admin管理员组文章数量:1535877
搭建实验拓扑图,如下
配置各个路由器的接口IP地址和环回地址
[r1]int LoopBack 0
[r1-LoopBack0]ip address 1.1.1.1 24
[r1]int LoopBack 1
[r1-LoopBack1]ip address 172.16.1.1 24
[r1]int LoopBack 2
[r1-LoopBack2]ip address 172.16.2.1 24
[r1]int LoopBack 3
[r1-LoopBack3]ip address 172.16.3.1 24
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip address 14.1.1.1 24
[r2]int LoopBack 0
[r2-LoopBack0]ip address 2.2.2.2 24
[r2-LoopBack0]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 23.1.1.1 24
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]ip address 12.1.1.2 24
[r3]int LoopBack 0
[r3-LoopBack0]ip address 3.3.3.3 24
[r3-LoopBack0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip address 23.1.1.2 24
[r3-GigabitEthernet0/0/1]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 34.1.1.2 24
[r4-LoopBack0]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 14.1.1.2 24
[r4-GigabitEthernet0/0/0]int g0/0/2
[r4-GigabitEthernet0/0/2]ip address 34.1.1.1 24
[r4-GigabitEthernet0/0/2]int g0/0/1
[r4-GigabitEthernet0/0/1]ip address 45.1.1.1 24
[r4-GigabitEthernet0/0/1]q
[r4]interface Serial 4/0/0
[r4-Serial4/0/0]ip address 46.1.1.1 24
[r4-Serial4/0/0]q
[r4]int LoopBack 0
[r4-LoopBack0]ip address 4.4.4.4 24
[r5]int LoopBack 0
[r5-LoopBack0]ip address 5.5.5.5 24
[r5-LoopBack0]int g0/0/0
[r5-GigabitEthernet0/0/0]ip address 45.1.1.2 24
[r6]int LoopBack 0
[r6-LoopBack0]ip address 6.6.6.6 24
[r6-LoopBack0]q
[r6]interface Serial 4/0/0
[r6-Serial4/0/0]ip address 46.1.1.2 24.
[r6-Serial4/0/0]int g0/0/0
[r6-GigabitEthernet0/0/0]ip address 67.1.1.1 24
[r7]int LoopBack 0
[r7-LoopBack0]ip address 7.7.7.7 24
[r7-LoopBack0]int g0/0/0
[r7-GigabitEthernet0/0/0]ip address 67.1.1.2 24
开启RIP,动态学习路由条目,解决版本兼容问题
一、R1---R5开启version2版本
[r1]rip 100
[r1-rip-100]version 2 选择RIP版本2
[r1-rip-100]undo summary 取消汇总
[r1-rip-100]network 1.0.0.0 主类宣告
[r1-rip-100]network 172.16.0.0
[r1-rip-100]network 12.0.0.0
[r1-rip-100]network 14.0.0.0
[r2]rip
[r2-rip-1]rip 100
[r2-rip-100]version 2
[r2-rip-100]undo summary
[r2-rip-100]network 2.0.0.0
[r2-rip-100]network 12.0.0.0
[r2-rip-100]network 23.0.0.0
[r3]rip 100
[r3-rip-100]version 2
[r3-rip-100]undo summary
[r3-rip-100]network 3.0.0.0
[r3-rip-100]network 23.0.0.0
[r3-rip-100]network 34.0.0.0
[r4]rip 100
[r4-rip-100]version 2
[r4-rip-100]undo summary
[r4-rip-100]network 4.0.0.0
[r4-rip-100]network 14.0.0.0
[r4-rip-100]network 34.0.0.0
[r4-rip-100]network 45.0.0.0
[r4-rip-100]network 46.0.0.0
[r5]rip 100
[r5-rip-100]version 2
[r5-rip-100]undo summary
[r5-rip-100]network 5.0.0.0
[r5-rip-100]network 45.0.0.0
二、R6、R7开启version1版本
因为version1版本没有掩码,所以不用undo summary(取消汇总)
[r6]rip 100
[r6-rip-100]version 1
[r6-rip-100]network 6.0.0.0
[r6-rip-100]network 46.0.0.0
[r6-rip-100]network 67.0.0.0
[r7]rip 100
[r7-rip-100]version 1
[r7-rip-100]network 7.0.0.0
[r7-rip-100]network 67.0.0.0
此时,version1、version2之间是不通的,故需要version2发送广播
在R6上连接version2的4/0/0接口
[r6]int s4/0/0
[r6-Serial4/0/0]rip version 2 broadcast
查看RIP的路由信息表,获得到v2的路由信息。兼容问题解决
提前做好R1的汇总
172.16.1.0/24 172.16.2.0/24 172.16.3.0/24汇总为172.16.0.0/22
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip summary-address 172.16.0.0 255.255.252.0
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]rip summary-address 172.16.0.0 255.255.252.0
更改R4上出口中路由条目的cost值达到备份效果
R3要通过R2访问R1,可以增大到R4的开销值来实现
[r4]acl 2000 抓取路由条目
[r4-acl-basic-2000]rule permit source 1.1.1.0 0.0.0.0
[r4-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.0
因为抓取的是路由条目,所以用网段+全0来占位
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]rip metricout 2000 5 在0/0/2接口将抓取到的路由条目开销值改为5
加快网络收敛,增加路由传递安全性
华为设备更新30s 无效 180s 垃圾回收计时器 120s 更改只能3个时间倍数更改
[r4]rip 100
[r4-rip-100]timers rip 5 30 20 改为 设备更新5s 无效 30s 垃圾回收计时器 20s
增加安全性,在R1、R2收发两个接口上配置密码
理论上所以路由都要配置密码,此实验只在R1R2之间演示;密码设为huawei
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher huawei
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]rip authentication-mode md5 usual cipher huawei
在R5上创建一个环回地址 设为运营商,且下放缺省
创建地址为100.1.1.1/24
[r5]int LoopBack 5
[r5-LoopBack5]ip address 100.1.1.1 24
[r5-LoopBack5]q
[r5]rip 100
[r5-rip-100]default-route originate 缺省路由下放
查看其他路由表,确认未通告,但是可以直接ping通
如R3,确认无到100.1.1.1/24的路径
但是ping100.1.1.1可以ping通
在R6上创建规则,拒绝R1上的路由条目
抓取R1的路由条目,拒绝访问
[r6]acl 2000
[r6-acl-basic-2000]rule deny source 1.1.1.0 0.0.0.0
[r6-acl-basic-2000]rule deny source 172.16.0.0 0.0.0.0
[r6-acl-basic-2000]rule permit source any
[r6-acl-basic-2000]display this 查看被抓取的路由条目,从
[V200R003C00]
#
acl number 2000
rule 5 deny source 1.1.1.0 0 拒绝1.1.1.1 0
rule 10 deny source 172.16.0.0 0 拒绝172.16.0.0 0
rule 15 permit 允许所有
在4/0/0入口过滤掉acl 2000
[r6-acl-basic-2000]q
[r6]rip 100
[r6-rip-100]filter-policy 2000 import Serial 4/0/0
查看R6的路由表,R1的路由条目已经被过滤掉
开启R7的telnet(远程访问)并配置
[r7]user-interface vty 0 4
[r7-ui-vty0-4]authentication-mode aaa
[r7-ui-vty0-4]q
[r7]aaa
[r7-aaa]local-user huawei password cipher hauwei 账号密码 都是huawei
Info: Add a new user.
[r7-aaa]local-user hauwei privilege level 15 权限等级为15
Info: Add a new user.
[r7-aaa]local-user huawei service-type telnet 是远程操控
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global 2.2.2.3 telnet inside 7.7.7.7 telnet 不能写成2.2.2.2(全局地址)
至此,在R2上无法远程访问2.2.2.3,因为访问来回路径不一致,无法完成访问
将R1从0/0/0接口RIP传递出的12.1.1.0路由条目开销值改为5 ,路径改为从R4到R3、R2再到R1
先抓取12.1.1.0路由条目
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 12.1.1.0 0.0.0.0
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]rip metricout 2000 5
本文标签: RIP
版权声明:本文标题:RIP综合实验 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1725661701a1035407.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论