一、拓扑图
二、需求
R1-R2-R3-R4-R5 RIP 100 运行版本 2R6-R7 RIP 200 运行版本 11. 使用合理 IP 地址规划网络,各自创建环回接口2.R1 创建环回 172.16.1.1/24 172.16.2.1/24 172.16.3.1/243. 要求 R3 使用 R2 访问 R1 环回4. 减少路由条目数量, R1-R2 之间增加路由传递安全性5.R5 创建一个环回模拟运营商,不能通告6.R1 telnet R2环回实际telnet 到R 7 上7.R6-R7 路由器不能学习到达 R1 环回路由8 . 全网可达
三、配置详情
1.IP地址配置:
R1:
[r1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.1/24 up up
GigabitEthernet0/0/1 14.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.1.1/24 up up(s)
LoopBack1 172.16.2.1/24 up up(s)
LoopBack2 172.16.3.1/24 up up(s)
NULL0 unassigned up up(s)
R2:
[r2]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.2/24 up up
GigabitEthernet0/0/1 23.0.0.1/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 2.2.2.2/24 up up(s)
NULL0 unassigned up up(s)
R3:
[r3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 34.0.0.1/24 up up
GigabitEthernet0/0/1 23.0.0.2/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 3.3.3.3/24 up up(s)
NULL0 unassigned up up(s)
R4:
[r4]display IP interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 14.0.0.2/24 up up
GigabitEthernet0/0/1 34.0.0.2/24 up up
GigabitEthernet0/0/2 45.0.0.2/24 up up
GigabitEthernet4/0/0 46.0.0.1/24 up up
LoopBack0 4.4.4.4/24 up up(s)
NULL0 unassigned up up(s)
R5:
[r5]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 45.0.0.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 5.5.5.5/24 up up(s)
NULL0 unassigned up up(s)
R6:
[r6]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 67.0.0.1/24 up up
GigabitEthernet0/0/1 46.0.0.2/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 6.6.6.6/24 up up(s)
NULL0 unassigned up up(s)
R7:
[r7]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 67.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 7.7.7.7/24 up up(s)
NULL0 unassigned up up(s)
2.激活RIP协议,宣告网段:
R1:
[r1]rip 100
[r1-rip-100]ver
[r1-rip-100]vers
[r1-rip-100]version 2
[r1-rip-100]net
[r1-rip-100]network 12.0.0.0
[r1-rip-100]netw
[r1-rip-100]network 14.0.0.0
[r1-rip-100]netw
[r1-rip-100]network 1.0.0.0
[r1-rip-100]net
[r1-rip-100]network 172.16.0.0
R2
[r2]rip 100
[r2-rip-100]ver
[r2-rip-100]vers
[r2-rip-100]version 2
[r2-rip-100]net
[r2-rip-100]network 12.0.0.0
[r2-rip-100]netw
[r2-rip-100]network 23.0.0.0
[r2-rip-100]net
[r2-rip-100]network 2.0.0.0
R3:
[r3]rip 100
[r3-rip-100]ver
[r3-rip-100]vers
[r3-rip-100]version 2
[r3-rip-100]netw
[r3-rip-100]network 23.0.0.0
[r3-rip-100]net
[r3-rip-100]network 34.0.0.0
[r3-rip-100]net
[r3-rip-100]network 3.0.0.0
R4:
[r4]rip 100
[r4-rip-100]vers
[r4-rip-100]version 2
[r4-rip-100]net
[r4-rip-100]network 45.0.0.0
[r4-rip-100]network 34.0.0.0
[r4-rip-100]network 14.0.0.0
[r4-rip-100]network 4.0.0.0
[r4-rip-100]network 46.0.0.0
R5:
[r5]rip 100
[r5-rip-100]ver
[r5-rip-100]vera
[r5-rip-100]vers
[r5-rip-100]version 2
[r5-rip-100]net
[r5-rip-100]network 45.0.0.0
R6:
[r6]rip 200
[r6-rip-200]ver
[r6-rip-200]vers
[r6-rip-200]version 1
[r6-rip-200]net
[r6-rip-200]network 46.0.0.0
[r6-rip-200]network 67.0.0.0
[r6-rip-200]network 6.0.0.0
R7:
[r7]rip 200
[r7-rip-200]vers
[r7-rip-200]version 1
[r7-rip-200]net
[r7-rip-200]network 67.0.0.0
[r7-rip-200]network 7.0.0.0
3.减少路由条目数量,R1-R2之间增加路由传递安全性
汇总前:
[r2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 10 Routes : 13
RIP routing table status : <Active>
Destinations : 10 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
4.4.4.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
14.0.0.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
45.0.0.0/24 RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
46.0.0.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
172.16.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
172.16.2.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
172.16.3.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[r2]
汇总操作:
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]rip summ
[r1-GigabitEthernet0/0/0]rip summary-address 172.16.0.0 255.255.252.0
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]rip summ
[r1-GigabitEthernet0/0/1]rip summary-address 172.16.0.0 255.255.252.0
汇总后:
[r2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 8 Routes : 11
RIP routing table status : <Active>
Destinations : 8 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
4.4.4.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
14.0.0.0/24 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
34.0.0.0/24 RIP 100 1 D 23.0.0.2 GigabitEthernet
0/0/1
45.0.0.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
46.0.0.0/24 RIP 100 2 D 12.0.0.1 GigabitEthernet
0/0/0
RIP 100 2 D 23.0.0.2 GigabitEthernet
0/0/1
172.16.0.0/22 RIP 100 1 D 12.0.0.1 GigabitEthernet
0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
做汇总必须做空接口(防止出现路由黑洞):
R1-R2之间增加路由传递安全性:
[r1-GigabitEthernet0/0/0]rip authentication-mode ? --- 选择认证模式
hmac-sha256
md5 MD5 authentication --- 通过比较哈希值,较为安全 ,不会携带密码信息
simple Simple authentication[r1-GigabitEthernet0/0/0]rip authentication-mode md5 ?
nonstandard Nonstandard MD5 authentication packet format (IETF) --- 非标准的(IETF标准)
usual Huawei MD5 authentication packet format --- 标准的(华为MD5规则)[r1-GigabitEthernet0/0/0]rip authentication-mode md5 usual ?
STRING<1-16>/<24,32> Plain text/Encrypted text
cipher Encryption type (Cryptogram) --- 密码存储
plain Encryption type (Plain text) --- 以本地明文存储
R1配置:
R2配置:
注意:
认证标准必须相同
4.R3使用R2访问R1的环回
因为RIP不能随便减小开销值,只能加大下面R4 -> R3的开销值
方法一:在R4(出方向)更改,将发往R3的时候将开销值增大到多少
操作与方法二类似
方法二: 在R3(入方向)更改,R3在收到信息时开销值增大为多少
1.抓取流量(使用ACL列表)
2.修改开销值
3.测试
5.全网可达
解决RIP1中无法访问RIP2中路由信息:
方法一:让R4 4/0/0 发送信息全部发送RIPv1
方法二:让R6 0/0/0 发送信息全部发送RIPv2
修改前:
修改:
[r6-GigabitEthernet0/0/1]rip version 2
修改后:
解决无法访问R5的换回模拟运营商:
在每个路由上做路由缺省 或者 在边界路由器上配置主动下发一个指向边界路由的缺省
配置:
[r5]rip 100
[r5-rip-100]de
[r5-rip-100]default-r
[r5-rip-100]default-route o
[r5-rip-100]default-route originate
[r5-rip-100]
测试:
6.R6,R7不能访问R1的环回
方法一:R4给R6发送数据时不包含R1的环回
方法二:R6学习数据时过滤掉R1的环回信息
测试:
7.R1 telnet R2环回实际telnet 到R7上
R7上做aaa认证并创建用户:
[r7]user-interface vty 0 4
[r7-ui-vty0-4]au
[r7-ui-vty0-4]authentication-mode aaa
[r7-ui-vty0-4]q
[r7]aaa
[r7-aaa]local user
[r7-aaa]local
[r7-aaa]local-user admin pa
[r7-aaa]local-user admin password admin
^
Error: Wrong parameter found at '^' position.
[r7-aaa]local-user admin password ci
[r7-aaa]local-user admin password cipher admin
[r7-aaa]local
[r7-aaa]local-user admin pri
[r7-aaa]local-user admin privilege l
[r7-aaa]local-user admin privilege level 15
[r7-aaa]lo
[r7-aaa]local-user admin sy
[r7-aaa]local-user admin ser
[r7-aaa]local-user admin service-type t
[r7-aaa]local-user admin service-type telnet
测试:
R2 0/0/0 接口制作端口映射(使得访问到R7):
[r2-GigabitEthernet0/0/0]nat server protocol tcp global interface loopback 0 23
inside 7.7.7.7 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
控制流量走R1路由流量只走R2接口:
测试:
控制R7返回的数据只走R4 0/0/1 接口:
测试:
R1 telnet R2:
<r6>telnet 2.2.2.2
Press CTRL_] to quit telnet mode
Trying 2.2.2.2 ...
Connected to 2.2.2.2 ...
Login authentication
Username:admin
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 67.0.0.1
Time : 2022-10-30 18:06:33-08:00
-----------------------------------------------------------------------------
<r7>
<r7>
<r7>
<r7>