Thanks for the help, I understand this now with your help and in modifying the
AD of the static route and the summary address.
________________________________
From: Samarth Chidanand <[email protected]>
To: 'Tarik Admani' <[email protected]>; [email protected]
Sent: Wednesday, May 22, 2013 10:38 PM
Subject: RE: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Hi Tarik,
The route is not re-learned. When you create a summary in EIGRP you will have a
route for pointing to Null 0 installed in the routing table with an AD of 5.
If you shut both the outside interfaces then you will have the below output.
It’s obvious that packets to the outside will be dropped anyhow when there are
no connections to the outside. In this case the Null 0 route is dropping
everything. Pretty much the same.
Scenario is designed when one of the two outside interfaces shutdown, not for
both/all.
Samarth Chidanand
Sr Instructor / Developer – IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
From:Tarik Admani [mailto:[email protected]]
Sent: Thursday, May 23, 2013 9:02 AM
To: Samarth Chidanand; [email protected]
Subject: Re: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Samarth,
I went ahead and ran through this scenario and wanted to confirm my
understanding. The summary address is configured on the inside interface which
sends the summary address outbound but then
specifies the AD to 250 if this route is relearned when both default routes
become unreachable, hence loop prevention kicks in.
So in my scenario I shut both outside interfaces and when I issue a show route
on the ASA here are the results I see for the null route:
ASA-003fw# sho rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
D 1.1.1.0 255.255.255.0 [90/130816] via 192.168.103.1, 0:02:34, INSIDE
C 10.1.1.0 255.255.255.0 is directly connected, Dmzserver
C 192.168.203.0 255.255.255.0 is directly connected, dmz1
D 11.11.11.11 255.255.255.255
[90/130816] via 192.168.103.1, 0:02:34, INSIDE
D 11.11.11.23 255.255.255.255
[90/130816] via 192.168.103.1, 0:02:34, INSIDE
C 192.168.103.0 255.255.255.0 is directly connected, INSIDE
D 192.168.100.0 255.255.255.0 [90/28416] via 192.168.103.1, 0:02:34, INSIDE
D* 0.0.0.0 0.0.0.0 is a summary, 0:00:12, Null0
ASA-003fw# show eigrp topology 0.0.0.0
EIGRP-IPv4 (AS 111): Topology Default-IP-Routing-Table(0) entry for 0.0.0.0
0.0.0.0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2816
Routing Descriptor Blocks:
0.0.0.0 (Null0), from 0.0.0.0, Send flag is 0x0
Composite metric is (2816/0), Route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Exterior flag is set
I do not see the AD for this route.
Thanks,
________________________________
From:Samarth Chidanand <[email protected]>
To: 'Tarik Admani' <[email protected]>; [email protected]
Sent: Monday, May 20, 2013 10:58 PM
Subject: RE: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Hi Tarik,
When installed in the routing table you can see the admin distance.
Samarth Chidanand
Sr Instructor / Developer – IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
From:[email protected]
[mailto:[email protected]] On Behalf Of Tarik Admani
Sent: Tuesday, May 21, 2013 7:21 AM
To: [email protected]
Subject: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Sam,
I also took a look at this section and wanted to make sure my understanding is
correct.
If I add the summary route to the interface then remove both floating static
routes, then
I am left with the null default route, however I do not see the administrative
distance on the asa,
when I issue a show route.
I wanted to know one could verify the AD of the summary route by looking in the
routing table or
is the interface command for the summary address the only way to make sure?
Thanks,
You do not need prefix list
interface GigabitEthernet0/1
authentication key eigrp 111 CISC0I123
key-id 10
authentication mode eigrp 111 md5
summary-address eigrp 111 0.0.0.0 0.0.0.0 250
NULL route is similar to a discard route and is locally significant on that
router which advertises EIGRP default route or uses summary address in
eigrp. Here we are referring to the AD of the NULL route and not the AD of
the advertised route which R1 receives.
See below R1 has the default route but the AD is the default of 90. Hence
what we are taking about is the AD of the NULL route generated when
summary-address command is used on ASA which is locally significant.
R1#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.103.10 to network 0.0.0.0
D* 0.0.0.0/0 [90/28416] via 192.168.103.10, 00:17:44, FastEthernet0/0
Samarth Chidanand
Sr Instructor / Developer - IPexpert
CCIE #18535 (R&S, Security)
CCSI #34585
From: ccie_security-bounces at onlinestudylist.com
[mailto:ccie_security-bounces at onlinestudylist.com] On Behalf Of Mike Rojas
Sent: Saturday, April 13, 2013 4:29 AM
To: ccie_security at onlinestudylist.com
Subject: [OSL | CCIE_Security] WorkBook 1 Task4 point 5
Hi,
I do have some questions in regards to that specific point. It says that I
need to send the default route to Router 1 (Which I already did to practice
prefix lists :)) but it also says that change the distance of the null route
to 250 and that is where I get confused.
Is the null route the default
route? Also, is that route the same one that
it is being advertised? I saw that I can change the distance, but only for
routes inserted on our routing table.
Was looking also for the DSG of Workbook 1 but it seems like it is not
finished already.
Thanks,
Mike.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </archives/ccie_security/attachments/20130
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
