EIGRP:增强型内部网关路由协议
简述:eigrp为CISCO私有,无类别距离矢量路由协议,组播更新,更新地址为:224.0.0.10,同时支持等开销和非等开销负载均衡,默认为4条,最大6条,IOS版本12.4以上16条。
1.实验拓扑图
2.实验要求
1.R1为ISP
2.R2-R8地址172.16.0.0/16
3.R4 S1/1口接口带宽为800K,R4到R2的环回为非等开销负载均衡
4.R5到达R8环回通过R6
5.减少路由条目数量,增加更新安全
6.R2-R8均可访问R1环
7.R1 telnet R2实际登录到R8
3.实验规划
1.ISP上只配置一个环回和R2直连地址
2.R2-R8骨干以及环回地址子网划分
ISP:1.1.1.0/24(环回)12.1.1.0(ISP-R2)
R2:12.1.1.0/24(R2-ISP) 172.16.0.0/19(R2-R3,R2-R5) 172.16.48.0/20(环回)
R3:172.16.80.0/21(环回0) 172.16.88.0/21(环回1) 172.16.64.0/20(R3-R4) 172.16.0.0/19(R3-R2)
R4:172.16.112.0/21(环回0) 172.16.120.0/21(环回1) 172.16.96.0/20(R4-R5)
R5:172.16.144.0/21(环回0) 172.16.152.0/21(环回1) 172.16.128.0/20(R5-R6)
R6:172.16.176.0/21(环回0) 172.16.184.0/21(环回1) 172.16.160.0/20(R6-R7)
R7:172.16.208.0/21(环回0) 172.16.216.0/21(环回1) 172.16.192.0/20(R7-R8)
R8:172.16.240.0/21(环回0) 172.16.248.0/21(环回1) 172.16.224.0/20(R8-R5)
3.R4的S3/0口接口带宽改为800K,修改差异值
4.R5-R8的直连增加度量值
5.EIGRP只支持密文认证,R3-R4,R4-R5,R5-R6,R6-R7,R7-R8,R5-R8均开启密文认证
6.所有环回地址做汇总
7.R2上定义内外网,NAT转换
4.配置
(1).ISP
Router>enable
Router#configure terminal
ISP(config)#hostname ISP
ISP(config)#no ip domain-lookup
ISP(config)#line console 0
ISP(config-line)#logging synchronous
ISP(config-line)#exec-timeout 0 0
ISP(config-line)#exit
**环回0口**
ISP(config)#interface loopback 0
ISP(config-if)#ip address 1.1.1.1 255.255.255.0
ISP(config-if)#exit
**ISP-R2**
ISP(config)#interface s3/0
ISP(config-if)#ip address 12.1.1.1 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
(2).R2
Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#no ip domain-lookup
R2(config)#line console 0
R2(config-line)#logging synchronous
R2(config-line)#exec-timeout 0 0
R2(config-line)#exit
**环回0口**
R2(config)#interface loopback 0
R2(config-if)#ip address 172.16.32.1 255.255.240.0
R2(config-if)#exit
**R2-ISP**
R2(config)#interface s3/1
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
**R2-SW1**
R2(config)#interface e0/0
R2(config-if)#ip address 172.16.0.1 255.255.224.0
R2(config-if)#no shutdown
R2(config-if)#exit
**EIGRP**
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R2(config-router)#network 172.16.0.0
R2(config-router)#exit
**定义内外网**
R2(config)#interface s3/1
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#interface e0/0
R2(config-if)#exit
**访问外网,NAT转换**
R2(config)#access-list 1 permit 172.16.0.0 0.0.255.255
R2(config)#ip nat inside source list 1 interface s3/1
R2(config)#ip route 0.0.0.0 0.0.0.0 s3/1
R2(config)#interface e0/0
R2(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0
R2(config-if)#exit
**远程登录,NAT转换**
R2(config)#ip nat inside source static tcp 172.16.224.1 23 12.1.1.2 23
(3)SW1
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW1
R2(config-if)#ip nat inside
(4).R3
Router>enable
Router#configure terminal
R#(config)#hostname R3
R3(config)#no ip domain-lookup
R3(config)#line console 0
R3(config-line)#logging synchronous
R3(config-line)#exec-timeout 0 0
R3(config-line)#exit
**环回0口**
R3(config)#interface loopback 0
R3(config-if)#ip address 172.16.80.1 255.255.248.0
R3(config-if)#exit
**环回1口**
R3(config)#interface loopback 1
R3(config-if)#ip address 172.16.88.1 255.255.248.0
R3(config-if)#exit
**SW1-R3**
R3(config)#interface e0/0
R3(config-if)#ip address 172.16.0.2 255.255.224.0
R3(config-if)#no shutdown
R3(config-if)#exit
**R3-R4**
R3(config)#interface s3/0
R3(config-if)#ip address 172.16.64.1 255.255.240.0
R3(config-if)#no shutdown
R3(config-if)#exit
**EIGRP**
R3(config)#router eigrp 100
R3(config-router)#no auto-summary
R3(config-router)#network 172.16.0.0
R3(config-router)#exit
**R3两个环回做汇总**
R3(config)#interface e0/0
R3(config-if)#ip summary-address eigrp 100 172.16.80.0 255.255.240.0
R3(config-if)#exit
R3(config)#interface s3/0
R3(config-if)#ip summary-address eigrp 100 172.16.80.0 255.255.240.0
R3(config-if)#exit
**密文认证**
R3(config)#key chain a
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco
R3(config-keychain-key)#exit
R3(config-keychain)#exit
R3(config)#interface s3/0
R3(config-if)#ip authentication key-chain eigrp 100 a
R3(config-if)#ip authentication mode eigrp 100 md5
(5).R4
Router>enable
Router#configure terminal
Router(config)#hostname R4
R4(config)#no ip domain-lookup
R4(config)#line console 0
R4(config-line)#logging synchronous
R4(config-line)#exec-timeout 0 0
R4(config-line)#exit
**环回0口**
R4(config)#interface loopback 0
R4(config-if)#ip address 172.16.112.1 255.255.248.0
R4(config-if)#exit
**环回1口**
R4(config)#interface loopback 1
R4(config-if)#ip address 172.16.120.1 255.255.248.0
R4(config-if)#exit
**R4-R3**
R4(config)#interface s3/1
R4(config-if)#ip address 172.16.64.2 255.255.240.0
R4(config-if)#no shutdown
R4(config-if)#exit
**R4-R5**
R4(config)#interface s3/0
R4(config-if)#ip address 172.16.96.1 255.255.240.0
R4(config-if)#no shutdown
R4(config-if)#exit
**EIGRP**
R4(config)#router eigrp 100
R4(config-router)#no auto-summary
R4(config-router)#network 172.16.0.0
R4(config-router)#exit
**修改接口带宽**
R4(config)#interface s3/0
R4(config-if)#bandwidth 800
R4(config-if)#exit
**实现非等开销负载均衡(修改差异值)**
R4(config)#router eigrp 100
R4(config-router)#variance 2
R4(config-router)#exit
**R4的两个环回做汇总**
R4(config)#interface s3/0
R4(config-if)#ip summary-address eigrp 100 172.16.112.0 255.255.240.0
R4(config-if)#exit
R4(config)#interface s3/1
R4(config-if)#ip summary-address eigrp 100 172.16.112.0 255.255.240.0
R4(config-if)#exit
**密文认证**
R4(config)#key chain b
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string cisco
R4(config-keychain-key)#exit
R4(config-keychain)#exit
R4(config)#interface s3/1
R4(config-if)#ip authentication key-chain eigrp 100 b
R4(config-if)#ip authentication mode eigrp 100 md5
R4(config-if)#exit
R4(config)#interface s3/0
R4(config-if)#ip authentication key-chain eigrp 100 b
R4(config-if)#ip authentication mode eigrp 100 md5
R4(config-if)#exit
(6).R5
Router>enable
Router#configure terminal
Router(config)#hostname R5
R5(config)#no ip domain-lookup
R5(config)#line console 0
R5(config-line)#logging synchronous
R5(config-line)#exec-timeout 0 0
R5(config-line)#exit
**环回0口**
R5(config)#interface loopback 0
R5(config-if)#ip address 172.16.144.1 255.255.248.0
R5(config-if)#exit
**环回1口**
R5(config)#interface loopback 1
R5(config-if)#ip address 172.16.152.1 255.255.248.0
R5(config-if)#exit
**SW1-R5**
R5(config)#interface e0/0
R5(config-if)#ip address 172.16.0.3 255.255.224.0
R5(config-if)#no shutdown
R5(config-if)#exit
**R4-R5**
R5(config)#interface s3/1
R5(config-if)#ip address 172.16.96.2 255.255.240.0
R5(config-if)#no shutdown
R5(config-if)#exit
**R5-R6**
R5(config)#interface s3/0
R5(config-if)#ip address 172.16.128.1 255.255.240.0
R5(config-if)#no shutdown
R5(config-if)#exit
**EIGRP**
R5(config)#router eigrp 100
R5(config-router)#no auto-summary
R5(config-router)#network 172.16.0.0
R5(config-router)#exit
**偏移表修改权重值是R5访问R8通过R6**
R5(config)#access-list 1 permit 172.16.240.0 0.0.15.255
R5(config)#router eigrp 100
R5(config-router)#offset-list 1 in 1100000000 s3/2
R5(config-router)#exit
**R5的环回做汇总**
R5(config)#interface e0/0
R5(config-if)#ip summary-address eigrp 100 172.16.144.0 255.255.240.0
R5(config-if)#exit
R5(config)#interface s3/0
R5(config-if)#ip summary-address eigrp 100 172.16.144.0 255.255.240.0
R5(config-if)#exit
R5(config)#interface s3/1
R5(config-if)#ip summary-address eigrp 100 172.16.144.0 255.255.240.0
R5(config-if)#exit
R5(config)#interface s3/2
R5(config-if)#ip summary-address eigrp 100 172.16.144.0 255.255.240.0
R5(config-if)#exit
**密文认证**
R5(config)#key chain c
R5(config-keychain)#key 1
R5(config-keychain-key)#key-string cisco
R5(config-keychain-key)#exit
R5(config-keychain)#exit
R5(config)#interface s3/0
R5(config-if)#ip authentication key-chain eigrp 100 c
R5(config-if)#ip authentication mode eigrp 100 md5
R5(config-if)#exit
R5(config)#interface s3/1
R5(config-if)#ip authentication key-chain eigrp 100 c
R5(config-if)#ip authentication mode eigrp 100 md5
R5(config-if)#exit
R5(config)#interface s3/2
R5(config-if)#ip authentication key-chain eigrp 100 c
R5(config-if)#ip authentication mode eigrp 100 md5
R5(config-if)#exit
(7).R6
Router>enable
Router#configure terminal
Router(config)#hostname R6
R6(config)#no ip domain-lookup
R6(config)#line console 0
R6(config-line)#logging synchronous
R6(config-line)#exec-timeout 0 0
R6(config-line)#exit
**环回0口**
R6(config)#interface loopback 0
R6(config-if)#ip address 172.16.176.1 255.255.248.0
R6(config-if)#exit
**环回1口**
R6(config)#interface loopback 1
R6(config-if)#ip address 172.16.184.1 255.255.248.0
R6(config-if)#exit
**R5-R6**
R6(config)#interface s3/1
R6(config-if)#ip address 172.16.128.2 255.255.240.0
R6(config-if)#no shutdown
R6(config-if)#exit
**R6-R7**
R6(config)#interface s3/0
R6(config-if)#ip address 172.16.160.1 255.255.240.0
R6(config-if)#no shutdown
R6(config-if)#exit
**EIGRP**
R6(config)#router eigrp 100
R6(config-router)#no auto-summary
R6(config-router)#network 172.16.0.0
R6(config-router)#exit
**R6的两个环回做汇总**
R6(config)#interface s3/0
R6(config-if)#ip summary-address eigrp 100 172.16.176.0 255.255.240.0
R6(config-if)#exit
R6(config)#interface s3/1
R6(config-if)#ip summary-address eigrp 100 172.16.176.0 255.255.240.0
R6(config-if)#exit
**密文认证**
R6(config)#key chain d
R6(config-keychain)#key 1
R6(config-keychain-key)#key-string cisco
R6(config-keychain-key)#exit
R6(config-keychain)#exit
R6(config)#interface s3/1
R6(config-if)#ip authentication key-chain eigrp 100 d
R6(config-if)#ip authentication mode eigrp 100 md5
R6(config-if)#exit
R6(config)#interface s3/0
R6(config-if)#ip authentication key-chain eigrp 100 d
R6(config-if)#ip authentication mode eigrp 100 md5
R6(config-if)#exit
(8).R7
Router>enable
Router#configure terminal
Router(config)#hostname R7
R7(config)#no ip domain-lookup
R7(config)#line console 0
R7(config-line)#logging synchronous
R7(config-line)#exec-timeout 0 0
R7(config-line)#exit
**环回0口**
R7(config)#interface loopback 0
R7(config-if)#ip address 172.16.208.1 255.255.248.0
R7(config-if)#exit
**环回1口**
R7(config)#interface loopback 1
R7(config-if)#ip address 172.16.216.1 255.255.248.0
R7(config-if)#exit
**R6-R7**
R7(config)#interface s3/1
R7(config-if)#ip address 172.16.160.2 255.255.240.0
R7(config-if)#no shutdown
**R7-R8**
R7(config)#interface s3/0
R7(config-if)#ip address 172.16.192.1 255.255.240.0
R7(config-if)#no shutdown
R7(config-if)#exit
**EIGRP**
R7(config)#router eigrp 100
R7(config-router)#no auto-summary
R7(config-router)#network 172.16.0.0
R7(config-router)#exit
**R7两个环回做汇总**
R7(config)#interface s3/0
R7(config-if)#ip summary-address eigrp 100 172.16.208.0 255.255.240.0
R7(config-if)#exit
R7(config)#interface s3/1
R7(config-if)#ip summary-address eigrp 100 172.16.208.0 255.255.240.0
R7(config-if)#exit
**密文认证**
R7(config)#key chain e
R7(config-keychain)#key 1
R7(config-keychain-key)#key-string cisco
R7(config-keychain-key)#exit
R7(config-keychain)#exit
R7(config)#interface s3/1
R7(config-if)#ip authentication key-chain eigrp 100 e
R7(config-if)#ip authentication mode eigrp 100 md5
R7(config-if)#exit
R7(config)#interface s3/0
R7(config-if)#ip authentication key-chain eigrp 100 e
R7(config-if)#ip authentication mode eigrp 100 md5
R7(config-if)#exit
(9).R8
Router>enable
Router#configure terminal
Router(config)#hostname R8
R8(config)#no ip domain-lookup
R8(config)#line console 0
R8(config-line)#logging synchronous
R8(config-line)#exec-timeout 0 0
**环回0口**
R8(config)#interface loopback 0
R8(config-if)#ip address 172.16.240.1 255.255.248.0
R8(config-if)#exit
**环回1口**
R8(config)#interface loopback 1
R8(config-if)#ip address 172.16.248.1 255.255.248.0
R8(config-if)#exit
**R8-R7**
R8(config)#interface s3/1
R8(config-if)#ip address 172.16.192.2 255.255.240.0
R8(config-if)#no shutdown
**R8-R5**
R8(config)#interface s3/0
R8(config-if)#ip address 172.16.224.1 255.255.240.0
R8(config-if)#no shutdown
R8(config-if)#exit
**EIGRP**
R8(config)#router eigrp 100
R8(config-router)#no auto-summary
R8(config-router)#network 172.16.0.0
R8(config-router)#exit
**R8两个换回做汇总**
R8(config)#interface s3/0
R8(config-if)#ip summary-address eigrp 100 172.16.240.0 255.255.240.0
R8(config-if)#exit
R8(config)#interface s3/1
R8(config-if)#ip summary-address eigrp 100 172.16.240.0 255.255.240.0
R8(config-if)#exit
**密文认证**
R8(config)#key chain f
R8(config-keychain)#key 1
R8(config-keychain-key)#key-string cisco
R8(config-keychain-key)#exit
R8(config-keychain)#exit
R8(config)#interface s3/0
R8(config-if)#ip authentication key-chain eigrp 100 f
R8(config-if)#ip authentication mode eigrp 100 md5
R8(config-if)#exit
R8(config)#interface s3/1
R8(config-if)#ip authentication key-chain eigrp 100 f
R8(config-if)#ip authentication mode eigrp 100 md5
R8(config-if)#exit
R8(config)#interface s3/2
R8(config-if)#ip authentication key-chain eigrp 100 f
R8(config-if)#ip authentication mode eigrp 100 md5
R8(config-if)#exit
**开启远程登录**
R8(config)#username xx privilege 15 password yy
R8(config)#line vty 0 4
R8(config-line)#login local
R8(config-line)#exit
5.实验测试
(1).R4的s3/0口接口带宽800K,实现非等开销负载均衡
R2环回地址为缺省路由