Multi-Area OSPF configuration between Cisco, Juniper and Mikrotik Routers

Multi-Area OSPF configuration between Cisco, Juniper and Mikrotik Routers

Initial Configuration:

  • Cisco
! Configure device host name
hostname Cisco
!
!DHCP Server Configuration
ip dhcp pool LAN
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.254 
 dns-server 8.8.8.8 
 domain-name bsnetworking.local
 lease 2
!
! Configure interface ipv4 addresses, descriptions and enable nat 
interface Ethernet0/0
 description Lan Connection
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 no shutdown
!
interface Ethernet0/1
 description Juniper COnnection
 ip address 10.0.0.1 255.255.255.252
 ip nat inside
 no shutdown
!
interface Ethernet0/2
 description Mikrotik COnnection
 ip address 10.0.0.5 255.255.255.252
 ip nat inside
 no shutdown
!
interface Ethernet0/3
 description Internet Connection
 ip address dhcp
 ip nat outside
 no shutdown
!
! NAT rule
ip nat inside source list NAT interface Ethernet0/3 overload
!
! Default route to my network gateway
ip route 0.0.0.0 0.0.0.0 172.16.210.254
!
! NAT ACL
ip access-list standard NAT
 permit 192.168.0.0 0.0.3.255
!Save Configs
Cisco#write memory 
Building configuration...
[OK
!Test Internet Connectivity
Cisco#ping www.google.com
Translating "www.google.com"...domain server (172.16.208.66) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.206.105, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 39/43/49 m
  • Juniper
root# cli
root@> configure

[edit]
root@#

! Configure root password
[edit]
root@# set system root-authentication plain-text-password
New password: Juniper
Retype new password: Juniper

! Configure admin user and password
[edit]
root@# set system login user admin class super-user authentication plain-text-password    
New password: Juniper
Retype new password: Juniper

! Configure device host name
[edit]
admin@# set system host-name SRX

! Save and make changes effective
[edit]
root@# commit
commit complete

! Delete default interface configuration and security policies
[edit]
admin@SRX# delete interfaces ge-0/0/0
admin@SRX# delete interfaces ge-0/0/1
admin@SRX# delete security

! Configure interface ipv4 addresses
admin@SRX# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.254/24
admin@SRX# set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.2/30
admin@SRX# set interfaces ge-0/0/3 unit 0 family inet address 10.0.0.9/30 

! Configure interface comments
admin@SRX# edit interfaces
[edit interfaces]
admin@SRX# annotate ge-0/0/0 "Local Connection"
admin@SRX# annotate ge-0/0/1 "Cisco Connection"
admin@SRX# annotate ge-0/0/3 "MikroTik Connection"
admin@SRX# up

!Configure DHCP service
[edit]
admin@SRX# set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.1 high 192.168.1.250
admin@SRX# set system services dhcp pool 192.168.1.0/24 default-lease-time 172800
admin@SRX# set system services dhcp pool 192.168.1.0/24 domain-search bsnetworkin.local
admin@SRX# set system services dhcp pool 192.168.1.0/24 name-server 8.8.8.8
admin@SRX# set system services dhcp pool 192.168.1.0/24 router 192.168.1.254

! Since the SRX in a firewall we will nede to configure the security policy to allow traffic
! Start by setting the security zones
[edit]
admin@SRX# set security zones security-zone trust interfaces ge-0/0/0
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3

! Then allow traffic - all from trusted, ping and ospf on the untrusted
[edit]
admin@SRX# set security policies from-zone trust to-zone untrust policy ALLOW-ALL match source-address any destination-address any application any
admin@SRX# set security policies from-zone trust to-zone untrust policy ALLOW-ALL then permit 
admin@SRX# set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services ping
admin@SRX# set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services dhcp
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 host-inbound-traffic system-services ping
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3 host-inbound-traffic system-services ping
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/1 host-inbound-traffic protocols ospf
admin@SRX# set security zones security-zone untrust interfaces ge-0/0/3 host-inbound-traffic protocols ospf

[edit]
root@# commit
commit complete
  • Mikrotik
login: admin                                                                                                                                                assword: 
password:
  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.37.3 (c) 1999-2016       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level

! Configure interfaces
[admin@MikroTik] > ip address add address=192.168.2.254/24 interface=ether1
[admin@MikroTik] > ip address add address=10.0.0.6/30 interface=ether3
[admin@MikroTik] > ip address add address=10.0.0.10/30 interface=ether4

! Configure DHCP Server
[admin@MikroTik] > ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface: ether1
Select network for DHCP addresses 

dhcp address space: 192.168.2.0/24
Select gateway for given network 

gateway for dhcp network: 192.168.2.254
Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.2.1-192.168.2.250
Select DNS servers 

dns servers: 8.8.8.8
Select lease time 

lease time: 7200m

[admin@MikroTik] >

OSPF Configuration:

  • Cisco
router ospf 1
 router-id 1.1.1.1
 passive-interface default
 no passive-interface Ethernet0/1
 no passive-interface Ethernet0/2
 network 10.0.0.1 0.0.0.0 area 0
 network 10.0.0.5 0.0.0.0 area 0
 network 192.168.0.254 0.0.0.0 area 51
 default-information originate
  • Juniper
[edit]
admin@SRX# set protocols ospf area 0.0.0.0 interface ge-0/0/1
admin@SRX# set protocols ospf area 0.0.0.0 interface ge-0/0/3
admin@SRX# set protocols ospf area 0.0.0.1 interface ge-0/0/0
admin@SRX# set routing-options router-id 2.2.2.2
admin@SRX# set protocols ospf area 0.0.0.1 interface ge-0/0/0 passive

[edit]
root@# commit
  • MikroTik
[admin@MikroTik] > routing ospf instance set 0 router-id=3.3.3.3
[admin@MikroTik] > routing ospf network add network=10.0.0.4/30 area=backbone 
[admin@MikroTik] > routing ospf network add network=10.0.0.8/30 area=backbone
[admin@MikroTik] > routing ospf area add name=area2 area-id=0.0.0.2 
[admin@MikroTik] > routing ospf network add network=192.168.2.0/24 area=area2

OSPF Verification:

  • Cisco
Cisco# show ip route

Gateway of last resort is 172.16.210.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.16.210.254
 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Ethernet0/1
L 10.0.0.1/32 is directly connected, Ethernet0/1
C 10.0.0.4/30 is directly connected, Ethernet0/2
L 10.0.0.5/32 is directly connected, Ethernet0/2
O 10.0.0.8/30 [110/11] via 10.0.0.2, 01:32:56, Ethernet0/1
 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.16.208.66/32 [254/0] via 172.16.210.254, Ethernet0/3
C 172.16.210.0/24 is directly connected, Ethernet0/3
L 172.16.210.10/32 is directly connected, Ethernet0/3
 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, Ethernet0/0
L 192.168.0.254/32 is directly connected, Ethernet0/0
O IA 192.168.1.0/24 [110/11] via 10.0.0.2, 01:32:56, Ethernet0/1
O IA 192.168.2.0/24 [110/20] via 10.0.0.6, 00:08:16, Ethernet0/2
  • Juniper
admin@SRX> show route 

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[OSPF/150] 01:33:11, metric 1, tag 1
 > to 10.0.0.1 via ge-0/0/1.0
10.0.0.0/30 *[Direct/0] 02:19:25
 > via ge-0/0/1.0
10.0.0.2/32 *[Local/0] 02:19:25
 Local via ge-0/0/1.0
10.0.0.4/30 *[OSPF/10] 00:13:21, metric 11
 to 10.0.0.1 via ge-0/0/1.0
 > to 10.0.0.10 via ge-0/0/3.0
10.0.0.8/30 *[Direct/0] 02:00:45
 > via ge-0/0/3.0
10.0.0.9/32 *[Local/0] 02:00:45
 Local via ge-0/0/3.0
192.168.0.0/24 *[OSPF/10] 01:35:51, metric 11
 > to 10.0.0.1 via ge-0/0/1.0
192.168.1.0/24 *[Direct/0] 02:19:25
 > via ge-0/0/0.0
192.168.1.254/32 *[Local/0] 02:19:25
 Local via ge-0/0/0.0
192.168.2.0/24 *[OSPF/10] 00:11:20, metric 11
 > to 10.0.0.10 via ge-0/0/3.0
224.0.0.5/32 *[OSPF/10] 02:00:46, metric 1
 MultiRecv
  • MikroTik
[admin@MikroTik] > ip route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 # DST-ADDRESS PREF-SRC GATEWAY DISTANCE
 0 ADo 0.0.0.0/0 10.0.0.5 110
 1 ADo 10.0.0.0/30 10.0.0.9 110
 2 ADC 10.0.0.4/30 10.0.0.6 ether3 0
 3 ADC 10.0.0.8/30 10.0.0.10 ether4 0
 4 ADo 192.168.0.0/24 10.0.0.5 110
 5 ADo 192.168.1.0/24 10.0.0.9 110
 6 ADC 192.168.2.0/24 192.168.2.254 ether1 0

VPCS Configuration and connectivy test

! VPCS connected to the Juniper 
VPCS> show ip

NAME        : VPCS[1]
IP/MASK     : 0.0.0.0/0
GATEWAY     : 0.0.0.0
DNS         : 
MAC         : 00:50:79:66:68:04
LPORT       : 20000
RHOST:PORT  : 127.0.0.1:30000
MTU         : 1500

VPCS> ip dhcp 
DORA IP 192.168.1.1/24 GW 192.168.1.254

VPCS> sh ip 

NAME : VPCS[1]
IP/MASK : 192.168.1.1/24
GATEWAY : 192.168.1.254
DNS : 8.8.8.8 
DHCP SERVER : 192.168.1.254
DHCP LEASE : 165932, 172800/86400/151200
MAC : 00:50:79:66:68:06
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
VPCS> ping 8.8.8.8

84 bytes from 8.8.8.8 icmp_seq=1 ttl=43 time=40.357 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=43 time=37.800 ms
^C
VPCS> ping www.google.com
www.google.com resolved to 216.58.210.132

84 bytes from 216.58.210.132 icmp_seq=1 ttl=50 time=19.273 ms
84 bytes from 216.58.210.132 icmp_seq=2 ttl=50 time=24.082 ms
84 bytes from 216.58.210.132 icmp_seq=3 ttl=50 time=24.190 ms
^C
VPCS> ping 192.168.1.1

192.168.1.1 icmp_seq=1 ttl=64 time=0.001 ms
192.168.1.1 icmp_seq=2 ttl=64 time=0.001 ms
192.168.1.1 icmp_seq=3 ttl=64 time=0.001 ms
192.168.1.1 icmp_seq=4 ttl=64 time=0.001 ms
192.168.1.1 icmp_seq=5 ttl=64 time=0.001 ms

VPCS> ping 192.168.2.250

84 bytes from 192.168.2.250 icmp_seq=1 ttl=62 time=10.254 ms
84 bytes from 192.168.2.250 icmp_seq=2 ttl=62 time=5.118 ms
84 bytes from 192.168.2.250 icmp_seq=3 ttl=62 time=3.961 ms
84 bytes from 192.168.2.250 icmp_seq=4 ttl=62 time=4.818 ms
84 bytes from 192.168.2.250 icmp_seq=5 ttl=62 time=3.714 ms

VPCS>

A special thanks to my follower @vitorhg20080int3 for pointing the location of the MiKroTik image.

It´’s all for now, see U in the next post.

Stay good.

Advertisements

One thought on “Multi-Area OSPF configuration between Cisco, Juniper and Mikrotik Routers

  1. Very useful!
    Awesome configs running on multi vendor software with the same standard protocols, in this case ospf, showing that standards protocols are awesome!
    I’m gonna try it!

    Liked by 1 person

Comments are closed.