Docs
Powered by

Lab 9 - Multiarea OSPF & GRE

Shrimp Co. is opening remote offices in Milwaukee and New Orleans. Implement multi-area OSPF for scalable routing and configure GRE tunnels to connect all locations over the internet.

Tip: Individual topology files are available in the diagrams folder on my Github

Configuration Tasks

1. Access Layer Configuration:

Ensure access ports, trunks, VLAN databases, and port-channels are configured to span Layer 2 domain across all access and distribution switches.

  • VLAN 10 – Sales
  • VLAN 20 – Engineering
  • VLAN 30 – Marketing
  • VLAN 99 – IT

2. Distribution Layer Configuration:

  • Routed Ports & Loopback0
    • Configure routed ports and Loopback0 according to diagram
  • VLANs, Trunks & Port-channels
    • Ensure VLAN databases are matching and VLANs are allowed across all links
  • VRRP Configuration
    • Configure VIPs according to diagram
    • Load balance active gateways using priority. sea-mdf-dsw1 should be active for VLANs 10 and 20, sea-mdf-dsw2 should be the active gateway for VLANs 30 and 99.
    • Implement MD5 authentication
  • OSPF
    • Configure OSPF process 1 with passive-interface default
    • Advertise all host subnets with a single summary network statement.
    • Advertise Loopback0
    • Form adjacencies on Eth5-6 in Area 0
    • Utilize MD5 neighbor authentication

3. Router Configuration:

  • Routed Ports & Loopback0
    • Configure routed ports, Loopback0, and Tunnel0 according to diagram
  • OSPF
    • Configure OSPF process 1 with passive-interface default
    • Form adjacencies on Eth0/1-2 in Area 0
    • Form adjacency on Tunnel0 in Area 1 on sea-mdf-r1 (Requires remote site configuration)
    • Form adjacency on Tunnel0 in Area 2 on sea-mdf-r1 (Requires remote site configuration)
    • Originate the default route you receive from your BGP peer
    • Advertise Loopback0
  • BGP
    • Configure BGP peering, refer to ISP provided documentation for details.
  • NAT
    • Configure PAT on both routers, only matching host host subnet traffic.
  • DHCP
  • Configure DHCP Pools on both routers for all host subnets so that routers cannot provide overlapping IP addresses.

4. Remote Site Configuration:

  • Switch
    • Ensure VLAN 10 can reach it's gateway interface on the local router.
  • Router
    • Configure router subinterface and Loopback0 according to diagram
    • Configure static default route to public next-hop
    • Configure OSPF process 1 with passive-interface default
    • Form adjacency on Tunnel0 in Area 1 on sea-mdf-r1
    • Form adjacency on Tunnel0 in Area 2 on sea-mdf-r1
    • Configure static NAT or PAT for local internet egress.

Success Criteria

  • Hosts at HQ have ping reachability to remote sites
  • Hosts at HQ can curl http://seamart.com
  • Pings to the internet fail for Loopbacks but not hosts
  • Encrypt WAN traffic on your GRE tunnels using IPsec tunnel protection
  • Configure VARP instead of VRRP for your FHRP
  • Have Jim & Sharon acquire a DHCP address across the WAN
  • Configure EIGRP on your Tunnel interfaces, what additional configuration is needed for your remote sites to learn about networks at HQ and vise versa?

Verification Commands

show ip ospf neighbor
show ip route ospf
show interfaces tunnel0
 
show ip bgp summary
show ip bgp

Questions to Explore

  • What happens to your switchports when MST is configured on one switch and Rapid-PVST is configured on the other?
  • What's the smallest possible summary network statement you can use to advertise all host subnets? (No loopbacks)
  • Traceroute to Jim from Bob. Why don't you see any public IP addresses in the output despite it crossing that infrastructure?
  • Would Jim and Sharon still have internet reachability if you configured Areas 1 & 2 as totally stubby? What would be the fix while maintaining your totally stub areas??

Cisco Press - BGP Fundamentals IP Routing: OSPF Configuration Guide EOS OSPF Guide How to configure GRE Tunnel in CISCO Router How to configure GRE over IPSec in Cisco IOS and Cisco IOS-XE devices