配置RIPv2
目录
配置RIPv2 ....................................................................................................................................... 1 一、 实验一:基本的RIP配置 ............................................................................................... 2
1.1 实验拓扑 ....................................................................................................................... 2 1.2 配置 ............................................................................................................................... 2 1.3 调试 ............................................................................................................................... 3 1.4 恢复到RIP缺省的工作方式 ....................................................................................... 5 二、 实验二:与RIPv1的兼容性 ........................................................................................... 7
2.1 实验拓扑 ....................................................................................................................... 7 2.2 实验环境基本配置 ....................................................................................................... 7 2.3 RIP配置 ....................................................................................................................... 9 2.4 调试(观察RIP报文)............................................................................................. 10 2.5 两种修正方法 ............................................................................................................. 13 三、 实验三:使用VLSM ..................................................................................................... 19
3.1 说明 ............................................................................................................................. 19 3.2 实验拓扑 ..................................................................................................................... 19 四、 实验四:不连续的子网和无类别路由选择 ................................................................. 20
4.1 实验拓扑 ..................................................................................................................... 20 4.2 基本实验环境配置 ..................................................................................................... 20 4.3 调试 ............................................................................................................................. 22 4.4 关闭自动汇总 ............................................................................................................. 23 五、 实验五:认证 ................................................................................................................. 25
5.1 说明 ............................................................................................................................. 25 5.2 实验拓扑 ..................................................................................................................... 25 5.3 基本实验环境配置 ..................................................................................................... 25 5.4 配置明文认证 ............................................................................................................. 27 5.5 配置MD5认证 .......................................................................................................... 32 5.6 钥匙管理 ..................................................................................................................... 35 六、 故障排除 ......................................................................................................................... 37
实心大白菜
Give it everything you've got.
一、 实验一:基本的RIP配置
1.1
实验拓扑
1.2 配置
R1 R1>en R1#conf t
R1(config)#int fa 0/0 R1(config-if)#no sh
R1(config-if)#ip add 192.168.1.1 255.255.255.128 R1(config-if)#int lo 0
R1(config-if)#ip add 172.25.0.1 255.255.128.0 R1(config-if)#router rip
R1(config-router)#version 2 //路由器只发送和接收RIPv2的信息。 R1(config-router)#network 172.25.0.0 R1(config-router)#net 192.168.1.0 R1(config-router)# R2 R2>en R2#conf t
实心大白菜
Give it everything you've got.
R2(config)#int lo 0
R2(config-if)#ip add 172.25.1.2 255.255.192.0 R2(config-if)#int fa 0/0 R2(config-if)#no sh
R2(config-if)#ip add 192.168.1.2 255.255.255.128 R2(config-if)#router rip
R2(config-router)#version 1 //路由器只发送和接收RIPv1消息的方式 R2(config-router)#network 172.25.0.0 R2(config-router)#network 192.168.1.0 R2(config-router)#
1.3 调试
说明:
使用抓包工具查看路由器之间的RIP数据
缺省时,在cisco路由器上配置一个RIP进程将只发送RIPv1的消息,但同时接收RIPv1和RIPv2的消息。
路由器之间的RIP数据包如下所示
实心大白菜
Give it everything you've got.
查看R1的路由选择表 R1(config-router)#do show ip route
实心大白菜
Give it everything you've got.
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.25.0.0/17 is subnetted, 1 subnets
C 172.25.0.0 is directly connected, Loopback0 192.168.1.0/25 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0 R1(config-router)#
1.4 恢复到RIP缺省的工作方式
配置
可以在路由器的RIP配置模式下,键入命令no version 回复到原来的缺省方式 R1(config-router)#no version R1(config-router)#
R2(config-router)#no version R2(config-router)#
观察数据包
实心大白菜
Give it everything you've got.
实心大白菜
Give it everything you've got.
实验二:与RIPv1的兼容性
2.1
实验拓扑
如图所示,R1使用RIPv1 ,R2使用默认的RIP设置,R2的f0/0接口需要发送和接收RIPv1,f1/0接口需要发送和接收RIPv1/2,R3和R4使用RIPv2,R5使用RIPv1。
2.2 实验环境基本配置
1) 接口 R1 R1>en R1#conf t
R1(config)#int fa 0/0 R1(config-if)#no sh
R1(config-if)#ip add 192.168.50.130 255.255.255.192 R1(config-if)#int lo 0 R1(config-if)#ip add 192.168.50.65 255.255.255.192 R1(config-if)# R2 R2>en
实心大白菜
Give it everything you've got.
R2#conf t
R2(config)#int fa 0/0 R2(config-if)#no sh
R2(config-if)#ip add 192.168.50.129 255.255.255.192 R2(config-if)#int fa 0/1 R2(config-if)#no sh
R2(config-if)#ip add 172.25.150.225 255.255.255.240 R2(config-if)#int fa 1/0 R2(config-if)#no sh
R2(config-if)#ip add 172.25.150.193 255.255.255.240 R2(config-if)# R3 R3>en R3#conf t
R3(config)#int fa 0/0 R3(config-if)#no sh
R3(config-if)#ip add 172.25.150.226 255.255.255.240 R3(config-if)# R4 R4>en R4#conf t R4(config)#int lo 0
R4(config-if)#ip add 172.25.150.33 255.255.255.240 R4(config-if)#int fa0/0 R4(config-if)#no sh
R4(config-if)#ip add 172.25.150.194 255.255.255.240 R4(config-if)#
实心大白菜
Give it everything you've got.
R5 R5>en R5#conf t
R5(config)#int fa 0/0 R5(config-if)#no sh
R5(config-if)#ip add 172.25.150.206 255.255.255.240 R5(config-if)#
2.3 RIP配置
R1
R1(config-if)#router rip R1(config-router)#version 1
R1(config-router)#network 192.168.50.0 R1(config-router)# R2
R2(config)#router rip R2(config-router)#version 2
R2(config-router)#network 172.25.0.0 R2(config-router)#network 192.168.50.0 R2(config-router)#int fa 0/0 R2(config-if)#ip rip send version 1 R2(config-if)#ip rip receive version 1 R2(config-if)#int fa 1/0
R2(config-if)#ip rip send version 1 2 R2(config-if)#
实心大白菜
Give it everything you've got.
R3
R3(config-if)#router rip R3(config-router)#version 2
R3(config-router)#network 172.25.0.0 R3(config-router)# R4
R4(config-if)#router rip
R4(config-router)#network 172.25.0.0 R4(config-router)#version 2 R4(config-router)# R5
R5(config-if)#router rip R5(config-router)#version 1
R5(config-router)#network 172.25.0.0 R5(config-router)#
2.4 调试(观察RIP报文)
使用debug ip rip 命令观察路由器R2发送和接收的消息报文 R2(config-if)#do debug ip rip RIP protocol debugging is on R2(config-if)#
*Mar 1 01:32:13.363: RIP: sending v1 update to 255.255.255.255 via FastEthernet1/0 (172.25.150.193)
*Mar 1 01:32:13.367: RIP: build update entries *Mar 1 01:32:13.367: subnet 172.25.150.224 metric 1 *Mar 1 01:32:13.371: network 192.168.50.0 metric 1
实心大白菜
Give it everything you've got.
*Mar 1 01:32:13.375: RIP: sending v2 update to 224.0.0.9 via FastEthernet1/0 (172.25.150.193)
*Mar 1 01:32:13.375: RIP: build update entries
*Mar 1 01:32:13.379: 172.25.150.224/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 01:32:13.383: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 01:32:13.979: RIP: received v1 update from 192.168.50.130 on FastEthernet0/0 *Mar 1 01:32:13.979: 192.168.50.64 in 1 hops R2(config-if)#
*Mar 1 01:32:20.959: RIP: received v2 update from 172.25.150.194 on FastEthernet1/0 *Mar 1 01:32:20.959: 172.25.150.32/28 via 0.0.0.0 in 1 hops R2(config-if)#
*Mar 1 01:32:32.739: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.50.129)
*Mar 1 01:32:32.743: RIP: build update entries *Mar 1 01:32:32.743: network 172.25.0.0 metric 1 R2(config-if)#
*Mar 1 01:32:35.267: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.25.150.225)
*Mar 1 01:32:35.271: RIP: build update entries
*Mar 1 01:32:35.271: 172.25.150.32/28 via 0.0.0.0, metric 2, tag 0 *Mar 1 01:32:35.275: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 01:32:35.279: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 01:32:40.203: RIP: sending v1 update to 255.255.255.255 via FastEthernet1/0 (172.25.150.193)
*Mar 1 01:32:40.207: RIP: build update entries *Mar 1 01:32:40.207: subnet 172.25.150.224 metric 1 *Mar 1 01:32:40.211: network 192.168.50.0 metric 1
*Mar 1 01:32:40.211: RIP: sending v2 update to 224.0.0.9 via FastEthernet1/0 (172.25.150.193)
实心大白菜
Give it everything you've got.
*Mar 1 01:32:40.215: RIP: build update entries
*Mar 1 01:32:40.219: 172.25.150.224/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 01:32:40.219: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#do no de
*Mar 1 01:32:43.823: RIP: received v1 update from 192.168.50.130 on FastEthernet0/0 *Mar 1 01:32:43.827: 192.168.50.64 in 1 hops R2(config-if)#do no debug ip rip RIP protocol debugging is off R2(config-if)# 说明:
1) RIPv1和RIPv2消息携带的内容不同,RIPv2的更新中可以看到地址掩码、下一跳
和路由标识。
2) F1/0以广播方式发送RIPv1更新,以组播方式发送RIPv2更新。
3) 由于R2上的接口 f1/0没有设置接收RIPv1,从而来自路由器R5(172.25.150.206)
的更新就被忽略了。
4) 广播到R5的更新,没有包含子网172.25.150.32。R2是通过组播方式的RIPv2更
新从路由器R4学习的这个子网的。但是R5由于只能宣告RIPv1而不能接收这些组播。此外,虽然R2得知这个子网,但是水平分割法则禁止路由器R2把从这个接口学到的路由再从相同的接口通告出去 因此R5无法得知子网172.25.150.32。
查看R5的路由选择表 R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
实心大白菜
Give it everything you've got.
Gateway of last resort is not set
172.25.0.0/28 is subnetted, 2 subnets
R 172.25.150.224 [120/1] via 172.25.150.193, 00:00:12, FastEthernet0/0 C 172.25.150.192 is directly connected, FastEthernet0/0
R 192.168.50.0/24 [120/1] via 172.25.150.193, 00:00:12, FastEthernet0/0
2.5 两种修正方法
1) R4配置成可以同时发送RIP协议的两个版本。 2) 在路由器R2的f1/0接口上关闭水平分割 3)
在R2上关闭水平分割 R2(config)#int fa 1/0 R2(config-if)#no ip sp
R2(config-if)#no ip split-horizon R2(config-if)#
调试效果
R2(config-if)#do debug ip rip RIP protocol debugging is on R2(config-if)#
*Mar 1 00:08:09.355: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.50.129)
*Mar 1 00:08:09.359: RIP: build update entries *Mar 1 00:08:09.359: network 172.25.0.0 metric 1 R2(config-if)#
实心大白菜
Give it everything you've got.
*Mar 1 00:08:24.339: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.25.150.225)
*Mar 1 00:08:24.343: RIP: build update entries
*Mar 1 00:08:24.343: 172.25.150.32/28 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:08:24.347: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:08:24.351: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:08:25.575: RIP: received v1 update from 192.168.50.130 on FastEthernet0/0 *Mar 1 00:08:25.575: 192.168.50.64 in 1 hops
*Mar 1 00:08:27.011: RIP: sending v1 update to 255.255.255.255 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:08:27.015: RIP: build update entries *Mar 1 00:08:27.015: subnet 172.25.150.32 metric 2 *Mar 1 00:08:27.019: subnet 172.25.150.192 metric 1 *Mar 1 00:08:27.019: subnet 172.25.150.224 metric 1 *Mar 1 00:08:27.023: network 192.168.50.0 metric 1
*Mar 1 00:08:27.023: RIP: sending v2 update to 224.0.0.9 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:08:27.027: RIP: build update entries
*Mar 1 00:08:27.031: 172.25.150.32/28 via 172.25.150.194, metric 2, tag 0 *Mar 1 00:08:27.031: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:08:27.031: 172.25.150.224/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:08:27.031: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:08:29.347: RIP: received v2 update from 172.25.150.194 on FastEthernet1/0 *Mar 1 00:08:29.351: 172.25.150.32/28 via 0.0.0.0 in 1 hops R2(config-if)#
*Mar 1 00:08:35.851: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.50.129)
实心大白菜
Give it everything you've got.
*Mar 1 00:08:35.855: RIP: build update entries *Mar 1 00:08:35.855: network 172.25.0.0 metric 1 R2(config-if)#do no debug ip rip RIP protocol debugging is off R2(config-if)# 说明:
R2上接收v2版本的RIP,发送v1和v2版本的RIP。
R2(config-if)#do debug ip rip RIP protocol debugging is on R2(config-if)#
*Mar 1 00:10:14.371: RIP: sending v1 update to 255.255.255.255 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:10:14.375: RIP: build update entries *Mar 1 00:10:14.375: subnet 172.25.150.32 metric 2 *Mar 1 00:10:14.379: subnet 172.25.150.192 metric 1 *Mar 1 00:10:14.379: subnet 172.25.150.224 metric 1 *Mar 1 00:10:14.383: network 192.168.50.0 metric 1
*Mar 1 00:10:14.383: RIP: sending v2 update to 224.0.0.9 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:10:14.387: RIP: build update entries
*Mar 1 00:10:14.391: 172.25.150.32/28 via 172.25.150.194, metric 2, tag 0 *Mar 1 00:10:14.391: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:10:14.395: 172.25.150.224/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:10:14.399: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 00:10:14.503: RIP: received v2 update from 172.25.150.194 on FastEthernet1/0 *Mar 1 00:10:14.503: 172.25.150.32/28 via 0.0.0.0 in 1 hops
*Mar 1 00:10:14.711: RIP: received v1 update from 192.168.50.130 on FastEthernet0/0
实心大白菜
Give it everything you've got.
*Mar 1 00:10:14.711: 192.168.50.64 in 1 hops R2(config-if)#
*Mar 1 00:10:15.683: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.25.150.225)
*Mar 1 00:10:15.683: RIP: build update entries
*Mar 1 00:10:15.683: 172.25.150.32/28 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:10:15.683: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:10:15.683: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:10:21.951: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.50.129)
*Mar 1 00:10:21.955: RIP: build update entries *Mar 1 00:10:21.955: network 172.25.0.0 metric 1 R2(config-if)#
*Mar 1 00:10:40.223: RIP: sending v1 update to 255.255.255.255 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:10:40.227: RIP: build update entries *Mar 1 00:10:40.227: subnet 172.25.150.32 metric 2 *Mar 1 00:10:40.231: subnet 172.25.150.192 metric 1 *Mar 1 00:10:40.231: subnet 172.25.150.224 metric 1 *Mar 1 00:10:40.235: network 192.168.50.0 metric 1
*Mar 1 00:10:40.239: RIP: sending v2 update to 224.0.0.9 via FastEthernet1/0 (172.25.150.193)
*Mar 1 00:10:40.239: RIP: build update entries
*Mar 1 00:10:40.243: 172.25.150.32/28 via 172.25.150.194, metric 2, tag 0 *Mar 1 00:10:40.247: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:10:40.247: 172.25.150.224/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:10:40.251: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 00:10:40.983: RIP: received v2 update from 172.25.150.194 on FastEthernet1/0
实心大白菜
Give it everything you've got.
*Mar 1 00:10:40.983: 172.25.150.32/28 via 0.0.0.0 in 1 hops
*Mar 1 00:10:41.147: RIP: received v1 update from 192.168.50.130 on FastEthernet0/0 *Mar 1 00:10:41.147: 192.168.50.64 in 1 hops R2(config-if)#
*Mar 1 00:10:44.495: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.25.150.225)
*Mar 1 00:10:44.499: RIP: build update entries
*Mar 1 00:10:44.499: 172.25.150.32/28 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:10:44.503: 172.25.150.192/28 via 0.0.0.0, metric 1, tag 0 *Mar 1 00:10:44.507: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0 R2(config-if)#
*Mar 1 00:10:49.039: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (192.168.50.129)
*Mar 1 00:10:49.043: RIP: build update entries *Mar 1 00:10:49.043: network 172.25.0.0 metric 1 R2(config-if)#do no debug all
All possible debugging has been turned off R2(config-if)# 说明:
R2现在通告子网172.25.150.32给R5和R4
查看R5的路由选择表 R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
实心大白菜
Give it everything you've got.
Gateway of last resort is not set
172.25.0.0/28 is subnetted, 3 subnets
R 172.25.150.32 [120/2] via 172.25.150.193, 00:00:14, FastEthernet0/0 R 172.25.150.224 [120/1] via 172.25.150.193, 00:00:14, FastEthernet0/0 C 172.25.150.192 is directly connected, FastEthernet0/0
R 192.168.50.0/24 [120/1] via 172.25.150.193, 00:00:14, FastEthernet0/0 R5#
实心大白菜
Give it everything you've got.
二、 实验三:使用VLSM
3.1
说明
子网172.25.150.0/24分配给图中的网络,这个子网通过扩展到28位的掩码进一步子王华以满足不同的数据链路
3.2 实验拓扑
具体不进行配置了,这个主要是让示意,VLAN的好处,子网的子网化的优化。
实心大白菜
Give it everything you've got.
三、 实验四:不连续的子网和无类别路由选择
4.1
实验拓扑
4.2 基本实验环境配置
R1 R1>en R1#conf t
R1(config)#int s 1/0 R1(config-if)#no sh
R1(config-if)#ip add 172.25.150.241 255.255.255.252 R1(config-if)#int s 1/1 R1(config-if)#no sh
R1(config-if)#ip add 172.25.150.245 255.255.255.252 R1(config-if)#router rip R1(config-router)#version 2
R1(config-router)#network 172.25.0.0
实心大白菜
Give it everything you've got.
R1(config-router)# R2 R2>en R2#conf t
R2(config)#int s 1/0 R2(config-if)#no sh
R2(config-if)#ip add 172.25.150.242 255.255.255.252 R2(config-if)#int lo 0
R2(config-if)#ip add 192.168.50.1 255.255.255.224 R2(config-if)#int lo 1
R2(config-if)#ip add 172.25.150.1 255.255.255.240 R2(config-if)#router rip
R2(config-router)#network 192.168.50.0 R2(config-router)#network 172.25.0.0 R2(config-router)# version 2 R3 R3>en R3#conf t
R3(config)#int s 1/0 R3(config-if)#no sh
R3(config-if)#ip add 172.25.150.246 255.255.255.252 R3(config-if)#int lo 0
R3(config-if)#ip add 192.168.50.33 255.255.255.224 R3(config-if)#int l 1
R3(config-if)#ip add 172.25.150.17 255.255.255.240 R3(config-if)#router rip
R3(config-router)#network 192.168.50.0 R3(config-router)#net
实心大白菜
Give it everything you've got.
R3(config-router)#network 172.25.0.0 R3(config-router)# version 2
4.3 调试
查看R1的路由选择表 R1(config-router)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.25.0.0/16 is variably subnetted, 4 subnets, 2 masks
R 172.25.150.0/28 [120/1] via 172.25.150.242, 00:00:17, Serial1/0 R 172.25.150.16/28 [120/1] via 172.25.150.246, 00:00:08, Serial1/1 C 172.25.150.240/30 is directly connected, Serial1/0 C 172.25.150.244/30 is directly connected, Serial1/1
R 192.168.50.0/24 [120/1] via 172.25.150.246, 00:00:08, Serial1/1 [120/1] via 172.25.150.242, 00:00:17, Serial1/0 R1(config-router)# 说明:
RIPv2协议缺省的行为要在主网络边界上进行路由汇总。可以关闭路由汇总功能,以允许被通告的子网通过主网络边界,可以在RIP的处理中使用 no auto-summary 命令
实心大白菜
Give it everything you've got.
4.4 关闭自动汇总
在R2关闭RIP的自动汇总 R2(config-router)#router rip R2(config-router)#no au
R2(config-router)#no auto-summary R2(config-router)#
再次查看R1的路由选择表 R1(config-router)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.25.0.0/16 is variably subnetted, 4 subnets, 2 masks
R 172.25.150.0/28 [120/1] via 172.25.150.242, 00:00:02, Serial1/0 R 172.25.150.16/28 [120/1] via 172.25.150.246, 00:00:17, Serial1/1 C 172.25.150.240/30 is directly connected, Serial1/0 C 172.25.150.244/30 is directly connected, Serial1/1 192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
R 192.168.50.0/27 [120/1] via 172.25.150.242, 00:00:04, Serial1/0 R 192.168.50.0/24 [120/1] via 172.25.150.246, 00:00:18, Serial1/1 [120/1] via 172.25.150.242, 00:00:33, Serial1/0 R1(config-router)#
实心大白菜
Give it everything you've got.
可以在R3也关闭自动汇总,使其通告其被划分后的子网。
实心大白菜
Give it everything you've got.
实验五:认证
5.1
说明
1) Cisco实现RIPv2的消息报文的认证包含了两种选择—简单口令或MD5认证。另
外,也包含了在一个“钥匙链”上定义多个钥匙或口令的选项。这样路由器就可以在不同的时候配置不同的钥匙。
2) 设置RIPv2认证的步骤 定义一个带名字的钥匙链 定义在钥匙链上的钥匙
在接口上启动认证并指定使用的钥匙链 指定这个接口使用明文认证还是MD5认证 可选地配置钥匙的管理
5.2 实验拓扑
5.3 基本实验环境配置
R1 R1>en R1#conf t R1(config)#int lo 0
实心大白菜
Give it everything you've got.
R1(config-if)#ip add 1.1.1.1 255.255.255.0 R1(config-if)#int fa 0/0 R1(config-if)#no sh
R1(config-if)#ip add 192.168.1.1 255.255.255.0 R1(config-if)#router rip R1(config-router)#version 2
R1(config-router)#network 192.168.1.0 R1(config-router)#network 1.0.0.0 R1(config-router)# R2 R2>en R2#conf t R2(config)#int lo 0
R2(config-if)#ip add 2.2.2.2 255.255.255.0 R2(config-if)#int fa 0/0 R2(config-if)#no sh
R2(config-if)#ip add 192.168.1.2 255.255.255.0 R2(config-if)#router rip R2(config-router)#version 2
R2(config-router)#network 192.168.1.0 R2(config-router)#network 2.0.0.0 R2(config-router)#
查看R1的路由选择表 R1(config-router)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
实心大白菜
Give it everything you've got.
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 192.168.1.2, 00:00:00, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R1(config-router)#
5.4 配置明文认证
在R1上先配置认证 R1(config-router)#exit R1(config)#key R1(config)#key chan R1(config)#key ?
chain Key-chain management
config-key Set a private configuration key for general use
R1(config)#key chai R1(config)#key chain ? WORD Key-chain name
R1(config)#key chain jp R1(config-keychain)#key ?
实心大白菜
Give it everything you've got.
<0-2147483647> Key identifier
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string ?
0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password
R1(config-keychain-key)#key-string zj R1(config-keychain-key)#int fa 0/0 R1(config-if)#ip rip
R1(config-if)#ip rip authentication ? key-chain Authentication key-chain mode Authentication mode
R1(config-if)#ip rip authentication key-chain ? LINE name of key-chain
R1(config-if)#ip rip authentication key-chain jp R1(config-if)#ip rip authentication mode ? md5 Keyed message digest text Clear text authentication
R1(config-if)#ip rip authentication mode text R1(config-if)#
查看R1和R2之间的RIP路由消息
实心大白菜
Give it everything you've got.
查看R1的路由选择表
等待时间过期
实心大白菜
Give it everything you've got.
在R2上配置密码相同的明文认证 R2(config-router)#exit R2(config)#key chain jp R2(config-keychain)#key 1
R2(config-keychain-key)#key-string zj R2(config-keychain-key)#int fa 0/0
R2(config-if)#ip rip authentication key-chain jp R2(config-if)#ip rip authentication mode text R2(config-if)#
查看R1的路由选择表 R1#conf t
Enter configuration commands, one per line. End with CNTL/Z. R1(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
实心大白菜
Give it everything you've got.
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 192.168.1.2, 00:00:07, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R1(config)#
查看R1和R2之间RIP消息的交换
实心大白菜
Give it everything you've got.
5.5 配置MD5认证
删除明文认证 R1(config)#no key chain R1(config)#no key chain jp R1(config)#int fa 0/0
R1(config-if)#no ip rip authentication key-chain R1(config-if)#no ip rip authentication mode R1(config-if)#
R2(config)#no key chain jp R2(config)#int fa 0/0
R2(config-if)#no ip rip authentication key-chain R2(config-if)#no ip rip authentication mode R2(config-if)#
实心大白菜
Give it everything you've got.
配置MD5认证 R1
R1(config-if)#exit R1(config)#key chain jp R1(config-keychain)#key 1
R1(config-keychain-key)#key-string zj R1(config-keychain-key)#int fa 0/0 R1(config-if)#ip rip
R1(config-if)#ip rip authentication key-chain jp R1(config-if)#ip rip authentication mode md5 R1(config-if)# R2
R2(config-if)#exit R2(config)#key chain jiang R2(config-keychain)#key 1
R2(config-keychain-key)#key-string zj R2(config-keychain-key)#int fa 0/0
R2(config-if)#ip rip authentication key-chain jiang R2(config-if)#ip rip authentication mode md5 R2(config-if)#
查看R1和R2之间RIP消息的交换
实心大白菜
Give it everything you've got.
查看R1的路由选择表 R1(config-if)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
实心大白菜
Give it everything you've got.
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 192.168.1.2, 00:00:21, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R1(config-if)#
备注:
即使只有一个钥匙,也必须配置钥匙链,钥匙链的名字只在本地路由器上有意义。 如果没有添加命令 ip rip authentication mode md5 ,接口将使用缺省的明文认证。
5.6 钥匙管理
钥匙管理(key management)用来从一个认证钥匙到另一个认证钥匙的迁徙工作。 示例:
R1的配置是,在2012年11月28日下午4:30开始使用第一个钥匙,使用的时常是12小时(43200s);第二个钥匙从2012年11月29日凌晨4:00开始生效,并一直用到2013年4月15日下午1:00;第三个钥匙从2013年4月15日下午12:30开始生效,并在这个时间以后永久有效
配置如下
R1(config)#key chain jiangping R1(config-keychain)#key 1
R1(config-keychain-key)#key-string zhangjie1
R1(config-keychain-key)#accept-lifetime 16:30:00 Nov 28 2012 duration 43200 R1(config-keychain-key)#send-lifetime 16:30:00 Nov 28 2012 duration 43200
实心大白菜
Give it everything you've got.
R1(config-keychain-key)#exit R1(config-keychain)#key 2
R1(config-keychain-key)#key-string zhangjie2 R1(config-keychain-key)#acc
R1(config-keychain-key)#accept-lifetime 04:00:00 Nov 29 2012 13:00:00 Apr 15 2013 R1(config-keychain-key)#send-lifetime 04:00:00 Nov 29 2012 13:00:00 Apr 15 2013 R1(config-keychain-key)#exit R1(config-keychain)#key 3
R1(config-keychain-key)#key-string zhangjie3
R1(config-keychain-key)#accept-lifetime 12:30:00 Apr 15 2013 infinite R1(config-keychain-key)#send-lifetime 12:30:00 Apr 15 2013 infinite R1(config-keychain-key)#int fa 0/0
R1(config-if)#ip rip authentication key-chain jiangping R1(config-if)#ip rip authentication mode md5 R1(config-if)# 说明:
1) 从其他路由器接受的口令和发送消息所使用的口令在管理上是分离的。因此,
使用accept-lifetime和send-lifetime命令都应该含有一个指定的开始时间和一个指定的持续时间或结束时间,或者指定关键字infinite 。要是的号码按照从最低到最高的顺序检查,使用第一个有效的钥匙
2) 这个配置可以使用30min 的时间重叠来在不同的系统时钟之间进行校正,但
是建议在对要是的管理时,使用像网络时钟协议(network time protocol,NTP)这种时钟同步协议。
实心大白菜
Give it everything you've got.
四、 故障排除
对于RIPv2协议,有两个配置问题,即版本不匹配和认证配置错误。这两点都可以使用debug ip rip events 调试命令去发现错误
注意VLSM的规划问题,在网络中出现规划错误的VLSM,将会导致网络的通信发生故障。
实心大白菜
因篇幅问题不能全部显示,请点此查看更多更全内容