r1的IP地址配置
r2的IP地址配置
r3的IP地址配置
r4的IP地址配置
r5的IP地址配置
r6的IP地址配置
r7的IP地址配置
R1~R5选择RIPV2版本,并进行宣告
R1
[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]network 12.0.0.0
[r1-rip-1]network 14.0.0.0
[r1-rip-1]network 1.0.0.0
[r1-rip-1]network 172.16.0.0
R2
[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]network 12.0.0.0
[r2-rip-1]network 2.0.0.0
[r2-rip-1]network 23.0.0.0
R3
[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 23.0.0.0
[r3-rip-1]network 34.0.0.0
[r3-rip-1]network 3.0.0.0
R4
[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 14.0.0.0
[r4-rip-1]network 34.0.0.0
[r4-rip-1]network 45.0.0.0
[r4-rip-1]network 46.0.0.0
[r4-rip-1]network 4.0.0.0
R5
[r5]rip 1
[r5-rip-1]version 2
[r5-rip-1]network 45.0.0.0
R6
[r6]rip 1
[r6-rip-1]version 1
[r6-rip-1]network 46.0.0.0
[r6-rip-1]network 67.0.0.0
[r6-rip-1]network 6.0.0.0
R7
[r7]rip 1
[r7-rip-1]version 1
[r7-rip-1]network 67.0.0.0
[r7-rip-1]network 7.0.0.0
让RIPV1和RIPV2兼容
[r6]int g 0/0/0
[r6-GigabitEthernet0/0/0]rip version 2
R5的环回不能宣告,则写缺省路由(边界路由上写)
[r5-rip-1]default-route originate
减少路由条目数量(汇总),增加路由传递的安全性
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip summary-address 172.16.0.0 255.255.252.0
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]rip summary-address 172.16.0.0 255.255.252.0
汇总之后要防环,避免出现路由黑洞,所以要加一个空接口
[r1]ip route-static 172.16.0.0 22 null 0
r1的两个接口都要进行汇总
在接口上进行认证,必须是双向的
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456
要求R3使用R2访问R1的环回
要先使用ACL列表抓取流量,再修改开销值,访问的是R1的环回,所以抓取R1的环回
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0
[r3-acl-basic-2000]rule permit source 1.1.1.0 0
[r3]int g 0/0/1
[r3-GigabitEthernet0/0/1]rip metricin 2000 5
R6、R7路由器不能学习到达R1环回路由
过滤策略
[r6]acl 2000
[r6-acl-basic-2000]rule deny source 1.1.1.0 0
[r6-acl-basic-2000]rule deny source 172.16.0.0 0
[r6-acl-basic-2000]rule permit source any
[r6]rip
[r6-rip-1]filter-policy 2000 import
R1 Telnet R2环回实际Telnet到R7上
[r7]aaa
[r7-aaa]local-user admin privilege level 15 password cipher 123456
[r7-aaa]local-user admin service-type telnet
[r7]user-interface vty 0 4
[r7-ui-vty0-4]authentication-mode aaa
[r2-GigabitEthernet0/0/0]nat server protocol tcp global interface loopback 0 23 inside 7.7.7.7 23 -----接口映射
控制流量走向,让R2只走23,不走12,让R4只走34,不走14
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 7.0.0.0 0
[r2]int g 0/0/0 [r2-GigabitEthernet0/0/0]rip metricin 2000 10
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 12.0.0.0 0
[r4]int g 0/0/0
[r4-GigabitEthernet0/0/0]rip metricin 2000 10