IT Technologies: February 2012

Sunday, February 19, 2012

Cisco Tunneling Basic

Network တစ္ခုေပၚမွာ Tunnel ေဖာက္တယ္ဆိုတာကေတာ့ အရွင္းဆံုး Definition ဖြင့္ရရင္ physical Network တစ္ ခုေပၚမွာ Logical Network တစ္ခုသုိ႔မဟုတ္တစ္ခုထက္ပိုေသာ Logical Network မ်ားကိုတည္ေဆာက္ျခင္းပဲျဖစ္ပါ တယ္။Tunnel တစ္ခု သို႔ တစ္ခုထက္ပို တဲ့ Tunnel ေတြကို physical Network တစ္ခုမွာတည္ေဆာက္နုိင္ပါတယ္။ Tunnel တည္ေဆာက္ရန္ အတြက္ေတာ့ Tunneling Protocol ေတြကိုသံုးရ မွာပါ။အခုေအာက္ေဖာ္ျပပါ Topology ပံုေလးထဲကအတိုင္း Basic Tunnel တစ္ခုကိုတည္ေဆာက္ႀကည့္ပါမယ္။

Topology ထဲမွာ 200.0.0.32/30,172.16.0.0/27,10.0.0.0/24,200.0.0.36/30 Network ေလးခုက EIGRP နဲ႔ Route လုပ္ထားျပီး လုပ္ထားျပီး physical links ေတြျဖစ္ပါတယ္။ဆိုလိုတာက Real Network Interface ကိုအသံုးျပဳ ထားတဲ့ Network ေတြျဖစ္ပါတယ္။ေနာက္တစ္စုျဖစ္တဲ့ 172.16.0.32/30,200.0.0.0/27, 172.16.0.64/30 Network ေတြကေတာ့ Tunnel ေပၚကေနတစ္ဆင့္ Route လုပ္မွာပါ။

Sophia Router Configuration

 
*Mar  1 00:11:59.679: %SYS-5-CONFIG_I: Configured from console by console
Sophia#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Sophia(config)#interface serial 0/0
Sophia(config-if)#ip address 172.16.0.1 255.255.255.224
Sophia(config-if)#no shutdown
*Mar  1 00:13:36.591: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
Sophia(config)#interface serial0/1
Sophia(config-if)#ip address 10.0.0.1 255.255.255.0
Sophia(config-if)#no shut
*Mar  1 00:19:26.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,
changed state to up
Sophia(config-if)#router eigrp 10
Sophia(config-router)#network 172.16.0.0   
Sophia(config-router)#network 10.0.0.0  
Sophia(config-router)#no auto-summary

Mable Router Configuration

 
Mabel#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Mabel(config)#int s0/0  
Mabel(config-if)#ip addr 172.16.0.2 255.255.255.252
Mabel(config-if)#no shut
*Mar  1 00:32:03.895: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
Mabel(config-if)#exit
Mabel(config)#interface loopback 0
*Mar  1 00:32:40.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
Mabel(config-if)#ip address 200.0.0.33 255.255.255.252
Mabel(config-if)#interface loopback 1
*Mar  1 00:34:58.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
Mabel(config-if)#ip address 172.16.0.33 255.255.255.252
Mabel(config)#router eigrp 10
Mabel(config-router)#network 200.0.0.32
Mabel(config-router)#network 172.16.0.32
Mabel(config-router)#network 172.16.0.0 
*Mar  1 00:45:38.319: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.0.1 (Serial0/0) is up: new adjacency
Mabel(config-router)#end
Mabel#write memory
Building configuration...
[OK]

Kayla Router Configuration

 
Kayla#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Kayla(config)#int s1/0
Kayla(config-if)#ip address 10.0.0.2 255.255.255.0
Kayla(config-if)#no shut
*Mar  1 00:56:47.827: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
Kayla(config-if)#int lo0
*Mar  1 00:56:58.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Kayla(config-if)#ip address 200.0.0.37 255.255.255.252
Kayla(config-if)#int lo1                              
*Mar  1 00:57:34.535: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
Kayla(config-if)#ip address 172.16.0.65 255.255.255.252
Kayla(config-if)#router eigrp 10
Kayla(config-router)#network 200.0.0.36
Kayla(config-router)#network 172.16.0.64
Kayla(config-router)#network 10.0.0.0   
Kayla(config-router)#no auto-summary
*Mar  1 00:58:47.555: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.0.0.1 (Serial1/0) is resync: summary configured
Kayla(config-router)#end
*Mar  1 00:58:57.519: %SYS-5-CONFIG_I: Configured from console by console
Kayla#wr mem
Building configuration...
[OK]

အခုဆိုရင္ Mabel၊Sophia နဲ႔ Kayla Router သံုးလံုးကို EIGRP Routing Protocol ျဖင့္ခ်ိတ္ဆက္ထားျပီး Router တစ္လံုးနဲ႔တစ္လံုး ping လုပ္လို႔ရေနမွာပါ။အခု Mable နဲ႔ Kayla Router ႏွစ္လံုးကို Basic Logical Tunnel Network တည္ေဆာက္ႀကည့္ပါမယ္။Tunnel Network တစ္ခုတည္ေဆာက္ရန္အနည္းဆံုးေတာ့ Physical Network တစ္ခု ရွိေနရမည္ျဖစ္ျပီး 200.0.0.0/32 သည္ Logical Tunnel အတြက္ Subnet ျဖစ္ပါတယ္။ထို႔ေႀကာင့္ Topology ပံုအရ...

Router	Tunnel Physical Interface	Tunnel Source Address	Tunnel Destination Address
Mabel	s0/0	200.0.0.1	10.0.0.2
Kayla	s1/0	200.0.0.2	172.16.0.2

Tunnel Configuration on Mable Router

Mabel(config)#do show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.16.0.2      YES manual up                    up      
Serial0/1                  unassigned      YES unset  administratively down down    
Serial0/2                  unassigned      YES unset  administratively down down    
Serial0/3                  unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  administratively down down    
Loopback0                  200.0.0.33      YES manual up                    up      
Loopback1                  172.16.0.33     YES manual up                    up     
Mabel(config)#interface tunnel ?
  <0-2147483647>  Tunnel interface number
Mabel(config)#interface tunnel 0
*Mar  1 03:04:03.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
Mabel(config-if)#ip address 200.0.0.1 255.255.255.252
Mabel(config-if)#tunnel source s0/0
Mabel(config-if)#tunnel destination ?
  Hostname or A.B.C.D  ip address or host name
  X:X:X:X::X           IPv6 address
Mabel(config-if)#tunnel destination 10.0.0.2
*Mar  1 03:08:06.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
Mabel(config-if)#exit
Mabel(config)#router ospf 5
Mabel(config-router)#network 172.16.0.32 0.0.0.3 area 0
Mabel(config-router)#network 200.0.0.0 0.0.0.3 area 0
*Mar  1 04:13:05.886: %OSPF-5-ADJCHG: Process 5, Nbr 200.0.0.37 on Tunnel0 from LOADING to FULL, Loading Done
Mabel(config-router)#end
Mabel#sh ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     200.0.0.0/30 is subnetted, 3 subnets
C       200.0.0.0 is directly connected, Tunnel0
C       200.0.0.32 is directly connected, Loopback0
D       200.0.0.36 [90/2809856] via 172.16.0.1, 00:44:14, Serial0/0
     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C       172.16.0.32/30 is directly connected, Loopback1
C       172.16.0.0/30 is directly connected, Serial0/0
O       172.16.0.65/32 [110/11112] via 200.0.0.2, 00:44:01, Tunnel0
     10.0.0.0/24 is subnetted, 1 subnets
D       10.0.0.0 [90/2681856] via 172.16.0.1, 00:44:15, Serial0/0

Tunnel Configuration on Kayla Router

Kayla#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Kayla(config)#int tunn ?
  <0-2147483647>  Tunnel interface number
Kayla(config)#int tunn 1
Kayla(config-if)#ip address
*Mar  1 03:18:49.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
Kayla(config-if)#ip address 200.0.0.2 255.255.255.252
Kayla(config-if)#tunnel source s1/0    
Kayla(config-if)#tunnel destination 172.16.0.2
*Mar  1 03:19:59.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Kayla#ping 200.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!
Kayla(config-if)#exit
Kayla(config)#router ospf 5
Kayla(config-router)#network 172.16.0.64 0.0.0.3 area 0
Kayla(config-router)#network 200.0.0.0 0.0.0.3 area 0  
Kayla(config-router)#end
Kayla#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     200.0.0.0/30 is subnetted, 3 subnets
C       200.0.0.0 is directly connected, Tunnel1
D       200.0.0.32 [90/2809856] via 10.0.0.1, 00:39:09, Serial1/0
C       200.0.0.36 is directly connected, Loopback0
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D       172.16.0.32/30 [90/2809856] via 10.0.0.1, 00:39:09, Serial1/0
O       172.16.0.33/32 [110/11112] via 200.0.0.1, 00:38:57, Tunnel1
D       172.16.0.0/30 [90/2681856] via 10.0.0.1, 00:39:09, Serial1/0
C       172.16.0.64/30 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Serial1/0

Saturday, February 11, 2012

OSPF Authentication

Authentication လုပ္တယ္ဆိုတာ Traffic ေတြကိုပိုျပီး Secure ျဖစ္ေအာင္လုပ္ျခင္းပဲျဖစ္ပါတယ္။Network ေပၚက traffic ေတြဟာ Authentication လုပ္ထားခဲ့ရင္ ပံုမွန္ထက္စာလွ်င္ေတာ့ပိုလံုျခံဳမွာပါ။Authentication လုပ္တယ္ဆို တဲ့ေနရာမွာလည္း အမ်ိဳးမ်ိဳးရွိပါတယ္။အခုဒီမွာေတာ့ Network Level Authentication ျဖစ္ပါတယ္။

အေပၚကပံုေလးအတိုင္း OSPF Topology ကို Authentication လုပ္မွာပါ။ ေနာက္ျပီးဒီမွာ VLSM သေဘာတ ရားေလးလည္းအနည္းငယ္ထည့္ထားပါတယ္။ဘာလို႔လဲဆိုေတာ့အခ်ိဳ႕ခ်ိဳ႕ေသာ ညီမငယ္၊ညီငယ္ေလးေတြ VLSM နဲ႔ CIDR ကိုမသဲကြဲဘူးျဖစ္ေနလို႔ပါ။နွစ္ခုလံုးက Class Full မဟုတ္တာေတာ့မွန္ပါတယ္။Subnet ႀကီးတစ္ခုကို Split လုပ္တဲ့အခါမွာ Class Full မဟုတ္ခဲ့ရင္ CIDR ျဖစ္ပါတယ္။သို႔ေသာ္ CIDR တိုင္း Variable Length ျဖစ္ခ်င္မွျဖစ္မွာ ပါ။အေပၚက Topology ပံုထဲမွာ 201.0.0.0/24 ဆိုတဲ့ Subnet ႀကီးကို 201.0.0.0/26 တစ္ခု၊201.0.0.128/30 201.0.0.132/30,201.0.0.136/30 ဆိုျပီးယူသံုးထားပါတယ္။အေသးစိတ္တြက္ပံုကိုေတာ့ ေအာက္မွာျပထားပါ တယ္။

Network     Subnet Mask      Binary Form                   CIDR
201.0.0.0     255.255.255.0 11111111.11111111.11111111.00000000 /24

အထက္က Network ကို ေအာက္ကပံုစံ အတုိင္း Split လုပ္လုိ္က္ပါမယ္။(*) ျပထားတဲ့ Split Subnet ေတြကိုပဲ Topology မွာသံုးမွာပါ။က်န္တာေတြကေတာ့ Reserve ေပါ့။

Network        Subnet Mask                          Binary Form                                  CIDR
* 201.0.0.0      255.255.255.192    11111111.11111111.11111111.11000000   /26
   201.0.0.64    255.255.255.192    11111111.11111111.11111111.11000000   /26
* 201.0.0.128 255.255.255.192    11111111.11111111.11111111.11000000   /26
   201.0.0.192 255.255.255.192    11111111.11111111.11111111.11000000   /26

အေပၚမွာ(*) mark ျပထားတဲ့ Subnet ေတြထဲကမွ 201.0.0.0/26 ကို Routing လုပ္ရာမွာသံုးျပီး 201.0.0.128/26 Subnet ကိုေတာ့ ေအာက္မွာျပထားတဲ့ပံုစံအတိုင္းထပ္ခြဲပါအံုးမယ္။အဲ့ထဲကမွ (*) mark ျပထား တဲ့သံုးခုကိုပဲ Loopback အတြက္သံုးမွာျဖစ္ျပီးက်န္တာေတြကေတာ့ Reserve အေနနဲ႔ပဲထားလိုက္မွာပါ။ISP မွာ လိုအပ္ခ်က္အရ public IP ေတာင္းခံခဲ့ရင္လည္းအဲ့လိုမ်ိဳး Reserve လုပ္ထားတဲ့ Address ေတြထဲကပဲေပးတာျဖစ္ ပါတယ္။

        Network         Subnet Mask                           Binary Form                                 CIDR
      201.0.0.128 255.255.255.192      11111111.11111111.11111111.11000000        /26

     Network         Subnet Mask                         Binary Form                                       CIDR
* 201.0.0.128    255.255.255.252    11111111.11111111.11111111.11111100            /30
* 201.0.0.132    255.255.255.252 11111111.11111111.11111111.11111100          /30
* 201.0.0.136    255.255.255.252 11111111.11111111.11111111.11111100          /30

   201.0.0.140    255.255.255.252 11111111.11111111.11111111.11111100          /30
   201.0.0.144    255.255.255.252    11111111.11111111.11111111.11111100            /30
   201.0.0.148    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.152    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.156    255.255.255.252 11111111.11111111.11111111.11111100            /30
   201.0.0.160    255.255.255.252 11111111.11111111.11111111.11111100            /30
   201.0.0.164    255.255.255.252    11111111.11111111.11111111.11111100            /30
   201.0.0.168    255.255.255.252 11111111.11111111.11111111.11111100            /30
   201.0.0.172    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.176    255.255.255.252    11111111.11111111.11111111.11111100            /30
   201.0.0.180    255.255.255.252    11111111.11111111.11111111.11111100            /30
   201.0.0.184    255.255.255.252    11111111.11111111.11111111.11111100            /30
   201.0.0.188    255.255.255.252      11111111.11111111.11111111.11111100            /30

အေပၚကပံုေလးမွာ OSPF Routing Process အသက္၀င္ေနပါျပီ။သို႔ေသာ္ Authentication တာ့မလုပ္ထားေသးပါ။
OSPF Routing ကို Authentication လုပ္မယ္ဆိုရင္ OSPF Authentication Password လိုအပ္မွာျဖစ္ပါတယ္။ ဒီေနရာမွာေတာ့ Topology ထဲမွာကအတိုင္းပဲသံုးမွာပါ။။Topology မွာ Router သံုးလံုးရွိတဲ့အနက္ Nika နဲ႔ Mabel ဆိုတဲ့ Router ႏွစ္လံုးႀကားက Link ကို Authentication အရင္လုပ္ပါမယ္။သက္ဆိုင္ရာ Interface ထဲကို၀င္ျပီး Interface Configuration Mode မွာ Configure လုပ္ရမွာပါ။ေအာက္ပါပံုစံအတုိင္းျဖစ္ပါတယ္။

Nika(config)#interface serial s1/0 //entering to the serial 1/0 interface

Nika(config-if)#ip ospf authentication message-digest //set the authentication

Nika(config-if)#ip ospf authentication-key BabyLay //set the authentication password

အေပၚကပံုေလး မွာ Nika Router ကို MD5(message digest 5) နဲ႔ Authenticate လုပ္ထားတာပါ။သို႔ေသာ္တ ဖက္ Neighbor Router မွာ Configure မခ်ရေသးမီ(confirm) မျဖစ္မီမွာ Routing Process ဟာခဏတာ Down သြားမွာပါ။ေနာက္တစ္ဆင့္ကေတာ့ Neighbor Router ျဖစ္တဲ့ Mabel မွာ Configure ခ်ရမွာပါ။။ေအာက္ပါအတိုင္း ပဲျဖစ္ပါတယ္။

Mable(config)#interface serial s0/0 //entering to the serial 0/0 interface

Mable(config-if)#ip ospf authentication message-digest //set the authentication

Mable(config-if)#ip ospf authentication-key BabyLay //set the authentication password

အထက္ပါအတိုင္း Confirm ျဖစ္ျပီးေနာက္မွာ Routing Process ဟာတစ္ဖန္အသက္ျပန္၀င္လာမွာပါ။သို႔ေသာ္ MD5 နဲ႔ Authenticate လုပ္ထားတဲ့ Secure Connection ျဖစ္ေနပါျပီ။က်န္တဲ့ connection တစ္ဖက္ကိုလည္း အထက္ပါအတိုင္းပဲ Configure ခ်ေပးရမွာပါ။Authentication Password ပဲကြာပါလိမ့္မယ္။က်န္တာကေတာ့ အတူတူပဲျဖစ္ပါတယ္။

ေလးစားစြာျဖင့္
Win Tun Hlaing

Sunday, February 5, 2012

EIGRP Authentication

ဒီ Topology ေလးမွာ EIGRP ကို MD5(message digest 5) နဲ႔ Authentication လုပ္ပံုကို Configure ခ်မွာပါ။။ဒါေပ မယ့္ဒီမွာကြ်န္ေတာ္ VLSM သေဘာတရားေလးနည္းနည္းထည့္ထားပါတယ္။ပံုမွာ 200.0.0.0/24 Network ကိ္ု VLSM နဲ႔ ခြဲျပီး 200.0.0.0/30 တစ္ခု၊200.0.0.4/30 တစ္ခု၊200.0.0.8/30 နဲ႔ 200.0.0.128/25 ဆိုျပီးခြဲထားပါတယ္။ဒီေနရာ မွာ /30(255.255.255.252) Network မ်ားက ေတာ့ loopback Address ေတြအတြက္ျဖစ္ျပီး /25 ကေတာ့ Routing အတြက္သံုးမွာပါ။ေနာင္လာမယ့္ IP Next Generation(IPv6) မွာေတာ့ Subnet Mask ေတြကို IPv4 မွာလို Numeral ေတြနဲ႔သံုးမွာမဟုတ္ေတာ့ပဲ slap(/) Notation နဲ႔ပဲသာလွ်င္အသံုးျပဳမွာပါ။ဒါေႀကာင့္ IPv6 ကိုမေလ့လာမီ IPv4 ရဲ့ VLSM နဲ႔ CIDR သေဘာကိုေသခ်ာသိေနရမွာပဲျဖစ္ပါတယ္။ေအာက္မွာကြ်န္ေတာ္ VLSM ကိုအေသးစိတ္ တြက္ပါမယ္။

Network      Subnet Mask   Binary Form                        CIDR
200.0.0.0    255.255.255.0        11111111.11111111.11111111.00000000              /24

အေပၚက Network ကိုေအာက္ပါအတုိင္းျပင္လုိက္ပါတယ္။ဒါဆိုရင္ Network နွစ္ခုျဖစ္သြားပါျပီ။တစ္ေနရာပဲေရြ႕ လိုက္တာပါ။သို႔ေသာ္လက္ေတြ႕မွာ Infrastructure ရဲ့လိုအပ္ခ်က္ေပၚမူတည္ျပီးႀကိဳက္သလိုေရြ႕နိုင္ပါတယ္။ဒီမွာ Topology ထဲကအတိုင္းခြဲလိုက္တာျဖစ္ပါတယ္။ရလာတဲ့ Network Range နွစ္ခုထဲက 200.0.0.128(/25) ကို Routing အတြက္သံုးမွာျဖစ္ျပီး၊ 200.0.0.0/25(255.255.255.128) ကို LoopBakck ေတြအတြက္ ထပ္ျပီးခြဲမွာပါ။ အေရာင္ေလးနဲ႔ Highlight လုပ္ထားတဲ့ (1) ေတြကေတာ့ ေရြ႕ထားတဲ့ေကာင္ေတြပဲျဖစ္ပါတယ္။

Network      Subnet Mask      Binary Form                          CIDR
200.0.0.0    255.255.255.128        11111111.11111111.11111111.10000000            /25
200.0.0.128    255.255.255.128        11111111.11111111.11111111.10000000            /25

အခုတစ္ခါ 200.0.0.0/25 ကိုယူျပီး (/30) ျဖစ္ေအာင္ခြဲပါမယ္။/30 ျဖစ္ဖို႔ဆိုရင္ /25 ကို 5-digit ေရြ႕ရမွာပါ။5-digit ကို hightlight လုပ္ထားပါတယ္။ဒါဆုိရင္ Network အေရတြက္က (2^5=32) ခုထြက္လာမွာျဖစ္ျပီး။ သုညအေရ တြက္ကေတာ့ Network တစ္ခုစီမွာရွိမယ့္ host ပမာဏပဲျဖစ္ပါတယ္။loopback အတြက္ရလာတဲ့ Network 32 ခု ထဲက ေအာက္မွာ (*) အမွတ္ျပထားတဲ့သံုးခုကိုပဲအသံုးျပဳမွာျဖစ္ျပီး က်န္တာေတြကိုေတာ့ Reserve အေနနဲ႔ခ်န္ ထားခဲ့ပါမယ္။CIDR ကိုအေသးစိတ္ေလ့လာခ်င္ေသးတယ္ဆိုရင္ေတာ့ ဒီမွာ ေလ့လာနိုင္ပါတယ္။

    Network        Subnet Mask      Binary Form                               CIDR
   200.0.0.0    255.255.255.128      11111111.11111111.11111111.10000000           /25

Network         Subnet Mask      Binary Form                       CIDR
* 200.0.0.0    255.255.255.252       11111111.11111111.11111111.11111100           /30
* 200.0.0.4    255.255.255.252       11111111.11111111.11111111.11111100           /30
* 200.0.0.8    255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.12    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.16    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.20    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.24    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.28    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.32    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.36    255.255.255.252       11111111.11111111.11111111.11111100           /30
200.0.0.40    255.255.255.252       11111111.11111111.11111111.11111100           /30
|||||||||||||||||||||||||      |||||||||||||||||||||||||||||||||||||         |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||              ||||||||
200.0.0.124    255.255.255.252      11111111.11111111.11111111.11111100           /30

အခု Topology မွာ EIGRP Authentication လုပ္ပံုကိုအဓိကေျပာခ်င္တာျဖစ္လို႔ Interface ေတြကို IP Set-up လုပ္တာေတြ၊Routing လုပ္တာေတြ စသည္တို႔ကိုထားခဲ့ပါမယ္။

အေပၚကပံုေလးမွာ EIGRP Routing ကို AS Number 10 နဲ႔ Configure ခ်ထားတဲ့ပံုျဖစ္ျပီး၊Routing Process အ သက္၀င္ေနျပီျဖစ္ပါတယ္။သို႔ေသာ္အခုခ်ိန္ထိ Authentication မလုပ္ရေသးပါ။Authenticate လုပ္ရတဲ့အဓိက အေႀကာင္းရင္းကေတာ့ Secure ျဖစ္ေအာင္လို႔ပါ။EIGRP မွာ Authenticate လုပ္မယ္ဆိုရင္သံုးခုလိုပါတယ္။
1.Key Chain
2.Key Number
3.Key String
တို႔ျဖစ္ပါတယ္။အထက္ပါလိုအပ္ခ်က္မ်ားကို Router ရဲ့ global configuration mode မွာသတ္မွတ္ေပးျပီး၊ သက္ ဆိုင္ရာ Interface ေတြေပၚမွာ Apply လုပ္ေပးရမွာျဖစ္ပါတယ္။ေအာက္မွာအေသးစိတ္ Configuration ခ်ပံုပါ။
Yaymon နဲ႔ Kaylar ဆိုတဲ့ Router နွစ္လံုးႀကားမွာရွိတဲ့ Link ကို Authenticate လုပ္ရန္အတြက္-

Yaymon(config)#key chain ChitThuLay //Assign the key chain

Yaymon(config-keychain)#key 1 //Assign the key number for key-chain

Yaymon(config-keychain-key)#key-string 12!@ilu //Assign the key string for key chain number

Yaymon(config)#interface serial 0/0 //Entering to the Serial Interface 0/0

Yaymon(config-if)#ip authentication mode eigrp 10 md5 //Setting up the authentication mode

Yaymon(config-if)#ip authentication key-chain eigrp 10 ChitThuLay //Applying key-chain to the interface

အထက္ပါအတိုင္း Apply လုပ္ျပီးခ်ိန္တြင္ Routing Process ဟာခဏတာ Down သြားမွာပါ၊ဘာလို႔လဲဆိုေတာ့တ ဖက္က Neighbor Interface မွာ Apply မလုပ္ရေသးလို႔ပါ။ေအာက္ေဖာ္ျပပါပံုေလးအတုိင္းျဖစ္ပါတယ္။

Kaylar(config)#key chain ChitThuLay //Assign the key chain

Kaylar(config-keychain)#key 1 //Assign the key number for key-chain

Kaylar(config-keychain-key)#key-string 12!@ilu //Assign the key string for key chain number

Kaylar(config)#interface serial 1/0 //Entering to the Serial Interface 1/0

Kaylar(config-if)#ip authentication mode eigrp 10 md5 //Setting up the authentication mode

Kaylar(config-if)#ip authentication key-chain eigrp 10 ChitThuLay //Applying key-chain to the interface

အထက္ပါအတုိင္း Apply လုပ္ျပီးေနာက္မွာ Yaymon နဲ႔ Kaylar ႀကားမွာ Routing Process ကတစ္ဖန္ျပန္ျပီးအ သက္၀င္လာမွာပါ။သို႔ေသာ္ MD5 နဲ႔ Authenticate လုပ္ထားတဲ့ Secure Connection ျဖစ္ေနပါျပီ။ေအာက္ပါပံု ကိုႀကည့္နုိင္ပါတယ္။

အျခား Suse နဲ႔ Kaylar ႀကား Link ကိုလည္း Topology ပံုထဲကအတုိင္း အထက္မွာ Configure ခ်သလိုမ်ိဳးျပဳ လုပ္ေပးရပါမယ္။Key Chain,Key Number,Key-String ေတြပဲကြာမွာပါ။က်န္တာကေတာ့အတူတူပါပဲ။အား လံုးျပီးသြားရင္း Routing Process ကို Vertify လုပ္ရပါမယ္။EIGRP က Table သံုးမ်ိဳးနဲ႔အလုပ္လုပ္ပါတယ္။
1.Neighbor Table
2.Topology Table
3.Routing Table တို႔ျဖစ္ပါတယ္။
အဲ့အထဲမွာမွ Neighbor Table ရဲ့အလုပ္လုပ္ပံုကို Cisco Official စာအုပ္ထဲကအတိုင္းေဖာ္ျပေပးလိုက္ပါတယ္။

H - indicate the order in which the neighbor was discovered

Hold - the hold time how long this router will wait for a Hello Packet to arrive from a specific neighbor

Uptime - indicate how long the neighborship has been established

SRTT - An indication of the time it take for a round-trip from this router to its neighbor and back and It's

called Smooth Round-trip Timer.It is used to determine how long to wait after a multicast for a

reply from this neighbor.If a reply isn't received in time,the router will switch to using unicasts in an

attempt to complete the communication.

RTO - the amount of time EIGRP waits before retransmitting a packet from the retransmission queue to a

neighbor and It's called Retransmission Time Out.

Q - Indicate whether there are any outstanding message in the Queue.Large Number in Queue indicate a

certain problem.

Seq - the sequence number of the last update from the neighbor.That's used to maintain synchronization

and avoid duplicate or out-of-sequence processing of message.

ေလးစားစြာျဖင့္
Win Tun Hlaing