Properway to right a network statement.
So I'm going through the Route and have always typed out the network statement under EIGRP/OSPF with out much thought. So the test networks I always use are 10.2.76.1 255.255.254.0, 10.2.78.1 255.255.254.0, 172.16.1.1 255.255.255.0
EIGRP
network 10.2.76.0
network 10.2.78.0
network 172.16.1.0
OSPF
network 10.2.76.0 0.0.1.255 area 0
network 10.2.78.0 0.0.1.255 area 0
network 172.16.1.0 0.0.0.255 area 0
Is this the proper way to right them or should I be doing something different? It works just fine but was curious if there was a best practice or guide.
EIGRP
network 10.2.76.0
network 10.2.78.0
network 172.16.1.0
OSPF
network 10.2.76.0 0.0.1.255 area 0
network 10.2.78.0 0.0.1.255 area 0
network 172.16.1.0 0.0.0.255 area 0
Is this the proper way to right them or should I be doing something different? It works just fine but was curious if there was a best practice or guide.
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
Comments
-
networker050184 Mod Posts: 11,962 ModI always prefer to use 0.0.0.0 network statements in a production environment along with passive-default. On the newer IOS releases that support interface based OSPFv2 config I much prefer that. In a lab I just do whatever. I usually use the 10/8 for my router links and do a 10.0.0.0 0.255.255.255 network statement so I don't have to worry about going back and adding it.
As far as the 'right' way to do it, that all depends on your network standards. Always more than one way to make something work.An expert is a man who has made all the mistakes which can be made. -
FloOz Member Posts: 1,614 ■■■■□□□□□□I typically do it to the host IP just to be safe.
e.g
network 10.2.76.1 0.0.0.0
network 10.2.76.1 0.0.0.0 area 0 -
Hondabuff Member Posts: 667 ■■■□□□□□□□I like the host ID method, easy to remember after you do a "show ip interface brief"“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
theodoxa Member Posts: 1,340 ■■■■□□□□□□What networker050184 said.
I prefer --router eigrp 1 no auto-summary network 0.0.0.0 passive-interface default no passive-interface FastEthernet 0/0 no passive-interface Serial 0/0 exit
That said, you will be expected [on Cisco exams] to know how to write a network statement for a specific subnet or interface.
BTW, I would personally use a distribute list to limit what subnets are advertised/learned.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
networker050184 Mod Posts: 11,962 ModThat is not what I meant theodoxa sorry for the confusion. What I prefer is what FloOz put. A /32 network statement with the interface IP. If I was going to use your method I'd use whatever block you are going to address your router to router links off rather than a blanket everything. I really like to control what get's into my routing protocols. That way someone has to try really hard to do something stupid.An expert is a man who has made all the mistakes which can be made.
-
Dieg0M Member Posts: 861Should get used to doing it at the interface level as it is shifting that way with NX-OS and IPv6Follow my CCDE journey at www.routingnull0.com
-
networker050184 Mod Posts: 11,962 ModUnfortunately that method is not supported in all versions of IOS d4nz1g. I try to keep things that can be configured the same across versions to help make automation, audits and templatization as easy as possible with as few caveats as possible.An expert is a man who has made all the mistakes which can be made.
-
Hondabuff Member Posts: 667 ■■■□□□□□□□Just started to watch the Cisco Video Mentor CCNP Route video series from Kevin Wallace and boy is it good. He throws a lot of cool tips as he goes. One was a short cut for writing your wildcard statements. You take 255 minus each octet. So if you have 255.255.254.0, you subtract 255 from each which leaves you 0.0.1.255. He also said that the IOS will also automatically do it for you. I confirmed it on my lab. Here is my example.
So my question is, Why would you need to even write a wild card mask if you can just right the subnet mask?
works with EIGRP or OSPF
R1(config)#router eigrp 1
R1(config-router)#network 10.2.76.1 255.255.254.0
R1(config-router)#network 172.16.1.1 255.255.255.0
R1(config-router)#network 3.3.3.3 255.255.255.255
R1#sho ip protocols
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
3.3.3.3/32
10.2.76.0/23
172.16.1.0/24
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
gorebrush Member Posts: 2,743 ■■■■■■■□□□In a production environment I would want to be exact with network statements. It's sloppy to do like, 0.0.255.255 or something similar. Oh, and it's a security thing - if you enable a new interface then you could have OSPF going off in directions you don't want.
In a lab, I generally don't care though. -
Hondabuff Member Posts: 667 ■■■□□□□□□□In a production environment I would want to be exact with network statements. It's sloppy to do like, 0.0.255.255 or something similar. Oh, and it's a security thing - if you enable a new interface then you could have OSPF going off in directions you don't want.
In a lab, I generally don't care though.
Since you touched the Security aspect of it, It was also brought up that the passive interface default should always be used then use the "no passive interface" command to assign what routes go out which interface. Works great for branch offices where the route updates only need to go out the VPN tunnel.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
xnx Member Posts: 464 ■■■□□□□□□□I'd stick to the actual host address itself e.g 'network 10.24.12.254 0.0.0.0'Getting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently -
Hondabuff Member Posts: 667 ■■■□□□□□□□So here is another question I thought of while watching the video series and it deals with route summarization. What is the rule for how may routes have to be on a router before you have to summarize? OSPF was written on a cave wall and we Cisco students tell the stories to our children of our elders ways. I mean seriously, with todays processors you should be able to have a hundred routes and not have to worry about conserving memory. One of the other unwritten rules was Cisco recommends no more then 100 hosts per network due to broadcasts, hence why corporations like using the /23 subnet mask.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
networker050184 Mod Posts: 11,962 ModThere really isn't a rule. Different hardware has different forwarding table sizes, different processing power etc.
As far as broadcast, some systems are pretty chatty with broadcasts. It's best to keep the broadcast domains as small as possible.An expert is a man who has made all the mistakes which can be made. -
gorebrush Member Posts: 2,743 ■■■■■■■□□□I think a lot has to do with the design, I mean why would you want stuff that's non area zero with anything other than it's own area and a default route towards A0 anyway?
Inside A0 I'm sure I read like, 500 routers should be in A0, so that by itself can create a few thousand routes if we imagine that each router has a leg or two or different networks.
Not sure if OSPF can reach BGP scale though... ? -
Hondabuff Member Posts: 667 ■■■□□□□□□□networker050184 wrote: »There really isn't a rule. Different hardware has different forwarding table sizes, different processing power etc.
As far as broadcast, some systems are pretty chatty with broadcasts. It's best to keep the broadcast domains as small as possible.
As far as broadcast, some systems are pretty chatty with broadcasts. It's best to keep the broadcast domains as small as possible.
That's one of those statements that you hear thrown around but no one says what is the max limit. Limit=500. Learned that somewhere in my Cisco travels and painted it on my cave wall to tell my kids“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
gorebrush Member Posts: 2,743 ■■■■■■■□□□That one is for hosts I think. Though I reckon Cisco just like, 500.
-
networker050184 Mod Posts: 11,962 ModWell, there really isn't a max limit to a hard number. There are suggestions sure, but it's really more how much broadcast traffic is being generated.An expert is a man who has made all the mistakes which can be made.
-
d4nz1g Member Posts: 464networker050184 wrote: »Unfortunately that method is not supported in all versions of IOS d4nz1g. I try to keep things that can be configured the same across versions to help make automation, audits and templatization as easy as possible with as few caveats as possible.
Never heard of that before, thanks for warning me
All the devices that I have ever used supported this configuration, mainly ISR routers with ios 12.4 and 15 -
Iristheangel Mod Posts: 4,133 ModI also use the host address. I used to put the specific subnet in but I've grown a bit more picky as time goes on. If the IOS version allows it or I'm on NX-OS, I'm adding it at the interface-level.
As far as broadcasts, I shy away from giving a hard number. "It depends" is really the answer anyone should give before they get more information. Is this a branch, corporate office, data center, etc? What kind of applications are being run on the hosts on this broadcast domain? How many hosts? And similar questions need to be answered. I had a customer ask me for a hard number a couple of months ago and I wouldn't give him a hard answer until he gave me a bit more information on the environment. In the end, he was running a ton of legacy equipment that was EXTREMELY chatty so having 500 hosts on that subnet wouldn't have been the way to go.