Firepower EIGRP configuration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi and welcome to entraz we're going to have a quick video here showing how to configure eigrp on a firepower appliance and a cisco 3560cx switch now i recently upgraded to version 6.7 on my firepower and it's given us a few more options so first we have to look at the setup of our switch now in this case we do a show interface status i put in here a few of my different ports so my firepower data connection is on vlan 20 and my computer is of course on vlan 100. the firepower management is on vlan 10. so we'll look at that in a moment as well looking at my computer we can come in here and do an ipconfig and see that we are on the 10.0.100.100 network and host ip so from here let's do show run and do a section of router so you'll see here that we currently have router ergrp1 configured with a network of 10.0.0.0 which will encompass all of our 10 networks if we do a show ip interface brief we can do exclusion of unassigned which will show all of our 10 networks in this case all 10 will be included show ipe or jrp interface will also tell us which vlans or other interfaces are included in the ergrp process as you see here now currently if we do a pang of 10.0 i'm able to get to my firepower device over this vlan 20 i created earlier on gig 0109 if we do a show ipr you'll see here that 20.252 is indeed on vlan 20 and we have the mac address here of 8vff if we want to realize that on our firepower appliance but for now let's go over to our firepower appliance and i want to show you my configurations i did on ethernet one slash eight now you'll see here by default that the bridge group contained all of these internal interfaces uh two through eight so i removed ethernet one slash eight from here by just removing the group member from the bridge group specific interfaces from here i went to interfaces ethernet 1 8 and gave an ip address of that 10.0.20.252 which is a static routed interface as you see here i change the interface name saying that it's routed instead of the internal switched and gave it an ip address of 1020 252. so one of the big changes that cisco has made recently in 6.7 is it's given us the ability to manage dynamic routing protocols sadly we only have bgp ospf and ergrp rip and isis are unavailable one of the other things we'll notice when we get into er grp as well is that it's kind of difficult now we can come over here to commands it'll show routes ipv6 routes bgp and ospf but doesn't show ergrp for some reason so let's come over here and do show routes and we'll see that we have connected and link local so 10.0.20.252 is directly connected and 192.168.1.1 is also connected as a static ip address configured on that inside uh bvi so let's create our ergrp object and we're going to give it a name so ergrp and you're going to notice that we don't have named mode so we just have to specify an autonomous system number in this case we have to choose the same one from our switch show ip protocols over here will show us that we have ergrp running on this device so we need to make sure we're using autonomous system one so it matches now from here you can just hit ok and that's it but the problem is this is the only command that it will apply once you come over here to show disabled you get a lot of other configuration examples such as the setup er grp configuration for advanced or not where this is where you can specify auto summary router id distance default metrics if it's erg stub or not we don't want to worry about this at the moment so we'll just hit that disable sign and come over here to network object once again it is disabled with the plus sign so we hit the plus sign and you're going to notice a couple dots on the left hand side these couple dots allow us to duplicate the line in case we have more than one network object in this case we might want to come in here and say okay well we only want that inside interface in ergrp well the firepower appliance is only object-based which again is one of the things i really can't stand but we have to do it so we create a new network called inside e one slash eight this is going to be a host address 10.0.1.1 so that's the i p address of our one slash eight interface once we create this interface we can choose it inside e one slash eight and if we have more we can add them but for now we can remove it because we really don't need to add more than one network you can add routing instance parameters if you wanted to for passive and active now what this does is it has that no and passive interface default capability so if you did do the ten zero zero zero slash eight it would put all of them in that particular subnet into ergrp so from here we can do a passive interface default and choose a specific interface we want to allow in the ergrp process in this case inside a the routed interface if we wanted to specify oh by the way we can do multiple no passive interfaces with the three dots if we wanted to specify unicast manual neighbor configuration we can do that here we can also specify a default information in and out via an acl if we create one we can also do filter rules so we can specify in and outbound for direction and specify distribute list acls inbound or in an interface but we're really not going to worry about this right now so we'll disable it and you can also do distribution so like if you wanted to redistribute bgp connected isis ospf ripper static which is kind of interesting that isis and rip are listed here even though you can't configure them on the main page anyway uh let's just say connected we can specify an identifier as well which is the process id or as number or dot number if ignored if not applicable so we'll just say none so redistribute connected is here but we can also specify a route map if we only want specific connected routes now keep in mind you can also do static here if you wanted to provide like a default route in ergrp and use the route map to only allow that particular you know default route we can also specify the metric information if we wanted to do that as well but for now we're not going to do a route map but let's leave redistribution of connected no passive interface and the network configuration and hit ok once you hit ok it's going to be temporarily written to memory and then we have to deploy what we've written in this case we created the network object for a host network tensor 2252 and added the ergrp process and its various configuration so from here we hit deploy now and it'll take a while to actually deploy we'll come back when that's done so here we are done with the deployment of ergp you're going to see that it took about a minute and 41 seconds to apply a simple ergrp configuration once again i know it's my own personal opinion here but the past cisco devices were instantaneous but now you have to wait a minute and 41 seconds to deploy something oh well i guess it's just what we got to deal with so let's come over here and verify on our switch show ip er grp interfaces you're going to notice we now have a pier on vlan 20. you show iprgrp neighbors and we have the neighbor of the firepower show iprout ergrp currently we don't have anything on the switch however let's go back to this guy and do a show routes now there you go and you're going to notice that we received d which is the ergrp process in the routing table of the firepower in the cli console we can get to 10.0.10.0 and 10.0.100.0 now so if i was able to ping this device 10.0.20.2 and i can ping it now for my workstation let's do show ergrp interfaces and you're going to see that we have one pier on the inside8 routed gives us various information about it let's see what else we can provide show er grp we can show events so we're going to see we got connections and updates show ergrp neighbors just keep in mind you have to tab it out so it says the the whole command 10.0.20.1 is the neighbor the ip address of the switch we can also do show erg topology which gives us the passive networks we've learned 1010 1020 and 10 0 100. that's our ergrp topology lastly show ergrp traffic this can show us some of the traffic we get as far as hellos updates and queries replies acknowledgements if we have any stuck in actives and process ids so there you go i mean that was pretty simple let's do show route on the firepower and we'll be able to get to all of our different devices one of the things that does make me sad about the firepower cli console is the fact that these are the only options you get packet tracer ping show commands shutdown traceroute failover and reboot and you have to spell out the entire command otherwise it won't work luckily if we do a show running dash config router this will show us the configuration that was provided router er grp1 the network statement passive interface default no passive in inside 8 routed and of course redistribute connected so we really don't have anything to redistribute to the switch i guess but once we create new interfaces sub interfaces or zones on the firepower appliance they'll show up here on the switch because as we saw before show iper jrp neighbors it is now our neighbor in the next video we'll be looking into creating ospf bgp and of course static routes a lot of these are basically the same where you have ospf configuration here you can create ospf objects keep in mind ospf is process configuration and specific interface settings bgp a little different here has the ability to create the bgp template based on the as numbers and ip protocols but you also have bgp global settings so we'll be going through ospf and bgp in individual videos coming up so once again stay tuned for that thank you for watching

Info

Channel: NTRaaS

Views: 56

Rating: undefined out of 5

Keywords: 1010, cisco, eigrp, firewpower, routing

Id: d-ZaKr9x97k

Channel Id: undefined

Length: 13min 19sec (799 seconds)

Published: Mon Mar 15 2021