EVN Route Leaking

Easy Virtual Network-  Route Leaking 

Redes virtuales con replicación de rutas entre vrf 

En este caso el VRF servicio  sera replicado a otras VRFs

ROUTER R2

vrf definition cliente1
 vnet tag 100
 !
 address-family ipv4
  route-replicate from vrf servicio unicast static
 exit-address-family
!

ip route vrf cliente1 192.168.40.0 255.255.255.0 10.10.10.2

ip route vrf servicio 192.168.50.0 255.255.255.0 10.10.10.2

!

ROUTER R3

vrf definition servicio
 vnet tag 300
 !
 address-family ipv4
  route-replicate from vrf cliente1 unicast static
 exit-address-family
!
ip route vrf cliente1 192.168.30.0 255.255.255.0 10.10.10.1

R2#routing-context vrf servicio
R2%servicio#sh ip route

Routing Table: servicio
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.10.10.0/30 is directly connected, FastEthernet1/1.300
L        10.10.10.1/32 is directly connected, FastEthernet1/1.300
C        10.10.10.4/30 is directly connected, FastEthernet2/0.300
L        10.10.10.5/32 is directly connected, FastEthernet2/0.300
S     192.168.50.0/24 [1/0] via 10.10.10.2


R2#routing-context vrf cliente1
R2%cliente1#sh ip route

Routing Table: cliente1
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.10.10.0/30 is directly connected, FastEthernet1/1.100
L        10.10.10.1/32 is directly connected, FastEthernet1/1.100
C        10.10.10.4/30 is directly connected, FastEthernet2/0.100
L        10.10.10.5/32 is directly connected, FastEthernet2/0.100
      192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.30.0/24 is directly connected, FastEthernet0/0
L        192.168.30.1/32 is directly connected, FastEthernet0/0
S     192.168.40.0/24 [1/0] via 10.10.10.2
S   + 192.168.50.0/24 [1/0] via 10.10.10.2 (servicio)


PC1> ping 192.168.50.10
84 bytes from 192.168.50.10 icmp_seq=1 ttl=62 time=40.002 ms
84 bytes from 192.168.50.10 icmp_seq=2 ttl=62 time=31.001 ms
84 bytes from 192.168.50.10 icmp_seq=3 ttl=62 time=16.001 ms
84 bytes from 192.168.50.10 icmp_seq=4 ttl=62 time=21.001 ms
84 bytes from 192.168.50.10 icmp_seq=5 ttl=62 time=27.002 ms

EVN AAA - Radius

EVN AAA Radius 

En esta topologia se tiene un servidor WinRadius (192.168.10.10) asociada al vrf cliente2

Se desea configurar autenticacion usando Win Radius en un entorno  de VRFs

ROUTER R2

vrf definition cliente1
 vnet tag 100
 address-family ipv4
 exit-address-family

vrf definition cliente2
 vnet tag 200
 address-family ipv4
 exit-address-family

vrf definition servicio
 vnet tag 300
 address-family ipv4
 exit-address-family

username cisco password cisco
aaa new-model
radius server RADIUS1
   address ipv4 192.168.10.51 auth-port 1812 acct-port 1813
   key WinRadius

aaa group server radius RADIUSGROUP
   server name RADIUS1
   ip vrf forwarding cliente2

aaa authentication login default group RADIUSGROUP local

router ospf 1 vrf cliente2
   router-id 2.2.2.2
   network 10.10.10.0 0.0.0.3 area 0
   network 10.10.10.4 0.0.0.3 area 0
   network 192.168.10.0 0.0.0.255 area 0

interface FastEthernet1/0

   vrf forwarding cliente2

   ip address 192.168.10.1 255.255.255.0

interface FastEthernet1/1

   ip address 10.10.10.1 255.255.255.252
   vnet trunk

interface FastEthernet2/0

   ip address 10.10.10.5 255.255.255.252
   vnet trunk

EIGRP Authentication

hostname R1

key chain llavero

 key 0

  key-string cisco

interface Loopback0

 ip address 192.168.1.1 255.255.255.0

 ipv6 address FE80::1 link-local

 ipv6 address 2001:DB8:CAFE:1::1/64

!

interface Ethernet0/0

 ip address 192.168.2.1 255.255.255.252

 ipv6 address FE80::1 link-local

 ipv6 address 2001:DB8:CAFE:2::1/64

!

interface Ethernet0/1

 ip address 192.168.6.1 255.255.255.252

 ipv6 address FE80::1 link-local

 ipv6 address 2001:FB8:CAFE:6::1/64

router eigrp dual

 !

 address-family ipv4 unicast autonomous-system 4

  !

  af-interface Ethernet0/1

   authentication mode md5

   authentication key-chain llavero

  exit-af-interface

  !

  af-interface Ethernet0/0

   authentication mode hmac-sha-256 cisco

  exit-af-interface

  !

  topology base

  exit-af-topology

  network 192.168.1.0

  network 192.168.2.0 0.0.0.3

  network 192.168.6.0 0.0.0.3

  eigrp router-id 1.1.1.1

 exit-address-family

 !

 address-family ipv6 unicast autonomous-system 6

  !

  topology base

  exit-af-topology

  eigrp router-id 1.1.1.1

 exit-address-family

!

DMVPN

R1
interface Tunnel0
 ip address 192.168.0.1 255.255.255.0
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast 203.0.0.2
 ip nhrp map 192.168.0.3 203.0.0.2
 ip nhrp network-id 100
 ip nhrp nhs 192.168.0.3
 ip tcp adjust-mss 1360
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source Serial2/0
 tunnel mode gre multipoint

router ospf 1
 network 1.1.1.0 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0


R3
interface Tunnel0
 ip address 192.168.0.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip tcp adjust-mss 1360
 ip ospf network broadcast
 ip ospf priority 5
 tunnel source Serial2/0
 tunnel mode gre multipoint

end

router ospf 1

 network 3.3.3.0 0.0.0.255 area 0

 network 192.168.0.0 0.0.0.255 area 0

R1#show ip nhrp  
192.168.0.1/32 via 192.168.0.1
   Tunnel0 created 00:00:38, expire 01:59:21
   Type: dynamic, Flags: router unique local
   NBMA address: 201.0.0.1
    (no-socket)
192.168.0.2/32 via 192.168.0.2
   Tunnel0 created 00:00:38, expire 01:59:21
   Type: dynamic, Flags: router used nhop
   NBMA address: 202.0.0.2
192.168.0.3/32 via 192.168.0.3
   Tunnel0 created 00:14:58, never expire
   Type: static, Flags: used
   NBMA address: 203.0.0.2

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 201.0.0.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 201.0.0.2
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/1001] via 192.168.0.2, 00:15:02, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/1001] via 192.168.0.3, 00:15:12, Tunnel0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Tunnel0
L        192.168.0.1/32 is directly connected, Tunnel0
      201.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        201.0.0.0/30 is directly connected, Serial2/0
L        201.0.0.1/32 is directly connected, Serial2/0