NMC DOiT Vol.2 Scenario 20 – ip ospf lls disable + max-lsa + redistribute maximum-prefix + Native IPv6 Tunneling + variance + set community no-advertise + ip mobile + Use Sane Bandwidth Statements


I am beat right now – dog tired. There’s a week’s worth of mail sitting next to me. And I’m not even talking about e-mail. I have far more of that. I haven’t looked at my checking accounts in at least 2 weeks. Presumably there’s money in them. We’ve gotten over 2 feet of snow in about a week, giving my shovel, back, and snowblower a workout. We had so much snow last night, I got my car stuck in my own driveway. I’ve been sick, lost my voice, sleeping lousy, attending holiday events, and all the rest of it that makes December an endurance event.

I made it through about 80% of this lab today. The IGP components were a bear, and the redistribution was also painful. Add to that last minute Christmas shopping I had to get done today and being sick about a week now, and the other 20% of the lab will have to wait for another time. I read through the 20% I didn’t do in the answer key, but I really need to sit and do it at some point. It’s just the IPv6 and multicast. Anyway, I have scenario 21 on the calendar for tomorrow, so I want to get at least a few thoughts down from NetMasterClass.com DOiT Vol. 2 scenario 20. I don’t think I’ll have the cycles to dive as deep as I might have liked, but there’s some good stuff here.

  • Reading the entire lab through ahead of time was compulsory in this scenario. OSPF required a tunnel for one of the areas. The endpoints of the tunnel were not known to the 2 routers, however. So, to get the tunnel established, you had to configure RIP, and then redistribute the RIP routes into OSPF, so that the OSPF routers would therefore know how to find each other’s tunnel endpoints to bring the tunnel up.
  • Use interface command “ip ospf lls disable” to turn off OSPF link-local signalling.
  • Use OSPF paragraph command “max-lsa” to tweak the maximum number of LSA the OSPF router will allow in. You can configure to only warn if you want.
  • Say you have a requirement to filter a specific route, but you aren’t allowed to filter based by matching against an access or prefix list. The key is to think about what other things you could match on. Matching based on a tag you set previously is a often a good fit.
  • Control the number of prefixes redistributed into OSPF with the “redistribute maximum-prefix” command.
  • If you have to tunnel IPv4 packets, but the tunnel packets aren’t allowed to have GRE or IPv4 headers, you can tunnel the IPv4 inside of IPv6. IPv6 native tunneling is supported as of 12.3(7)T using “tunnel mode ipv6“.
  • The EIGRP “variance” command will allow you to share traffic across links with unequal metrics. The load-balancing will be weighted in accordance with the metric. In this example, we use variance to tell EIGRP that routes with metrics as much as 3 times larger than the successor route are allowed to be in the routing table. Note that traffic headed for will route via Vlan11 3 times, and Vlan111 1 time, resulting in a 75%/25% traffic split.

    CAT2#show run | b router eigrp
    router eigrp 10
    variance 3
    no auto-summary
    interface Vlan11
    bandwidth 750
    ip address
    interface Vlan111
    bandwidth 250
    ip address

    CAT2#sho ip route
    Routing entry for
    Known via “eigrp 10”, distance 170, metric 3416064, type external
    Redistributing via eigrp 10
    Last update from on Vlan11, 01:33:38 ago
    Routing Descriptor Blocks:
    *, from, 01:33:38 ago, via Vlan111
    Route metric is 10242816, traffic share count is 1
    Total delay is 110 microseconds, minimum bandwidth is 250 Kbit
    Reliability 255/255, minimum MTU 1500 bytes
    Loading 1/255, Hops 1, from, 01:33:38 ago, via Vlan11
    Route metric is 3416064, traffic share count is 3
    Total delay is 110 microseconds, minimum bandwidth is 750 Kbit
    Reliability 255/255, minimum MTU 1500 bytes
    Loading 1/255, Hops 1

  • In BGP, doing a “set community no-advertise” instructs the BGP peer not to advertise that prefix to any other BGP peers. Don’t forget to “send community” to that neighbor.
  • Using “spanning-tree portfast” on a Catalyst switch interface can help when end stations are not able to get a DHCP lease after first booting up. The issue is that the port isn’t in forwarding state before the station gives up trying to get a lease. Portfast puts the port into forwarding state almost immediately, with the risk that a topology loop may form if someone were to do something silly. You can mitigate the risk that portfast introduces by enabling “bpduguard“, which disables a portfast port if any BPDUs are detected.
  • “ip mobile” is a strangle little tool. It allows an end node to use a router as a gateway, when that router is not on a common network as the end node. The idea is to allow a node with a fixed IP to float to various VLANs and have network service.

    access-list 90 permit
    interface FastEthernet0/0
    ip address
    ip mobile arp access-group 90
    router mobile
    distance 80
    R4#show ip route mobile is variably subnetted, 19 subnets, 4 masks
    M [80/1] via, 01:57:36, FastEthernet0/0

  • One other strange little thing I ran into today.  You know how when you build a tunnel interface, you have to be careful about recursive routing?  Today, I threw a “bandwidth 1” on the tunnel interfaces to avoid recursive routing through the tunnel.  Worked fine, no problem.  However, I couldn’t get an OSPF virtual link up via that tunnel.  Why?  The OSPF cost was too high to bring the virtual-link up, as revealed by a “show ip ospf virtual-link”.  When I changed the bandwidth to something sane like “bandwidth 100”, the virtual-link came right up.  I burned a LOT of time trying to figure that one out, though.

About the author

Ethan Banks

Most people know me because I write & podcast about IT on the Packet Pushers network. I also co-authored "Computer Networks Problems & Solutions" with Russ White.

Find out more on my about page.

1 comment

  • I had same problem with virtual link over tunnel in another lab, but didn’t find cause why VL does not bring up over tunnel. Thanks for explanation!

    This lab was interesting in such points:
    1. BGP: I use ORF capability to solve this task. ORF completely corresponds to the scenario requirements.

    2. Multicast: multicast helper-address task. This is well-known command, but resolving task with this command was quite interesting. I was happy when remote switch on the one end of network received broadcast, which was send by switch on the other end of network :)

    3. IGP stuff: Recursive routing problem is the main tunnels problem. From the CCNP course I remembered tunnel’s golden rule: “Never announce ‘tunnel source’ address via tunnel itself and never learn ‘tunnel destination’ address via tunnel itself”. In the real life this problem usually fixed by static routes, but in the lab environments we must use IGP manipulation features.


Most people know me because I write & podcast about IT on the Packet Pushers network. I also co-authored "Computer Networks Problems & Solutions" with Russ White.

Find out more on my about page.

Subscribe via Email

Receive complete, ad-free posts in your inbox as I publish them here.

Secured By miniOrange