Hi,
I didn’t understand this command on R1:
R1(config-router)distribute-list 1 in GigabitEthernet 0/2
What’s its use ? because after shift this command, I did not observe a loop as explained in the lesson.
Thanks in advance for your answer
Hello Parfait
If R1 sends a summary route to R2, that route will get to R3, and eventually get back to R1. If you keep all loopbacks up, you will have no problem in your setup, there will be no apparent loop, because any destination of 172.16.X.0, which is the format of the four loopbacks, will be superceded by the directly connected network.
However, if you shut down one of the loopbacks, then from R1, the destination for that specific subnet will be looped using the summary route. So if you shutdown L0, and you ping 172.16.0.1 from R1, that packet will loop through all three routers until the TTL reaches 0.
I hope this has been helpful!
Laz
So MAD and UPSET with Cisco. I studied for a few months now and I am ready to take the CCNP 300-410 Exam on Monday at 10am CST to recertify my CCNP Enterprise which expires April 16th 2022. I know this material and I am so ready for the test it would have been easy peasy as I have put in a lot of time in preparation.
However, then I caught something and made me curious and I called them. I found out that test wont recertify me its only worth 40 Credits toward re-certification.
So I need to instead take a different exam Encore 350-401 to get the full 80 credits.
Which means It feels like I just wasted months of my life as its not going to do me any good to have 120 credits is it? Not like they roll over for next cert?
I am guessing I just need to cancel my monday exam and start over on the Encore??? Just upsetting but I guess letting your certification expire now unlike in the past does not matter as you pretty much have to take the Encore over again or two of the other ones.
I really dont know what I should do right this moment I think I will cancel for now so I have time to think I dunno.
============updated=============
my work wants me to take 300-430 wireless which is 40 credit.
If my credits last for 3 years then I could do this then the wireless and that would renew my certification which would not be bad calling them back now will update if doing it that way will renew my Certification as well as work wants me to have CCNP Enterprise and then also pick up the 300-430 wireless for our partnership with Cisco.
===================================================updated-========
Ok that wont work as you will get specialist certs but once your CCNP expires if you had not taken the second 40 credit specialist (the wireless in this case) you would not get your CCNP back but instead have just two specialist certs. which I need the CCNP Enterprise for my company for their partnership. Not to mention learning wireless I have no where to go to learn that no clue how to learn it so dont have learning material and resources to prep for that test then take it in a 1.5 month time frame.
I only know Meraki Wireless really well am not familiar with regular Cisco so my expertise would be specific to Meraki wireless only in the world of wireless as far as production experience. I am a Meraki SME expert on pretty much every facet of Meraki but thats only thing I am really SME in lol…
Hello Brian
I’m sorry to hear about your difficulty. I suggest that since you’re ready for the ENARSI exam, just take it on Monday! You can then start studying for the ENCOR and take it easy. Even if you take your ENCOR exam after your current CCNP expires, you will automatically become recertified, since you will have already passed the ENARSI exam.
If you don’t take the ENARSI exam, you MUST pass ENCOR before April 16th, which means you will have to prepare in less than two months! If you don’t succeed, you’ll have to take the ENARSI exam anyway…
Once you get those out of the way, you can then start to concentrate on the other certifications that your work is asking of you. Just a suggestion…
I hope it all works out!
Laz
If you keep all loopbacks up, you will have no problem in your setup, there will be no apparent loop, because any destination of 172.16.X.0, which is the format of the four loopbacks, will be superceded by the directly connected network.
However, if you shut down one of the loopbacks, then from R1, the destination for that specific subnet will be looped using the summary route. So if you shutdown L0, and you ping 172.16.0.1 from R1, that packet will loop through all three routers until the TTL reaches 0.
Great explanation.
In order to help someone else with the same question, I would like to elaborate more on this.
I did the setup, but ignoring the distribute-list command (it is, in my configuration, I’m allowing loops).
So this is my show ip route output inside R1:
172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks
R 172.16.0.0/16 [120/3] via 192.168.13.3, 00:00:23, Ethernet0/1
C 172.16.0.0/24 is directly connected, Loopback0
L 172.16.0.1/32 is directly connected, Loopback0
C 172.16.1.0/24 is directly connected, Loopback1
L 172.16.1.1/32 is directly connected, Loopback1
C 172.16.2.0/24 is directly connected, Loopback2
L 172.16.2.1/32 is directly connected, Loopback2
C 172.16.3.0/24 is directly connected, Loopback3
L 172.16.3.1/32 is directly connected, Loopback3
And for R3:
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
R 172.16.0.0/16 [120/1] via 192.168.13.1, 00:00:06, Ethernet0/1
Notes:
- In my case, R1 Ethernet0/1 is the interface connected to R3 (in the lesson, it is GigabitEthernet0/2)
- In my case, R3 Ethernet0/1 is the interface connected to R2 (in the lesson, it is GigabitEthernet0/2)
- My summarized route is
172.16.0.0/16. In the lesson (written),172.16.0.0/16is also the summarized route. But remember that on the Vimeo video Rene, in the end of the explanation, changes that route to172.16.0.0/22to make it specific. I’m NOT doing this, I’m still using172.16.0.0/16.
Now lets ping 172.16.0.1:
R1:
R1#ping 172.16.0.1
[...]
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/13/43 ms
R3:
R3#ping 172.16.0.1
[...]
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
So, as Lazaros mentioned, as the loopback interface is on, there is no loop (R1 will use its directly -connected route, which takes precedence over the non-directly-connected summarized route learned via RIP).
However, even in this case, if I try to ping any IP in a network that doesn’t exist in R1, we’ll have a loop as well:
R3#debug ip icmp
ICMP packet debugging is on
R3#ping 172.16.5.1
[...]
.....
Success rate is 0 percent (0/5)
[...]
*Mar 20 01:18:48.026: ICMP: time exceeded (time to live) sent to 192.168.23.3 (dest was 172.16.5.1), topology BASE, dscp 0 topoid 0
*Mar 20 01:18:48.026: ICMP: time exceeded rcvd from 192.168.13.3
R3 routes to R2, then to R1, then to R3, and so on.
Now this is important: RIP doesn’t create a loop for non-summarized routes. More then that, RIP doesn’t create a loop for summarized routes IF the route is announced to all RIP peers.
At R1:
R1(config)#interface Ethernet 0/1
R1(config-if)#ip summary-address rip 172.16.0.0 255.255.0.0
Now R3 learned the new route over R1:
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
R 172.16.0.0/16 [120/1] via 192.168.13.1, 00:00:06, Ethernet0/0
Note: In my case, R3 Ethernet0/0 is connected to R1 (in lesson, it’s GigabitEthernet0/1).
Now, let’s ping:
R3#ping 172.16.5.1
[...]
UUUUU
Success rate is 0 percent (0/5)
[...]
*Mar 20 01:32:11.512: ICMP: dst (192.168.13.3) host unreachable rcv from 192.168.13.1
So, we have no loop now. Packet is being routed to R1, and R1 is correctly answering with “ICMP host unreachable”.
----
Quick note in case someone has the question bellow.
Q: Why Rene didn’t summarize 172.16.0.0/16 on the interface connected to R3 as well, hence avoiding the loop?
A: Because his goal was to create an example where both summarized routes and non-summarized routes would be in the routing table. In his example, R2 learns 172.16.0.0/16 from R1 (hops=1) and non-summarized routes like 172.16.0.0/24 from R3 (hops=2). And even 172.16.0.0/16 having less hops (lower metric), the packets will be routed over R3 because 172.16.0.0/24 is more specific. So Rene was showing that more specific routes take precedence. Great example by the way.
1 Like
Hello Rarylson
Great explanation, and thanks for the additional examples, they’re always helpful for others viewing the forum.
Great job!
Laz
Hi ,
Can you explain me more specific why we need the accesslist?
Thanks in advance.
Fran
Hello Fran
Without the access list and the distribute list used on R1 in that particular scenario, the summary route that is advertised from R1 would then be advertised to R2, and then to R3, and then back to R1 via Gi0/2. That would result in a routing loop that would disable the whole topology. So that access list denies everything and is applied as a distribute list in an incoming direction on Gi0/2 resulting in any updates sent from R3 to R1 being blocked, thus resolving the potential for a routing loop.
I hope this has been helpful!
Laz
1 Like
Hi all,
I’ve got a few questions based on the topology & configuration used in the article and would like to verify if my understanding is correct.
- The ACL on R1’s Gi0/2 is needed just because the summary route isn’t propagated via both physical interfaces?
- Instead of applying the ACL to R1’s Gi0/2, would defining Gi0/1 on R3 as a passive-interface also do the job?
- Regardless of which way (ACL/Passive interface) is used, if the link between R1 and R2 fails, R1 wouldn’t be able to reach the network 192.168.23.0/24 anymore?
- “auto-summary” must not be configured on R2 or R3 while it isn’t configured on R1. Otherwise a routing loop will be created?
Hello Marcel
The ACL is applied as a distribute-list in an inbound direction on Gi/2 in order to prevent the RIP routes being advertised from R3 to R1. If they were allowed, the summary route would be advertised to R1 creating a routing loop.
Yes, by configuring Gi0/1 of R3 as a passive interface, it would prevent any updates from being sent out of that interface, giving the same results as the ACL/distribute-list combination for this particular topology.
Yes, that is correct.
Auto-summary has the potential of creating routing loops. That doesn’t mean it should or shouldn’t be used in particular scenarios. It all depends upon the network topology, the routing protocol, and the use of other features to prevent such loops. For the specific topology, the use of auto-summary is probably not the best choice, however, it is used here to demonstrate how it is configured and how it behaves. The solution of the use of a passive interface or an ACL/distribute-list combination are not the best solutions in such a case, but are used out of necessity for the purposes of the lab. In a production environment, you would take into account many more parameters before deciding what the best approach is. Does that make sense?
I hope this has been helpful!
Laz