This techguide will show you how to discover the remote side AS number for EIGRP. Lets talk a little about EIGRP so we get some background. We'll it's got it's own protocol (88) number and uses RTP (reliable transport protocol) for delivery. The EIGRP traffic is distributed using IP multicast on address 224.0.0.10 for discovery with updates as unicast and queries as multicast. The initial setup 'are you there' messages are sent as multicast.
So knowing this information we can see that by capturing the traffic between two EIGRP neighbors we should be able to discover the AS number since the AS number will be sent in the discovery as part of the setup process (subsequent updates and replies will also contain the AS#).
To prove it out we've got a basic topology:
R1 is directly connected to R2 using a fast ethernet connection.
We've configured the interfaces already using the network 10.1.12.0/24 with 10.1.12.1/24 for R1 (see below)
and 10.1.12.2/24 for R2
First R1
Then R2
So, we've basically built the basic configuration, nothing fancy. We've added the interface Fa0/0 in for both routers so EIGRP will be enabled onto those. We've also added in the Loopback0 interface of each (just because we did - it has no part to play for this post and can be ignored). You should however give some attention to the chosen EIGRP AS #. Notice that the router R2 has AS# 12345 where R1 is as AS #1. We've done this o illustrate the point that we don't know the remote AS. We need to use an AS number to make EIGRP work int he first place...you can choose any AS number here so long as it isn't 12345 ;-) Think back to the original example where we discussed LA and NJ...you are not supposed to know the AS# otherwise what is the point of debugging the problem?
Right, how do we catch the traffic? Well the router clearly sees all the traffic we need so it makes sense to use the router to collect and show the packets right? OK we all probably know and use 'debug ip packet' but hopefully not on production systems unless you know what you are doing. Here is a screenshot for the command.
Notice the access-list on the end? We could use this to tune down the traffic which the router will be examining. Indeed using 'debug ip packet' on a production system would be suicidal without some sort of filtering. For our demo here however we're not going to need this filtering because we don't have any traffic. You *should* definately note however that there is a missing or 'hidden' command here called 'dump'. IOS has a few of these little easter eggs hiding in the code. Normally it's because they are either really dangerous in the wrong hands or else they are not very well tested and therefore shouldn't be used by mortals. In this case I feel the dump keyword is missed off because if you thought debug ip packet created too much console information to be healthy then adding dumps of data to the console is never going to be the best plan.
So we turn on debugging and ask it to also crack open and dump the data inside the packet like a typical pcap...HEX and all that good stuff.
OK so here is a dump of data. We see the sources are our local Fa0/0 (s=10.1.12.1) and Loopback0 (s=1.1.1.1) interfaces. OK so where is the R2 traffic?
Here's one s=10.1.12.2 great. So where is the AS number man...I bet the big red circle gives it away for you. The first few bytes are header so things like destination MAC for EIGRP mulicast group 224.0.0.10 (0100.5e00.000a) followed by source MAC of R2 (c201.0cab.0000)...etc.
So we have the HEX value of 3039 remember EIGRP uses values from 0 to 65535 which is a 32 bit number (same number of bits as an IP address). So lets pop 3039 into a HEX to DEC calculator and we get 12345...thats IT!
Job done - all we need to do now is change the AS number we used in R1 (AS#1) with the one we just 'discovered' (AS#12345). Now because we can't simply rename the AS number we need to tear down the original and rebuild it. If you had a lot of config below the 'router eigrp' function you are best to do a 'show run | b router eigrp' and copy the config then all you need to do is paste it in.
Job done - enjoy
No comments:
Post a Comment