Tuesday, May 14, 2013

ISIS Route-Leaking On IOS - Tricky Part


Task - Leak The L-2 Routes into ISIS Level-1 Domain with minimal commands.

Initial Configuration
=============
R1
===

 !
en
!
conf t
!
no ip do lo
!
line con 0
 no exec-time
 logging syn
 exit
!
ho R1
!
int lo1
 ip add 1.1.1.1 255.255.255.255
 exit
!
int p1/0
 ip add 12.0.0.1 255.255.255.0
 no sh
 exit
!
int p2/0
 ip add 13.0.0.1 255.255.255.0
 no sh
 exit
!
ipv6 unicast-routing
!
router isis
 net 49.0111.0000.0000.1111.00
 metric-style wide
 add ipv6
 multi
 exit
exit
!
int lo1
 ip router isis
 isis circuit-type level-2
 exit
!
int p1/0
 ip router isis
 isis circuit-type level-2
 exit
!
int p2/0
 ip router isis
 isis circuit-type level-2
 exit
!
end
!
wr
!
=============================

 R2
===

 !
en
!
conf t
!
no ip do lo
!
line con 0
 no exec-time
 logging syn
 exit
!
ho R2
!
int lo2
 ip add 2.2.2.2 255.255.255.255
 exit
!
int p1/0
 ip add 12.0.0.2 255.255.255.0
 no sh
 exit
!
int p2/0
 ip add 24.0.0.2 255.255.255.0
 no sh
 exit
!
ipv6 unicast-routing
!
router isis
 net 49.0122.0000.0000.2222.00
 metric-style wide
 add ipv6
 multi
 exit
exit
!
int lo2
 ip router isis
 isis circuit-type level-2
 exit
!
int p1/0
 ip router isis
 isis circuit-type level-2
 exit
!
int p2/0
 ip router isis
 isis circuit-type level-2
 exit
!
end
!
wr
!

 =============================

 R3
===

 !
en
!
conf t
!
no ip do lo
!
line con 0
 no exec-time
 logging syn
 exit
!
ho R3
!
int lo3
 ip add 3.3.3.3 255.255.255.255
 exit
!
int p1/0
 ip add 34.0.0.3 255.255.255.0
 no sh
 exit
!
int p2/0
 ip add 13.0.0.3 255.255.255.0
 no sh
 exit
!
int p3/0
 ip add 35.0.0.3 255.255.255.0
 no sh
 exit
!
ipv6 unicast-routing
!
router isis
 net 49.0133.0000.0000.3333.00
 metric-style wide
 add ipv6
 multi
 exit
exit
!
int lo3
 ip router isis
 isis circuit-type level-2
 exit
!
int p1/0
 ip router isis
 isis circuit-type level-2
 exit
!
int p2/0
 ip router isis
 isis circuit-type level-2
 exit
!
int p3/0
 ip router isis
 isis circuit-type level-1
 exit
!
end
!
wr
!

 =============================

 R4
===

 !
en
!
conf t
!
no ip do lo
!
line con 0
 no exec-time
 logging syn
 exit
!
ho R4
!
int lo4
 ip add 4.4.4.4 255.255.255.255
 exit
!
int p1/0
 ip add 34.0.0.4 255.255.255.0
 no sh
 exit
!
int p2/0
 ip add 24.0.0.4 255.255.255.0
 no sh
 exit
!
ipv6 unicast-routing
!
router isis
 net 49.0144.0000.0000.4444.00
 metric-style wide
 add ipv6
 multi
 exit
exit
!
int lo4
 ip router isis
 isis circuit-type level-2
 exit
!
int p1/0
 ip router isis
 isis circuit-type level-2
 exit
!
int p2/0
 ip router isis
 isis circuit-type level-2
 exit
!
end
!
wr
!
=============================

 R5
===

 !
en
!
conf t
!
no ip do lo
!
line con 0
 no exec-time
 logging syn
 exit
!
ho R5
!
int lo5
 ip add 5.5.5.5 255.255.255.255
 exit
!
int p3/0
 ip add 35.0.0.5 255.255.255.0
 no sh
 exit
!
ipv6 unicast-routing
!
router isis
 net 49.0133.0000.0000.5555.00
 metric-style wide
 add ipv6
 multi
 exit
exit
!
int lo5
 ip router isis
 isis circuit-type level-1
 exit
!
int p3/0
 ip router isis
 isis circuit-type level-1
 exit
!
end
!
wr
!


Simple Trick
=========


Earlier on R5
=========





On R3
=====

Redistribute level-2 into level-1 with a Dummy Access list that doesn't exist.


Later on R5
========


HTH...
Deepak Arora
Evil CCIE
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)