目录
RIP综合实验
实验内容
实验拓扑图
IP地址的配置
R1的IP地址详情
[R1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 7
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 7
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.1/24 up up
GigabitEthernet0/0/1 14.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/24 up up(s)
LoopBack1 172.16.1.1/24 up up(s)
LoopBack2 172.16.2.1/24 up up(s)
LoopBack3 172.16.3.1/24 up up(s)
NULL0 unassigned up up(s)
R2的IP地址详情
[R2]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.2/24 up up
GigabitEthernet0/0/1 23.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 2.2.2.2/24 up up(s)
NULL0 unassigned up up(s) R3的IP地址详情
[R3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 23.0.0.2/24 up up
GigabitEthernet0/0/1 34.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 3.3.3.3/24 up up(s)
NULL0 unassigned up up(s) R4的IP地址详情
[R4]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 14.0.0.2/24 up up
GigabitEthernet0/0/1 34.0.0.2/24 up up
GigabitEthernet0/0/2 45.0.0.1/24 up up
GigabitEthernet4/0/0 46.0.0.1/24 up up
GigabitEthernet4/0/1 unassigned down down
GigabitEthernet4/0/2 unassigned down down
GigabitEthernet4/0/3 unassigned down down
LoopBack0 4.4.4.4/24 up up(s)
NULL0 unassigned up up(s) R5的IP地址详情
[R5]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 45.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 5.5.5.5/24 up up(s)
NULL0 unassigned up up(s) R6的IP地址详情
[R6]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 46.0.0.2/24 up up
GigabitEthernet0/0/1 67.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 6.6.6.6/24 up up(s)
NULL0 unassigned up up(s)
[R6]R7的IP地址详情
[R7]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 67.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 7.7.7.7/24 up up(s)
NULL0 unassigned up up(s)激活RIP协议,宣告网段
RIP2的配置
R1基本配置
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 12.0.0.0
[R1-rip-1]network 14.0.0.0
[R1-rip-1]network 1.0.0.0
[R1-rip-1]network 172.16.0.0
[R1-rip-1]R2基本配置
[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]network 23.0.0.0
[R2-rip-1]network 12.0.0.0
[R2-rip-1]network 2.0.0.0R3基本配置
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 23.0.0.0
[R3-rip-1]network 34.0.0.0
[R3-rip-1]network 3.0.0.0
[R3-rip-1]R4基本配置
[R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]network 34.0.0.0
[R4-rip-1]network 45.0.0.0
[R4-rip-1]network 14.0.0.0
[R4-rip-1]network 4.0.0.0
[R4-rip-1]network 46.0.0.0R5基本配置
[R5]rip
[R5]rip 1
[R5-rip-1]version 2
[R5-rip-1]network 45.0.0.0
#因为题意要求不能宣告R5的环回网段RIP1的配置
R6基本配置
[R6]rip 1
[R6-rip-1]version 1
[R6-rip-1]network 46.0.0.0
[R6-rip-1]network 67.0.0.0
[R6-rip-1]network 6.0.0.0R7基本配置
[R7]rip 1
[R7-rip-1]version 1
[R7-rip-1]network 67.0.0.0
[R7-rip-1]network 7.0.0.0减少路由条目(做路由汇总)
汇总前
[R2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 10 Routes : 13
RIP routing table status : <Active>
Destinations : 10 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
4.4.4.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
14.0.0.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
45.0.0.0/24 RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
46.0.0.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
172.16.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
172.16.2.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
172.16.3.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R2]汇总操作
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]rip summary-address 172.16.0.0 255.255.252.0
[R1-GigabitEthernet0/0/0]int g 0/0/1
[R1-GigabitEthernet0/0/1]rip su
[R1-GigabitEthernet0/0/1]rip summary-address 172.16.0.0 255.255.252.0
[R1-GigabitEthernet0/0/1]汇总后
[R2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 8 Routes : 11
RIP routing table status : <Active>
Destinations : 8 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
4.4.4.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
14.0.0.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
45.0.0.0/24 RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
46.0.0.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
172.16.0.0/22 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R2]做汇总必须做空接口(防止出现路由黑洞)
[R1]ip route-static 172.16.0.0 22 NULL 0R3使用R2访问R1的环回(调整开销值)
注意:
因为RIP不能随便减小开销值,只能加大下面R4 -> R3的开销值
方法一:在R4(出方向)更改,将发往R3的时候将开销值增大
操作与方法二类似
方法二: 在R3(入方向)更改,R3在收到信息时开销值增大
1.抓取流量(使用ACL列表)
[R3]acl 2
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0
[R3-acl-basic-2000]rule permit source 1.1.1.0 0
[R3-acl-basic-2000]2.修改开销值
[R3]int g 0/0/1
[R3-GigabitEthernet0/0/1]rip metricin 2000 23.测试
[R3]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 8 Routes : 8
RIP routing table status : <Active>
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 2 D 34.0.0.2 GigabitEthernet
0/0/1
2.2.2.0/24 RIP 100 1 D 23.0.0.1 GigabitEthernet
0/0/0
4.4.4.0/24 RIP 100 1 D 34.0.0.2 GigabitEthernet
0/0/1
12.0.0.0/24 RIP 100 1 D 23.0.0.1 GigabitEthernet
0/0/0
14.0.0.0/24 RIP 100 1 D 34.0.0.2 GigabitEthernet
0/0/1
45.0.0.0/24 RIP 100 1 D 34.0.0.2 GigabitEthernet
0/0/1
46.0.0.0/24 RIP 100 1 D 34.0.0.2 GigabitEthernet
0/0/1
172.16.0.0/22 RIP 100 2 D 34.0.0.2 GigabitEthernet
0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R3]增加路由条目安全性(在接口上做认证)
[R1-GigabitEthernet0/0/0]rip authentication-mode ? --- 选择认证模式
hmac-sha256
md5 MD5 authentication --- 通过比较哈希值,较为安全 ,不会携带密码信息
simple Simple authentication[R1-GigabitEthernet0/0/0]rip authentication-mode md5 ?
nonstandard Nonstandard MD5 authentication packet format (IETF) --- 非标准的(IETF标准)
usual Huawei MD5 authentication packet format --- 标准的(华为MD5规则)[R1-GigabitEthernet0/0/0]rip authentication-mode md5 usual ?
STRING<1-16>/<24,32> Plain text/Encrypted text
cipher Encryption type (Cryptogram) --- 密码存储
plain Encryption type (Plain text) --- 以本地明文存储
R1配置
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456R2配置
[R2-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456注意:
认证标准必须相同
rip authentication-mode md5 ?
nonstandard Nonstandard MD5 authentication packet format (IETF) --- 非标准的(IETF标准)
usual Huawei MD5 authentication packet format --- 标准的(华为MD5规则)
全网可达
解决RIP1中无法访问RIP2中路由信息
注意:
因为没有边界路由器,无法使用重发布来执行
方法一:让R4 4/0/0 发送信息全部发送RIPv1
方法二:让R6 0/0/0 发送信息全部发送RIPv2
修改前:
[R6]display ip routing-table protocol rip
[R6]修改:
[R6-GigabitEthernet0/0/0]rip version 2修改后:
[R6]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 10 Routes : 10
RIP routing table status : <Active>
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 RIP 100 3 D 46.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
4.4.4.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
12.0.0.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
14.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
23.0.0.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
45.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
172.16.0.0/22 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0解决无法访问R5的换回模拟运营商
在每个路由上做路由缺省 或者 在边界路由器上配置主动下发一个指向边界路由的缺省
配置:
[R5]rip --- 进入对应进程
[R5-rip-1]de
[R5-rip-1]default-route o
[R5-rip-1]default-route originate
[R5-rip-1]测试:其他路由上会自动添加一个缺省
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 3 D 23.0.0.2 GigabitEthernet
0/0/1
[R1]ping 5.5.5.5
PING 5.5.5.5: 56 data bytes, press CTRL_C to break
Request time out
Reply from 5.5.5.5: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 5.5.5.5: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 5.5.5.5: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 5.5.5.5: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 5.5.5.5 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/30/40 ms
[R6]ping 5.5.5.5
PING 5.5.5.5: 56 data bytes, press CTRL_C to break
Reply from 5.5.5.5: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 5.5.5.5: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 5.5.5.5: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 5.5.5.5: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 5.5.5.5: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 5.5.5.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/40/50 msR6,R7不能访问R1的环回
方法一:R4给R6发送数据时不包含R1的环回
方法二:R6学习数据时过滤掉R1的环回信息
[R6]acl 2000
[R6-acl-basic-2000]rule deny source 172.16.0.0 0 --- 过滤网段
[R6-acl-basic-2000]rule deny source 1.1.1.0 0
[R6-acl-basic-2000]rule permit source any ---接收其他网段信息
[R6]rip 1
[R6-rip-1]filter-policy 2000 import
[R6-rip-1]
测试:
[R6]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 9 Routes : 9
RIP routing table status : <Active>
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 RIP 100 3 D 46.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
4.4.4.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
12.0.0.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
14.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
23.0.0.0/24 RIP 100 2 D 46.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
45.0.0.0/24 RIP 100 1 D 46.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0R6还可以ping通R1的原因:存在路由缺省
R1 Telent R2 环回 实际 Telent 到R7
R7上做aaa认证并创建用户
[R7-aaa]local-user admin privilege level 15 password cipher 123456
[R7-aaa]local-user admin service-type telnetR7上使用虚拟登陆接口并开启认证aaa
[R7]user-interface vty 0 4
[R7-ui-vty0-4]authentication-mode aaa测试:
<R6>telnet 7.7.7.7
Press CTRL_] to quit telnet mode
Trying 7.7.7.7 ...
Connected to 7.7.7.7 ...
Login authentication
Username:admin
Password:
<R7>
<R7>
<R7>R2 0/0/0 接口制作端口映射(使得访问到R7)
[R2-GigabitEthernet0/0/0]nat server protocol tcp global interface loopback 0 23
inside 7.7.7.7 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y控制流量走R1路由流量只走R2接口
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 7.0.0.0 0
[R2-acl-basic-2000]q
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]rip metricout 2000 10
[R2-GigabitEthernet0/0/0]测试
Destination/Mask Proto Pre Cost Flags NextHop Interface
7.0.0.0/8 RIP 100 4 D 23.0.0.2 GigabitEthernet 0/0/1
控制R7返回的数据只走R4 0/0/1 接口
[R4-acl-basic-2000]ru
[R4-acl-basic-2000]rule pe
[R4-acl-basic-2000]rule permit source 12.0.0.0 0
[R4-acl-basic-2000]q
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]rip metricin 2000 10测试:
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.0.0.0/24 RIP 100 2 D 34.0.0.1 GigabitEthernet 0/0/1
R1 Telent R2
<R6>telnet 2.2.2.2
Press CTRL_] to quit telnet mode
Trying 2.2.2.2 ...
Connected to 2.2.2.2 ...
Login authentication
Username:admin
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 67.0.0.1
Time : 2022-10-30 18:06:33-08:00
-----------------------------------------------------------------------------
<R7>
<R7>
<R7>
<R7>
1009
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
