EIGRP Challenge
Lab Objectives
- Build and verify an EIGRP backbone among R1–R4 (AS 111), using interface control for EIGRP advertisements.
- Implement route summarization on R2 and selectively leak one specific subnet through the summary.
- Configure variance on R2 to permit unequal-cost load sharing (prepare the router to accept feasible successors).
Lab Tasks (Try It Yourself First!)
Complete these tasks WITHOUT looking at the solution below. Use
?andshowcommands to figure it out.
Task 1: Configure EIGRP AS 111 on all routers
Configure EIGRP on R1, R2, R3 and R4 using AS 111. Use a minimal set of passive-interface commands so loopback or switch-facing interfaces do not send EIGRP updates, but keep the router-to-router interfaces active.
Parameters (do NOT paste commands here): enable EIGRP AS 111, set passive-interface default then no passive-interface for router interconnect GigabitEthernet interfaces.
Task 2: Configure summarization with a leak on R2
On R2, summarize the 192.168.0.0 networks into a single summary (192.168.0.0/16) on the interface toward R1, but leak the specific 192.168.1.0/24 subnet so that this individual route is still advertised.
Parameters: create an ACL that matches 192.168.1.0/24, create a route-map to match that ACL, and apply ip summary-address eigrp 111 192.168.0.0 255.255.0.0 leak -map <route-map> on the R2 interface toward R1.
Task 3: Enable variance on R2 for unequal-cost load balancing
Configure EIGRP variance on R2 (use variance 3) to allow feasible successors with cost up to 3× the successor cost to be used for load sharing.
Parameters: under router eigrp 111 set variance 3.
Think About It: If the topology is a strict hub-and-spoke (R1 connected directly to R2/R3/R4), why might variance have little or no immediate effect? What topology changes would make variance meaningful in production?
Lab Solution
The solution below uses only the commands and techniques shown in the reference material. Each command block is followed by an explanation, why it matters, and a verification command with expected output.
Topology (ASCII) — exact IPs on every router interface
Note: every interface IP uses the exact addressing from the base topology.
[Internet]
203.0.113.1
|
R1 (Gateway)
Gi0/0: 10.10.10.1 Gi0/1: 10.10.20.1 Gi0/2: 10.10.30.1
/ | \
R2 R3 R4
Gi0/0: 10.10.10.2 Gi0/0: 10.10.20.2 Gi0/0: 10.10.30.2
Gi0/1: 10.10.40.1
/ \ |
S1 S2 S3
/ \ | / \
PC1 PC2 PC3 PC4 PC5
(PC and switch IPs are in the 192.168.x.0/24 networks as per the IP scheme. R2 is the distribution for the 192.168.0.0/16 subnets.)
Task 1 Solution: Configure EIGRP AS 111 on all routers
What we are doing: Enable EIGRP (AS 111) on each router and prevent EIGRP updates from being sent on non-router-facing interfaces by using passive-interface default, then selectively enabling the inter-router interfaces.
! On each router (example shown for R1)
R1(config)#router eigrp 111
R1(config-router)#passive-interface default
R1(config-router)#no passive-interface GigabitEthernet0/0
R1(config-router)#no passive-interface GigabitEthernet0/1
R1(config-router)#no passive-interface GigabitEthernet0/2
! On R2
R2(config)#router eigrp 111
R2(config-router)#passive-interface default
R2(config-router)#no passive-interface GigabitEthernet0/0
R2(config-router)#no passive-interface GigabitEthernet0/1
! On R3
R3(config)#router eigrp 111
R3(config-router)#passive-interface default
R3(config-router)#no passive-interface GigabitEthernet0/0
! On R4
R4(config)#router eigrp 111
R4(config-router)#passive-interface default
R4(config-router)#no passive-interface GigabitEthernet0/0
R4(config-router)#no passive-interface GigabitEthernet0/0
What just happened:
router eigrp 111places the router into EIGRP autonomous system 111 so it forms adjacency with other AS 111 routers.passive-interface defaultprevents EIGRP Hellos from being sent on all interfaces by default — this avoids unnecessary neighbor attempts on interfaces connected to end devices.no passive-interface GigabitEthernetX/Yre-enables EIGRP Hellos on router-to-router links so adjacencies form on those links.
Verify:
R1#show ip route eigrp
Codes: C - connected, L - local, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external
D 10.10.10.0/24 [90/30720] via 10.10.10.2, 00:00:12, GigabitEthernet0/0
D 10.10.20.0/24 [90/30720] via 10.10.20.2, 00:00:12, GigabitEthernet0/1
D 10.10.30.0/24 [90/30720] via 10.10.30.2, 00:00:12, GigabitEthernet0/2
Tip: If you do not see D (EIGRP) routes, run
show ip eigrp neighborsto confirm adjacency status.
Task 2 Solution: Configure summarization with a leak on R2
What we are doing: On R2 we will advertise a summary 192.168.0.0/16 toward R1 while leaking the specific 192.168.1.0/24 route so it continues to be known as a specific prefix.
! On R2
R2(config)#access-list 77 permit 192.168.1.0 0.0.0.255
R2(config)#route-map LM permit 10
R2(config-route-map)#match ip address 77
R2(config-route-map)#exit
R2(config)#interface GigabitEthernet0/0
R2(config-if)#ip summary-address eigrp 111 192.168.0.0 255.255.0.0 leak -map LM
What just happened:
access-list 77 permit 192.168.1.0 0.0.0.255creates an ACL that matches the specific subnet we want to leak.route-map LMwithmatch ip address 77uses that ACL in a route-map named LM. The route-map is used as a filter for the leak mechanism.ip summary-address eigrp 111 192.168.0.0 255.255.0.0 leak -map LMcreates a summary route for the 192.168.0.0/16 network on the interface toward R1, but theleak -map LMportion ensures the specific 192.168.1.0/24 is still advertised (leaked) despite the summary.
Why it matters: In production, summarization reduces routing table size and LSA/advertisement churn across the backbone. The leak option lets you keep a specific route visible when you need granular reachability for a critical subnet.
Verify:
R1#show ip route
Codes: C - connected, L - local, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external
D 192.168.0.0/16 [90/30720] via 10.10.10.2, 00:00:22, GigabitEthernet0/0
D 192.168.1.0/24 [90/30720] via 10.10.10.2, 00:00:22, GigabitEthernet0/0
- Expect to see both the summary (192.168.0.0/16) and the leaked specific route (192.168.1.0/24). The presence of the specific route confirms the leak-map worked.
Task 3 Solution: Configure variance on R2 for unequal-cost load balancing
What we are doing: Allow feasible successors up to 3× the metric of the successor to become active for packet forwarding.
R2(config)#router eigrp 111
R2(config-router)#variance 3
What just happened:
variance 3tells EIGRP to consider feasible successor routes whose metric is less than or equal to 3 times the metric of the best route (successor). This enables unequal-cost load sharing when feasible successors exist.
Why it matters: In real networks, unequal-cost load balancing can increase effective bandwidth utilization by using secondary paths that are still acceptable in metric. You should only enable variance after calculating metrics to ensure traffic is not routed over excessively poor links.
Verify:
R2#show ip route 192.168.1.0
Routing entry for 192.168.1.0/24
Known via "eigrp 111", distance 90, metric 30720
Tag 0
Redistributing via eigrp 111
Last update from 10.10.10.1 on GigabitEthernet0/0, 00:00:12 ago
Routing Descriptor Blocks:
* 10.10.10.1, from 10.10.10.1, 00:00:12 ago, via GigabitEthernet0/0
Route metric is 30720, traffic share count is 1
- If multiple EIGRP next-hops are available and their metrics fall within the variance,
traffic share countwould be >1 indicating load sharing.
Important: In a pure hub-and-spoke topology (R1 connected to R2/R3/R4 only), you may not see multiple feasible successors.
varianceprepares the router to use unequal-cost paths but does not create parallel paths by itself.
Troubleshooting Scenario
Scenario: The leaked subnet 192.168.1.0/24 does not appear on R1
Symptom: show ip route 192.168.1.0 on R1 shows only the summary 192.168.0.0/16; the /24 is missing.
Your task: Find and fix the issue.
Hint: Check the ACL and route-map used by the leak; a mismatch in the ACL will prevent leaking.
Solution:
- On R2 confirm the ACL:
R2#show access-lists 77
Standard IP access list 77
10 permit 192.168.1.0 0.0.0.255
- Confirm the route-map references the ACL:
R2#show route-map LM
route-map LM, permit, sequence 10
Match clauses:
ip address: 77
- If ACL entry is missing or incorrect, recreate it:
R2(config)#no access-list 77
R2(config)#access-list 77 permit 192.168.1.0 0.0.0.255
- Reapply or reissue
ip summary-addresson the interface if needed.
Verification Checklist
- EIGRP adjacencies exist between R1–R2, R1–R3, and R1–R4 (
show ip eigrp neighbors). - R1 shows both 192.168.0.0/16 summary and 192.168.1.0/24 leaked route (
show ip route). - R2 has
variance 3configured underrouter eigrp 111(show running-config | section router eigrp).
Common Mistakes
| Symptom | Cause | Fix |
|---|---|---|
| Leaked subnet not present on other routers | ACL used in route-map does not match the subnet (typo) | Recreate ACL with correct wildcard (0.0.0.255) and reapply route-map |
| No EIGRP neighbors | passive-interface left active on inter-router links | Use no passive-interface GiX/Y on router-to-router links |
| Summary hides a route you still need | leak -map not used or route-map not applied correctly | Ensure ip summary-address ... leak -map LM is on the correct interface and route-map matches the intended prefix |
Challenge Task
Using only the topology provided, and without adding physical links, design a plan (no commands required here) to create a scenario where variance 3 will actually produce unequal-cost multipath forwarding for 192.168.1.0/24. Describe which links' metrics you would alter and on which routers so that feasible successors appear and traffic would be split.
Real-world insight: In production datacenters, you create multiple physical or logical paths (for example, spine-leaf redundancies) so EIGRP variance or ECMP can actually share traffic. Simply enabling variance without alternate feasible successors gives no benefit.
Key Takeaways
- EIGRP must be enabled correctly on inter-router interfaces;
passive-interface defaultis a quick way to reduce unnecessary neighbor chatter. - Summarization reduces routing table size and routing churn; the leak option plus a route-map/ACL lets you keep a specific subnet visible while summarizing the rest.
- Variance allows unequal-cost load sharing but requires feasible successors to exist—topology and metrics determine whether it will be used.
Remember: think like an operator — summarization simplifies the core, leaking preserves the important specifics, and variance is a tool to exploit alternate good-enough paths when you actually have them.