一、RIPV2的认证
运行了RIP协议的邻居间,进行身份的核实!
1、明文认证
(1)先定制key
R1(config)#key chain ?
WORD Key-chain name
R1(config)#key chain miyaochuan
R1(config-keychain)#key ?
<0-2147483647> Key identifier
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string wodemimaR1(config)#key chain miyaochuan //创建密钥串
R1(config-keychain)#key 1 //定义key 1
R1(config-keychain-key)#key-string wodemima //key 1的密钥为wodemima(邻居间必须一致)
(2)再在同邻居直连的接口上调用
R1(config)#interface f0/0
R1(config-if)#ip rip ?
advertise Specify update interval
authentication Authentication control
initial-delay Specify initial delay interval
receive advertisement reception
send advertisement transmission
v2-broadcast send ip broadcast v2 update
R1(config-if)#ip rip authentication ?
key-chain Authentication key-chain
mode Authentication mode
R1(config-if)#ip rip authentication key-chain ?
LINE name of key-chain
R1(config-if)#ip rip authentication key-chain wodemimaR1(config)#interface f0/0 //更新发出的接口
R1(config-if)#ip rip authentication key-chain wodemima //调用密钥串
(3)此时R2已经不再可以与R1正常通信,还需给R2配置相同的密钥
R2(config)#key chain miyaochuan1
R2(config-keychain)#key 1
R2(config-keychain-key)#key?
key-string
R2(config-keychain-key)#key
R2(config-keychain-key)#key-string wodemima
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#interface f0/0
R2(config-if)#ip rip authentication key-chain wodemima2、密文认证
R2(config)#interf f0/0
R2(config-if)#ip rip authentication ?
key-chain Authentication key-chain
mode Authentication mode
R2(config-if)#ip rip authentication mode ?
md5 Keyed message digest
text Clear text authentication
R2(config-if)#ip rip authentication mode md5 ?
<cr>
R2(config-if)#ip rip authentication mode md5 先做明文认证
再修改认证模式
R2(config-if)#ip rip authentication mode md5 //将密钥用MD5加密(不是指在show run 中加密,而是在网络抓包中所看到的password)
二、RIPV2的手工汇总
在更新源路由器上所有更新发出的接口上配置。
再从R1中加一个环回地址,然后将R1中的两个环回地址手工汇总。此时,R2与R3中明细路由条目和手工汇总后的都存在。
R1(config)#interface f0/0
R1(config-if)#ip summary-address ?
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
rip Routing Information Protocol (RIP)
R1(config-if)#ip summary-address rip ?
A.B.C.D IP address
R1(config-if)#ip summary-address rip 1.1.0.0 255.255.252.0R1(config)#interface f0/0 //更新发出的接口
R1(config-if)#ip summary-address rip 1.1.0.0 255.255.252.0 //汇总后路由
三、被动接口
仅接收不发送路由协议信息。
只能用于连接用户的接口,不得用于连接邻居的接口;
R1(config)#router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
R1(config)#router rip
R1(config-router)#passive-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Group-Async Async Group interface
Lex Lex interface
Loopback Loopback interface
MFR Multilink Frame Relay bundle interface
Multilink Multilink-group interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-PPP Virtual PPP interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
default Suppress routing updates on all interfaces
vmi Virtual Multipoint Interface
R1(config-router)#passive-interface loopback ?
<0-2147483647> Loopback interface number
R1(config-router)#passive-interface loopback 0
R1(config-router)#R1(config)#router rip
R1(config-router)#passive-interface loopback 0
四、加快收敛
1、RIP计时器 :
更新时间:30s //周期更新,交换学习路由信息
失效时间:180s //180s(6个周期更新)之后还没有进行周期更新(可能出现意外,路由条目中标注为“possibly down”)
抑制时间:180s //当周期更新时发生无征兆变化时(认为存在危险),开启抑制时间计时器,等待自行恢复或者管理员修复。
刷新时间:240s //240s(8个周期更新)之后还没有进行周期更新,彻底删除此条路由信息
2、适当的修改计时器,可以加快设备的收敛速度
(1)建议修改时维持原有的倍数关系,且不易修改的过小;
(2)全网所有设备均修改;
R1(config)#router rip
R1(config-router)#timers ?
basic Basic routing protocol update timers
R1(config-router)#timers basic ?
<1-4294967295> Interval between updates for RIP
R1(config-router)#timers basic 30 90 90 120
R1(config-router)#R1(config)#router rip
R1(config-router)#timers basic 30 90 90 120
建议全网一直
五、缺省路由
在连接运营商边界路由器上配置RIP缺省后,内部的路由器将自动生成缺省路由指向边界路由器;
边界路由器到达ISP的缺省路由,宣告手工静态配置
此图中,R3为边界路由器:
R3(config)#router rip
R3(config-router)#default ?
address-family Enter Address Family command mode
auto-summary Enable automatic network number summarization
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
flash-update-threshold Specify flash update threshold in second
input-queue Specify input queue depth
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Enable routing on an IP network
offset-list Add or subtract offset from RIP metrics
output-delay Interpacket delay for RIP updates
passive-interface Suppress routing updates on an interface
redistribute Redistribute information from another routing
protocol
timers Adjust routing timers
traffic-share How to compute traffic share over alternate paths
validate-update-source Perform sanity checks against source address of
routing updates
version Set routing protocol version
R3(config-router)#default-information ?
originate Distribute a default route
R3(config-router)#default-information originate
R3(config-router)#1、在边界路由器上下放缺省
r3(config)#router rip
r3(config-router)#default-information originate
2、再写一条缺省指向ISP
R2(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.3
R1和R2自动学习缺省路由,便可与ISP互通!
390
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
