, GigabitEthernet0/0/1.1
Step 4: Configure an EIGRP for IPv6 Summary Address.
Router R3 is configured with five loopback interfaces that simulate five IPv6 LANs. Those LAN addresses appear in the other EIGRP routers as five individual routes. In order to limit the impact of these five LANs on routing tables and routing protocol traffic, the routes can be configured with a single route summary address that will enable all five networks to be reached without requiring separate information to be shared for each network.
a. To optimize EIGRP for IPv6, on R3 summarize the loopback addresses as a single route and advertise the summary route in R3’s EIGRP updates to R1 and R2. Use the same summarization method that is used for IPv4 by finding the bits that all five addresses have in common. The IPv6 loopback addresses could be summarized as 2001:db8:abcd::/61, but common practice is not to split the summary at the nibble level. Therefore, summary masks will normally be 48, 52, 56, and 60 bits. For our exercise, we will specify a 56 bit mask, even though that summary would indicate more networks than R3 is hosting. After configuring the summary route on the interface, notice that the neighbor adjacency between R3 and R2 and R1 is resynchronized (restarted).
R3(config)# router eigrp EIGRP_IPV6 R3(config-router)# address-family ipv6 unicast autonomous-system 43 R3(config-router-af)# af-interface g0/0/0 R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56 R3(config-router-af-interface)# exit R3(config-router-af)# af-interface g0/0/1 R3(config-router-af-interface)# summary-address 2001:db8:abcd::/56 R3(config-router-af-interface)# end
b. Examine the routing table of R1 to verify that R1 is receiving only one summary route for the loopback interfaces.
R1# show ipv6 route eigrp <output omitted> D ::/0 [90/15360] via FE80::2:1, GigabitEthernet0/0/0 D 2001:DB8:ABCD::/56 [90/16000] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:ACAD:3::/64 [90/15360] via FE80::D1:1, GigabitEthernet0/0/1.1 D 2001:DB8:CAFE:2::/64 [90/20480] via FE80::D1:1, GigabitEthernet0/0/1.1
Step 5: Configure EIGRP authentication.
EIGRP for IPv6 supports authentication on an interface basis. In other words, each interface can be configured to require authentication of the connected peer. This ensures that connected devices that try to form an adjacency are authorized to do so. Classic EIGRP supports key-chain based MD5-hashed keys, while Named EIGRP adds support for SHA256-hashed keys. The two are not compatible.
In this step, you will configure both types of authentication to exercise the range of options available.
a. On R1, R2, and R3, create a key-chain named EIGRPv6-AUTHEN-KEY with a single key. The key should have the key-string $3cre7!!
R1(config)# key chain EIGRPv6-AUTHEN-KEY R1(config-keychain)# key 1 R1(config-keychain-key)# key-string $3cre7!! R1(config-keychain-key)# end
b. On R2, configure interfaces G0/0/0 and G0/0/1 to use the key chain that you just created with MD5. Note that you will lose EIGRP adjacencies until the neighbor interfaces are configured.
R2(config)# interface g0/0/0 R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5 R2(config-if)# exit R2(config)# interface g0/0/1 R2(config-if)# ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY R2(config-if)# ipv6 authentication mode eigrp 43 md5 R2(config-if)# end
c. Configure interfaces GigabitEthernet0/0/0 on R1 and R3 to use the key chain with MD5. EIGRP adjacencies with R2 should be restored.
R1(config)# router eigrp EIGRP_IPV6 R1(config-router)# address-family ipv6 unicast autonomous-system 43 R1(config-router-af)# af-interface g0/0/0 R1(config-router-af-interface)# authentication key-chain EIGRPv6-AUTHEN-KEY R1(config-router-af-interface)# authentication mode md5 R1(config-router-af-interface)# end
d. Use the show ip eigrp interface detail | section Gi0/0/0
command to verify authentication is in place and what type it is.
R1# show ipv6 eigrp interface detail | section Gi0/0/0 Gi0/0/0 1 0/0 0/0 1 0/050 0 Hello-interval is 5, Hold-time is 15 Split-horizon is enabled Next xmit serial <none> Packetized sent/expedited: 14/2 Hello's sent/expedited: 186/4 Un/reliable mcasts: 0/11 Un/reliable ucasts: 15/7 Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0 Retransmissions sent: 3 Out-of-sequence rcvd: 0 Topology-ids on interface - 0 Authentication mode is md5, key-chain is "EIGRP-AUTHEN-KEY" Topologies advertised on this interface: base Topologies not advertised on this interface:
e. On R1, R3 and D2, configure HMAC-SHA-256 based authentication using the same shared secret, $3cre7!!, on R1 interface G0/0/1.1, R3 interface G0/0/1, and D2 interfaces G1/0/1 and G1/0/11. Note that EIGRP adjacency will be lost until both ends of a link are configured.
R1(config)# router eigrp EIGRP_IPV6 R1(config-router)# address-family ipv6 unicast autonomous-system 43 R1(config-router-af)# af-interface g0/0/1.1 R1(config-router-af-interface)# authentication mode hmac-sha-256 $3cre7!! R1(config-router-af-interface)# end
f. Use the show ipv6 eigrp interface detail
command to verify authentication is in place and what type it is.
R1# show ipv6 eigrp interface detail | section Gi0/0/1.1 Gi0/0/1.1 1 0/0 0/0 3 0/050 0 Hello-interval is 5, Hold-time is 15 Split-horizon is enabled Next xmit serial <none> Packetized sent/expedited: 27/1 Hello's sent/expedited: 582/3 Un/reliable mcasts: 0/28 Un/reliable ucasts: 35/11 Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0 Retransmissions sent: 2 Out-of-sequence rcvd: 0 Topology-ids on interface - 0 Authentication mode is HMAC-SHA-256, key-chain is not set Topologies advertised on this interface: base Topologies not advertised on this interface:
Step 6: Manipulate load balancing with variance.
By default, load balancing occurs only over equal-cost paths. EIGRP supports up to four equal cost paths by default but can be configured to support as many as 32 with the maximum-paths
command.
EIGRP has the added capability to load balance over unequal-cost paths. Load balancing is controlled by the variance parameter. Its value is a multiplier that is used to determine how to deal with multiple paths to the same destination.
Variance is set to 1 by default, so any paths up to the configured maximum number of paths that have an FD equal to the best current FD are also offered to the routing table. This provides equal cost load balancing.
The variance parameter can also be set to zero, which dictates that no load balancing takes place.
The variance parameter can be adjusted so that paths that have an FD that is less than or equal to variance times current best FD are also considered as successors and installed into the routing table. There is an extremely important differentiation here — to be a feasible successor, the RD of a path must be less than the current best FD. To be considered for unequal load balancing, the FD of the feasible successor is multiplied by the variance value, and if the product of this calculation is less than the current best FD, the feasible successor is promoted to successor.
There are two caveats; first, only feasible successors are considered and second, with unequal cost load balancing, traffic share is proportional to the best metric in the routing table for the given path.
Note: Keep in mind that your routing table may be different than the one created by the examples in this lab. If your results are different, examine them carefully to determine why so that you can thoroughly understand how EIGRP is operating.
a. Before manipulating variance, R3 needs to see individual routes from R2 instead of a summary. Therefore, remove the summary routes on R2 so that it will again advertise more specific EIGRP routes to R3.
R2(config-if)# interface g0/0/0 R2(config-if)# no ipv6 summary-address eigrp 43 ::/0 R2(config-if)# exit R2(config)# interface g0/0/1 R2(config-if)# no ipv6 summary-address eigrp 43 ::/0 R2(config-if)# end
b. On R3, verify that there are again two equal-cost paths to 2001:db8:acad:2::64. In this example, the IPv6 address must be entered in ALL CAPS.
R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64 D 2001:DB8:ACAD:2::/64 [90/20480] via FE80::D1:2, GigabitEthernet0/0/1 via FE80::2:2, GigabitEthernet0/0/0
c. To change this and allow for the demonstration of variance, change the interface bandwidth for the R2 interfaces G0/0/0 and G0/0/1 to 800000.
R2(config)# interface g0/0/0 R2(config-if)# bandwidth 800000 R2(config-if)# exit R2(config)# interface g0/0/1 R2(config-if)# bandwidth 800000 R2(config-if)# end
d. When you examine the routing table on R3, you see that there is no load balancing occurring. All destinations have a single path.
R3# show ipv6 route eigrp | section 2001:DB8:ACAD:2::/64 D 2001:DB8:ACAD:2::/64 [90/20480] via FE80::D1:2, GigabitEthernet0/0/1
e. However, we know there are multiple paths in the network. The first consideration for manipulating variance is that it only works with feasible successors. Examining the topology table on R3 shows that there is a feasible successor for the 2001:db8:acad:2::/64 network. The route via fe80::2:2 out the G0/0/0 interface has an RD less than the FD for the current successor.
R3# show ipv6 eigrp topology | section 2001:DB8:ACAD:2::/64 P 2001:DB8:ACAD:2::/64, 1 successors, FD is 2621440 via FE80::D1:2 (2621440/1966080), GigabitEthernet0/0/1 via FE80::2:2 (2785280/2129920), GigabitEthernet0/0/0
f. To use the other route for unequal cost load balancing, we can set the variance parameter to 2. This will mean that any path with an RD less than or equal to 5242880 will qualify as a successor (2 x 2621440 = 5242880).
R3(config)# router eigrp EIGRP_IPV6 R3(config-router)# address-family ipv6 unicast autonomous-system 43 R3(config-router-af)# topology base R3(config-router-af-topology)# variance 2 R3(config-router-af-topology)# exit R3(config-router-af)# exit R3(config-router)# exit R3(config)# end
g. The output of the show ipv6 route eigrp
command now displays two paths available to the 2001:db8:acad:2::/64 network. Notice that the routes have different metrics, but are listed and used just the same. Also, notice adding variance 2 adds a second path to the 2001:db8:cafe:1::/64 network.
R3# show ipv6 route eigrp <output omitted> D 2001:DB8:FF:999::/64 [90/2570240] via FE80::2:2, GigabitEthernet0/0/0 D 2001:DB8:ABCD::/56 [5/1280] via Null0, directly connected D 2001:DB8:ACAD:2::/64 [90/20480] via FE80::D1:2, GigabitEthernet0/0/1 via FE80::2:2, GigabitEthernet0/0/0 D 2001:DB8:ACAD:3::/64 [90/15360] via FE80::D1:2, GigabitEthernet0/0/1 D 2001:DB8:CAFE:1::/64 [90/16640] via FE80::2:2, GigabitEthernet0/0/0 via FE80::D1:2, GigabitEthernet0/0/1 D 2001:DB8:CEDE::/64 [90/2570240] via FE80::2:2, GigabitEthernet0/0/0 D 2001:DB8:CEDE:1::/64 [90/2570240] via FE80::2:2, GigabitEthernet0/0/0
Step 7: Filter EIGRP routes using a prefix list.
In this step, you will configure a filter at R2 to block propagation of the network 2001:db8:cafe:1::/64 to R3.
a. On R3, issue the command show ipv6 route 2001:db8:cafe:1::/64
command. The output should list two successors, one via fe80::2:2 and one via fe90::d2:2. We want to filter route via fe80::2:1.
R3# show ipv6 route 2001:db8:cafe:1::/64 Routing entry for 2001:DB8:CAFE:1::/64 Known via "eigrp 43", distance 90, metric 16640, type internal Route count is 2/2, share count 0 Routing paths: FE80::2:2, GigabitEthernet0/0/0 From FE80::2:2 Last updated 00:05:00 ago FE80::D1:2, GigabitEthernet0/0/1 From FE80::D1:2 Last updated 00:04:35 ago
b. On R2, create an IPv6 prefix list that matches the 2001:db8:cafe:1::/64 network.
R2(config)# ipv6 prefix-list DROP-CAFE-1 seq 10 deny 2001:db8:cafe:1::/64 R2(config)# ipv6 prefix-list DROP-CAFE-1 seq 20 permit ::/0 R2(config)# end
c. On R2, apply the prefix list as a distribute list for updates exiting the G0/0/1 interface towards R3.
R2(config)# ipv6 router eigrp 43 R2(config-rtr)# distribute-list prefix-list DROP-CAFE-1 out g0/0/1 R2(config-rtr)# exit R2(config)# end
d. On R3, issue the show ipv6 route 2001:db8:cafe:1::/64
command. The output should now list one successor fe80::d1:2. Verify that R3 no longer has a successor route via fe80::2:2 to the 2001:db8:cafe:1::/64 network.
e.
R3# show ipv6 route 2001:db8:cafe:1::/64 Routing entry for 2001:DB8:CAFE:1::/64 Known via "eigrp 43", distance 90, metric 20480, type internal Route count is 1/1, share count 0 Routing paths: FE80::D1:2, GigabitEthernet0/0/1 From FE80::D1:2 Last updated 00:15:29 ago
Router Interface Summary Table
Router Model | Ethernet Interface #1 | Ethernet Interface #2 | Serial Interface #1 | Serial Interface #2 |
---|---|---|---|---|
1800 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
1900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
2801 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
2811 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
2900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
4221 | Gigabit Ethernet 0/0/0 (G0/0/0) | Gigabit Ethernet 0/0/1 (G0/0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
4300 | Gigabit Ethernet 0/0/0 (G0/0/0) | Gigabit Ethernet 0/0/1 (G0/0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.
Device Configs – Final
Router R1
R1# show run Building configuration... Current configuration : 2181 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! key chain EIGRPv6-AUTHEN-KEY key 1 key-string $3cre7!! ! spanning-tree extend system-id ! redundancy mode none ! interface GigabitEthernet0/0/0 no ip address negotiation auto ipv6 address FE80::1:1 link-local ipv6 address 2001:DB8:CAFE:1::1/64 ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface GigabitEthernet0/0/1.1 description VLAN 1 Interface encapsulation dot1Q 1 native ipv6 address FE80::1:2 link-local ipv6 address 2001:DB8:ACAD:1::1/64 ! interface GigabitEthernet0/0/1.2 description VLAN 2 Interface encapsulation dot1Q 2 ipv6 address FE80::1:3 link-local ipv6 address 2001:DB8:ACAD:2::1/64 ! interface Serial0/1/0 no ip address ! interface Serial0/1/1 no ip address ! router eigrp EIGRP_IPV6 ! address-family ipv6 unicast autonomous-system 43 ! af-interface GigabitEthernet0/0/1.2 passive-interface exit-af-interface ! af-interface GigabitEthernet0/0/0 authentication mode md5 authentication key-chain EIGRPv6-AUTHEN-KEY exit-af-interface ! af-interface GigabitEthernet0/0/1.1 authentication mode hmac-sha-256 $3cre7!! exit-af-interface ! topology base exit-af-topology eigrp router-id 1.1.1.1 exit-address-family ! ip forward-protocol nd no ip http server ip http secure-server ! control-plane ! banner motd ^C R1, Implement EIGRP for IPv6 ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco123 login ! end
Router R2
R2# show run Building configuration... Current configuration : 2355 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R2 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! key chain EIGRPv6-AUTHEN-KEY key 1 key-string $3cre7!! ! spanning-tree extend system-id ! redundancy mode none ! interface Loopback0 description Internet host no ip address ipv6 address FE80::2:3 link-local ipv6 address 2001:DB8:FF:999::153/64 ipv6 eigrp 43 ! interface Loopback1 no ip address ipv6 address FE80::2:4 link-local ipv6 address 2001:DB8:CEDE::1/64 ipv6 eigrp 43 ! interface Loopback2 no ip address ipv6 address FE80::2:5 link-local ipv6 address 2001:DB8:CEDE:1::1/64 ipv6 eigrp 43 ! interface GigabitEthernet0/0/0 bandwidth 800000 no ip address negotiation auto ipv6 address FE80::2:1 link-local ipv6 address 2001:DB8:CAFE:1::2/64 ipv6 eigrp 43 ipv6 authentication mode eigrp 43 md5 ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY ! interface GigabitEthernet0/0/1 bandwidth 800000 no ip address negotiation auto ipv6 address FE80::2:2 link-local ipv6 address 2001:DB8:CAFE:2::2/64 ipv6 eigrp 43 ipv6 authentication mode eigrp 43 md5 ipv6 authentication key-chain eigrp 43 EIGRPv6-AUTHEN-KEY ! ip forward-protocol nd no ip http server ip http secure-server ! ipv6 router eigrp 43 distribute-list prefix-list DROP-CAFE-1 out GigabitEthernet0/0/1 passive-interface default no passive-interface GigabitEthernet0/0/0 no passive-interface GigabitEthernet0/0/1 eigrp router-id 2.2.2.2 ! ipv6 prefix-list DROP-CAFE-1 seq 10 deny 2001:DB8:CAFE:1::/64 ipv6 prefix-list DROP-CAFE-1 seq 20 permit ::/0 ! control-plane ! banner motd ^C R2, Implement EIGRP for IPv6 ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco123 login ! end
Router R3
R3# show run Building configuration... Current configuration : 2622 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R3 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! key chain EIGRPv6-AUTHEN-KEY key 1 key-string $3cre7!! ! spanning-tree extend system-id ! redundancy mode none ! interface Loopback1 no ip address ipv6 address FE80::3:3 link-local ipv6 address 2001:DB8:ABCD:8::1/64 ! interface Loopback2 no ip address ipv6 address FE80::3:4 link-local ipv6 address 2001:DB8:ABCD:9::1/64 ! interface Loopback3 no ip address ipv6 address FE80::3:5 link-local ipv6 address 2001:DB8:ABCD:10::1/64 ! interface Loopback4 no ip address ipv6 address FE80::3:6 link-local ipv6 address 2001:DB8:ABCD:11::1/64 ! interface Loopback5 no ip address ipv6 address FE80::3:7 link-local ipv6 address 2001:DB8:ABCD:12::1/64 ! interface GigabitEthernet0/0/0 no ip address negotiation auto ipv6 address FE80::3:1 link-local ipv6 address 2001:DB8:CAFE:2::1/64 ! interface GigabitEthernet0/0/1 no ip address negotiation auto ipv6 address FE80::3:2 link-local ipv6 address 2001:DB8:ACAD:1::3/64 ! interface Serial0/1/0 no ip address ! interface Serial0/1/1 no ip address ! router eigrp EIGRP_IPV6 ! address-family ipv6 unicast autonomous-system 43 ! af-interface default passive-interface exit-af-interface ! af-interface GigabitEthernet0/0/0 summary-address 2001:DB8:ABCD::/56 authentication mode md5 authentication key-chain EIGRPv6-AUTHEN-KEY no passive-interface exit-af-interface ! af-interface GigabitEthernet0/0/1 summary-address 2001:DB8:ABCD::/56 authentication mode hmac-sha-256 $3cre7!! no passive-interface exit-af-interface ! topology base variance 2 exit-af-topology eigrp router-id 3.3.3.3 exit-address-family ! ip forward-protocol nd no ip http server ip http secure-server ! control-plane ! banner motd ^C R3, Implement EIGRP for IPv6 ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco123 login ! end
Switch D1
D1# show run Building configuration... Current configuration : 7193 bytes ! version 16.9 no service pad service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home no platform punt-keepalive disable-kernel-core ! hostname D1 ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! no aaa new-model switch 1 provision ws-c3650-24td ! no ip domain lookup ! login on-success log ! license boot level ipservicesk9 ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! transceiver type all monitoring ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 switchport mode trunk ! interface GigabitEthernet1/0/2 switchport mode access shutdown ! interface GigabitEthernet1/0/3 switchport mode access shutdown ! interface GigabitEthernet1/0/4 switchport mode access shutdown ! interface GigabitEthernet1/0/5 switchport mode access shutdown ! interface GigabitEthernet1/0/6 switchport mode access shutdown ! interface GigabitEthernet1/0/7 switchport mode access shutdown ! interface GigabitEthernet1/0/8 switchport mode access shutdown ! interface GigabitEthernet1/0/9 switchport mode access shutdown ! interface GigabitEthernet1/0/10 switchport mode access shutdown ! interface GigabitEthernet1/0/11 switchport mode trunk ! interface GigabitEthernet1/0/12 switchport mode access shutdown ! interface GigabitEthernet1/0/13 switchport mode access shutdown ! interface GigabitEthernet1/0/14 switchport mode access shutdown ! interface GigabitEthernet1/0/15 switchport mode access shutdown ! interface GigabitEthernet1/0/16 switchport mode access shutdown ! interface GigabitEthernet1/0/17 switchport mode access shutdown ! interface GigabitEthernet1/0/18 switchport mode access shutdown ! interface GigabitEthernet1/0/19 switchport mode access shutdown ! interface GigabitEthernet1/0/20 switchport mode access shutdown ! interface GigabitEthernet1/0/21 switchport mode access shutdown ! interface GigabitEthernet1/0/22 switchport mode access shutdown ! interface GigabitEthernet1/0/23 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/24 switchport mode access shutdown ! interface GigabitEthernet1/1/1 switchport mode access shutdown ! interface GigabitEthernet1/1/2 switchport mode access shutdown ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface Vlan1 no ip address ! ip forward-protocol nd ip http server ip http secure-server ! control-plane service-policy input system-cpp-policy ! banner motd ^C D1, Implement EIGRP for IPv6 ^C ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco123 login line vty 5 15 login ! end
Switch D2
D2# show run Building configuration... Current configuration : 7142 bytes ! version 16.9 no service pad service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home no platform punt-keepalive disable-kernel-core ! hostname D2 ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! no aaa new-model switch 1 provision ws-c3650-24td ! no ip domain lookup ! login on-success log ipv6 unicast-routing ! license boot level ipservicesk9 ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! transceiver type all monitoring ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 no switchport no ip address ipv6 address FE80::D2:1 link-local ipv6 address 2001:DB8:ACAD:1::2/64 ! interface GigabitEthernet1/0/2 shutdown ! interface GigabitEthernet1/0/3 shutdown ! interface GigabitEthernet1/0/4 shutdown ! interface GigabitEthernet1/0/5 shutdown ! interface GigabitEthernet1/0/6 shutdown ! interface GigabitEthernet1/0/7 shutdown ! interface GigabitEthernet1/0/8 shutdown ! interface GigabitEthernet1/0/9 shutdown ! interface GigabitEthernet1/0/10 shutdown ! interface GigabitEthernet1/0/11 no switchport no ip address ipv6 address FE80::D1:2 link-local ipv6 address 2001:DB8:ACAD:3::2/64 ! interface GigabitEthernet1/0/12 shutdown ! interface GigabitEthernet1/0/13 shutdown ! interface GigabitEthernet1/0/14 shutdown ! interface GigabitEthernet1/0/15 shutdown ! interface GigabitEthernet1/0/16 shutdown ! interface GigabitEthernet1/0/17 shutdown ! interface GigabitEthernet1/0/18 shutdown ! interface GigabitEthernet1/0/19 shutdown ! interface GigabitEthernet1/0/20 shutdown ! interface GigabitEthernet1/0/21 shutdown ! interface GigabitEthernet1/0/22 shutdown ! interface GigabitEthernet1/0/23 shutdown ! interface GigabitEthernet1/0/24 shutdown ! interface GigabitEthernet1/1/1 shutdown ! interface GigabitEthernet1/1/2 shutdown ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface Vlan1 no ip address ! router eigrp EIGRP_IPV6 ! address-family ipv6 unicast autonomous-system 43 ! af-interface GigabitEthernet1/0/1 authentication mode hmac-sha-256 $3cre7!! exit-af-interface ! af-interface GigabitEthernet1/0/112 authentication mode hmac-sha-256 $3cre7!! exit-af-interface ! topology base exit-af-topology eigrp router-id 132.132.132.132 exit-address-family ! ip forward-protocol nd ip http server ip http secure-server ! control-plane service-policy input system-cpp-policy ! banner motd ^C D2, Implement EIGRP for IPv6 ^C ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco123 login line vty 5 15 login ! end