RIP Function |
How to Disable |
Sending RIP updates |
Make the interface passive: configure router rip, followed by passiveinterface type number |
Listening for RIP updates |
Filter all incoming routes using a distribute list |
Advertising the connected subnet |
Filter outbound advertisements on other interfaces using distribute lists, filtering an interface’s connected subnet;
using neighbor subcommand to advertise rip updates to that neighbor; |
|
|
RIP实验笔记
原创tagche2008 博主文章分类:Networking ©著作权
©著作权归作者所有:来自51CTO博客作者tagche2008的原创作品,请联系作者获取转载授权,否则将追究法律责任
RIP实验学习笔记
2009.6.5—6.10
一.实验目的
二.拓扑和要求
3.1 连通性配置
遇到的问题:
3.2 基本rip配置
R1(config)#router rip
R1(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
auto-summary Enable automatic network number summarization
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
flash-update-threshold Specify flash update threshold in second
input-queue Specify input queue depth
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Enable routing on an IP network
no Negate a command or set its defaults
offset-list Add or subtract offset from IGRP or RIP metrics
output-delay Interpacket delay for RIP updates
passive-interface Suppress routing updates on an interface
redistribute Redistribute information from another routing protocol
timers Adjust routing timers
traffic-share How to compute traffic share over alternate paths
validate-update-source Perform sanity checks against source address of routing updates
version Set routing protocol version
network命令注解
The RIP network command only allows for a classful network as a parameter, which in turn enables RIP on all of that router’s interfaces that are part of that network. Enabling RIP on an interface makes the router begin sending RIP updates, listening for RIP updates (UDP port 520), and advertising that interface’s connected subnet.Because the RIP network command has no way to simply match one interface at a time, a RIP configuration may enable these three functions on an interface ,but some or all of these functions are not required. The three RIP functions can be ndividually disabled on an interface with some effort:
问题1.Ping 172.31.25.1(R5的物理串口地址)问题
(1)R6能ping通,R6路由表为:
R6>sh ip route
172.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.31.16.0/24 is directly connected, Serial0/0.601
R 172.31.0.0/16 [120/1] via 10.1.26 .2, 00:00:14, Serial0/0.602
R 10.0.0 .0/8 [120/3] via 10.1.26 .2, 00:00:14, Serial0/0.602
C 10.1.26 .0/24 is directly connected, Serial0/0.602
C 10.1.106.0/24 is directly connected, Loopback1
(2)R5自己ping不通25.1,能ping通172.31.25.2
(3)R4能ping通R5
(4)R3ping不通172.31.25.1,也ping不通172.31.25.2;(R3ping自己反应很慢,ping其他都ping不通,R1ping R3的103.3正常,但ping不通R3的13.2),
R3#ping 172.31.23.1
Sending 5, 100-byte ICMP Echos to 172.31.23.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1612/1685/1752 ms
R3#ping 172.31.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.23.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3路由表为:
172.31.0.0/16 is variably subnetted, 18 subnets, 2 masks
R 172.31.211.0/24 [120/6] via 172.31.23.2, 00:00:11, Serial0/0.302
R 172.31.223.0/24 [120/2] via 172.31.23.2, 00:00:11, Serial0/0.302
[120/2] via 172.31.13.1, 00:00:17, Serial0/0.301
R 172.31.16.0/24 [120/1] via 172.31.13.1, 00:00:17, Serial0/0.301
R 172.31.23.0/30 [120/2] via 172.31.13.1, 00:00:17, Serial0/0.301
C 172.31.23.0/24 is directly connected, Serial0/0.302
R 172.31.25.0/30 [120/1] via 172.31.23.2, 00:00:13, Serial0/0.302
R 172.31.24.0/30 [120/1] via 172.31.23.2, 00:00:13, Serial0/0.302
?问题2:从R2上PING172.31.13.1(R1接口)和172.31.13.2(R3接口),
如何解决???
R2#sh ip route
R 172.31.13.0/24 [120/1] via 172.31.23.1, 00:00:17, Serial1/0.203
R 172.31.13.0/30 [120/1] via 172.31.11.1, 00:00:09, FastEthernet0/0
R2#sh ip route 172.31.13.0
Routing entry for 172.31.13.0/30
Known via "rip", distance 120, metric 1
Redistributing via rip
Last update from 172.31.11.1 on FastEthernet0/0, 00:00:27 ago
Routing Descriptor Blocks:
* 172.31.11.1, from 172.31.11.1, 00:00:27 ago, via FastEthernet0/0
Route metric is 1, traffic share count is 1
R2#sh ip route 172.31.13.0 255.255.255.0
Routing entry for 172.31.13.0/24
Known via "rip", distance 120, metric 1
Redistributing via rip
Last update from 172.31.23.1 on Serial1/0.203, 00:00:19 ago
Routing Descriptor Blocks:
* 172.31.23.1, from 172.31.23.1, 00:00:19 ago, via Serial1/0.203
Route metric is 1, traffic share count is 1
3.3 认证配置
配置R1,R2在LAN上MD5认证
R1: 定义密钥链
R2:定义密钥链
启用RIP认证:ip rip authentication mode md5àip rip authentication key-chain lankey;
配置R1与R4明文认证
R1:
R4(config)#key chain withR2
R4(config-keychain)#KEY 1
R4(config-keychain-key)#key-string plaintext
R4(config-keychain-key)#exit
R4(config-keychain)#exit
R4(config)#int s0/0.401
R4(config-subif)#ip rip authentication key-chain withR2
水平分割缺省在每个接口上是ON的,除了配置了IP地址的FR封装的物理串口上(本例中的R5串口S0/0)
R5#sh ip int s0/0
Serial0/0 is up, line protocol is up
ICMP redirects are always sent
下一跳(next-hop)属性允许路由器对通告的路由下一跳指向其他路由器,而不是自己;本例中S2运行OSPF,R2将S2连接的网络通过重发布通告给其他路由器,由于R2/S2/R1连接在同一个LAN上,因此R2在向R1通告S2的路由的时候将下一条指向S2而不是R2自己
配置:
S2:router ospf 10ànetwork 172.31.0.0 .0 .0.255.255 area 0
R2:router ospf 20ànetwork 172.31.0.0 0.0.255.255 area 0 ,network 10.1.26 .0 0.0.0.255 area 0
Router rip-àredistribute ospf 20 metric 2
R1路由如下:
R1#show ip route 172.31.221.202
Routing entry for 172.31.221.202/32
Known via "rip", distance 120, metric 2
Redistributing via rip
Last update from 172.31.11.202 on FastEthernet0/0, 00:00:02 ago
Routing Descriptor Blocks:
* 172.31.11.202, from 172.31.11.2, 00:00:02 ago, via FastEthernet0/0
Route metric is 2, traffic share count is 1
R1#sh ip route
Gateway of last resort is not set
C 172.31.16.0/24 is directly connected, Serial1/0.106
R 172.31.221.202/32 [120/2] via 172.31.11.202, 00:00:24, FastEthernet0/0
R 172.31.222.202/32 [120/2] via 172.31.11.202, 00:00:24, FastEthernet0/0
Offset lists---改变metric值,对于匹配ACL的路由,接口通告的和接口接收到的;
R1上offset list配置
R1(config)#router rip
R1(config-router)#offset-list 10 out 8 s1/0.103
R1(config-router)#offset-list 10 out 8 s1/0.104
R1(config-router)#offset-list 10 out 8 s1/0.106
R1(config-router)#exit
R1(config)#access-list 10 permit 172.31.208.0 0.0.7 .255(匹配的地址范围???)
R2上offset list配置:
R2(config)#router rip
R2(config-router)#offset-list 12 in 4 fa0/0
R2(config-router)#exit
R2(config)#access-list 12 permit 172.31.208.0 0.0.7 .255
R2(config)#
使用Distribute list过滤路由
匹配ACL和prefix list中deny的子网将被过滤
distribute-list {access-list-number | name} {in | out} [interface-type interface-number]
distribute-list {prefix list-name} {in | out } [interface-type interface-number]
四.实验总结
上一篇:华为与cisco网络产品比较
下一篇:SSD硬盘--硬盘家族的新星
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
RIP实验总结
&n
职场 实验 RIP 休闲