RIP 配置

原创

grrxrslt 2010-04-01 14:09:25 ©著作权

©著作权归作者所有：来自51CTO博客作者grrxrslt的原创作品，请联系作者获取转载授权，否则将追究法律责任

今天我们来总结一下RIP的相关配置，用到的拓扑如下：

接口配置如下：

环回掩码都是29，串口掩码都是24

R1#show ip interface brief
Interface                  IP-Address    OK? Method Status           Protocol
Serial1/1                  12.1.1.1        YES manual up                    up
Loopback0              1.1.1.1          YES manual up                    up
Loopback1              1.1.1.9          YES manual up                    up
Loopback2              1.1.1.17        YES manual up                    up

R2#show ip interface brief
Interface                  IP-Address   OK? Method Status          Protocol
Serial1/0                 12.1.1.2        YES manual up                    up
Serial1/1                 23.1.1.1        YES manual up                    up
Loopback0              2.2.2.1         YES manual up                    up

R3#show ip interface brief
Interface                  IP-Address    OK? Method Status          Protocol
Serial1/0                  23.1.1.2        YES manual up                    up
Loopback0               3.3.3.1         YES manual up                    up
Loopback1               3.3.3.9         YES manual up                    up

基本配置

RIP的启用应在配置模式下用 R1(config)#router rip ，接着用 network 宣告网段即可。RIP默认是发送版本1的更新包，接收任何版本的更新包，利用show ip protocols 可以看到，相关输入如下：

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 1, receive any version
    Interface             Send Recv Triggered RIP Key-chain
    Serial1/1                 1     1 2
    Loopback0             1     1 2
    Loopback1             1     1 2
    Loopback2             1     1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
    1.0.0.0
    12.0.0.0
Routing Information Sources:
    Gateway         Distance      Last Update
    12.1.1.2             120           00:00:27
Distance: (default is 120)

其中 Default version control: send version 1, receive any version 标明了这一点，默认RIP和版本1的RIP是有区别的，版本1的RIP只接受和发送版本1的更新包，默认接受任何版本。我们可以通过 ip rip receive version 和ip rip send version 这两条命令来更改RIP收发信息的方式。

默认RIP和RIPv1都不能手动汇总，都不支持可变长子网掩码（VLSM），也就是说RIP会自动经路由条目进行主类汇总，但是这样往往很容易出差。接下来我们来做个实验证明一下。

在上面的环境中，各个接口通信都正常，他们的路由表分别如下：

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/29 is subnetted, 3 subnets
C       1.1.1.0 is directly connected, Loopback0
C       1.1.1.8 is directly connected, Loopback1
C       1.1.1.16 is directly connected, Loopback2
R    2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:15, Serial1/1
R    3.0.0.0/8 [120/2] via 12.1.1.2, 00:00:15, Serial1/1
R    23.0.0.0/8 [120/1] via 12.1.1.2, 00:00:15, Serial1/1
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/1

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    1.0.0.0/8 [120/1] via 12.1.1.1, 00:00:25, Serial1/0
     2.0.0.0/29 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
R    3.0.0.0/8 [120/1] via 23.1.1.2, 00:00:09, Serial1/1
     23.0.0.0/24 is subnetted, 1 subnets
C       23.1.1.0 is directly connected, Serial1/1
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    1.0.0.0/8 [120/2] via 23.1.1.1, 00:00:07, Serial1/0
R    2.0.0.0/8 [120/1] via 23.1.1.1, 00:00:07, Serial1/0
     3.0.0.0/29 is subnetted, 2 subnets
C       3.3.3.0 is directly connected, Loopback0
C       3.3.3.8 is directly connected, Loopback1
     23.0.0.0/24 is subnetted, 1 subnets
C       23.1.1.0 is directly connected, Serial1/0
R    12.0.0.0/8 [120/1] via 23.1.1.1, 00:00:07, Serial1/0

RIPv1错误路由

从上面可以看到，特意规划的网络中，路由会被很好的汇总，但是如果我们在R3的lo0和lo1口分别分配给1.1.1.24/29 和1.1.1.32/29的IP会怎么样呢？我们来更换一下R3的IP 。更换后R3的接口如下：

R3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/0                      23.1.1.2        YES manual up                    up
Loopback0                  1.1.1.25        YES manual up                    up
Loopback1                  1.1.1.33        YES manual up                    up

现在我们把1.0.0.0这个网段宣告出去，更新一下R2的路由表，我们来看看什么情况。

R2#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    1.0.0.0/8 [120/1] via 23.1.1.2, 00:00:11, Serial1/1
                      [120/1] via 12.1.1.1, 00:00:11, Serial1/0
     2.0.0.0/29 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     23.0.0.0/24 is subnetted, 1 subnets
C       23.1.1.0 is directly connected, Serial1/1
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0

对比上面R2的路由表我们会发现，R2把R1和R3的1.0网段汇总到了一起，虽然R1和R3的1.0都不在一个子网，但是由于RIPv1不支持变长子网掩码的原因，所以R2还是把他们汇总了。

我们ping一下R1的环回口：

R2#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/64/72 ms

发现是可以通的，为什么呢？可千万别被假象蒙蔽，思科的设备在基于目标的情况下转发数据的时候会查看它的CEF表，CEF功能默认是开启的。而且这个功能很有意思，只要原地址相同，它就会把数据从相同的接口转发出去，这也就是为什么ping R1会全通的原因。

CEF功能可以在配置模式下用no ip cef关掉CEF功能，另一种可行的方法是把接口改成基于包的转发规则，命令是在接口下：ip load-sharing per-packet

看看关掉CEF功能后的情况：

R2#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!U!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 28/46/64 ms

R2#ping 1.1.1.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.33, timeout is 2 seconds:
!U!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 40/57/72 ms

现在就是正常情况了，这也就是RIPv1不支持变长子网掩码对网络规划的影响。

RIP计时器

在上面的show ip protocols 中，我们可以看到几个计时器，其中主要的有Update Timer、Invalid Timer、Holddown Timer和Flush Timer这三个。Update Timer是RIP发送更新包的时间默认30秒，Invalid Timer是一条路由的存活时间，默认是180秒，Holddown Timer规定一条更优路由的替换原来路由的时间，默认180秒，Flush Timer是路由条目被移出路由表的时间默认240-300秒，一般240秒后路由条目被标记为不可达。

修改这些时间的命令格式如下：

timers basic update invalid holddown flush

我们敲入 R1(config-router)#timers basic 15 90 90 150 命令后，再来看看协议信息

R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 15 seconds, next due in 8 seconds
Invalid after 90 seconds, hold down 90, flushed after 150
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 1, receive any version
    Interface             Send Recv Triggered RIP Key-chain
    Serial1/1                 1     1 2
    Loopback0             1     1 2
    Loopback1             1     1 2
    Loopback2             1     1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
    1.0.0.0
    12.0.0.0
Routing Information Sources:
    Gateway         Distance      Last Update
    12.1.1.2             120      00:00:17
Distance: (default is 120)

与上面进行对比，可以看到相关计时器已经更改了。

RIP优化

通过修改计时器我们可以增快RIP的收敛速度，但是频繁给不需要转发RIP信息的接口发送Update包会浪费路由资源，这时候我们可以通过设置被动接口，让某个接口不去发出RIP的更新信息。我们先来看看没有设置被动接口使，R1发送RIP信息的情，况命令是：debug ip rip 。下面是一个周期的RIP信息：

*Apr 1 16:58:49.459: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 16:58:49.459: RIP: build update entries
*Apr 1 16:58:49.459:   network 1.0.0.0 metric 1
*Apr 1 16:58:57.599: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
*Apr 1 16:58:57.599: RIP: build update entries
*Apr 1 16:58:57.603:   subnet 1.1.1.8 metric 1
*Apr 1 16:58:57.603:   subnet 1.1.1.16 metric 1
*Apr 1 16:58:57.603:   network 2.0.0.0 metric 2
*Apr 1 16:58:57.607:   network 12.0.0.0 metric 1
*Apr 1 16:58:57.607:   network 23.0.0.0 metric 2
*Apr 1 16:59:01.019: RIP: sending v1 update to 255.255.255.255 via Loopback1 (1.1.1.9)
*Apr 1 16:59:01.019: RIP: build update entries
*Apr 1 16:59:01.023:   subnet 1.1.1.0 metric 1
*Apr 1 16:59:01.023:   subnet 1.1.1.16 metric 1
*Apr 1 16:59:01.023:   network 2.0.0.0 metric 2
*Apr 1 16:59:01.027:   network 12.0.0.0 metric 1
*Apr 1 16:59:01.027:   network 23.0.0.0 metric 2
*Apr 1 16:59:02.191: RIP: sending v1 update to 255.255.255.255 via Loopback2 (1.1.1.17)
*Apr 1 16:59:02.191: RIP: build update entries
*Apr 1 16:59:02.195:   subnet 1.1.1.0 metric 1
*Apr 1 16:59:02.195:   subnet 1.1.1.8 metric 1
*Apr 1 16:59:02.195:   network 2.0.0.0 metric 2
*Apr 1 16:59:02.199:   network 12.0.0.0 metric 1
*Apr 1 16:59:02.199:   network 23.0.0.0 metric 2
*Apr 1 16:59:03.483: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 16:59:03.483: RIP: build update entries
*Apr 1 16:59:03.483:   network 1.0.0.0 metric 1

可以看到RIP向所有启用接口发送更新信息，我们现在将所有的环回口设置为被动接口再来看看，配置如下：

router rip
timers basic 15 90 90 150
passive-interface Loopback0
passive-interface Loopback1
passive-interface Loopback2
network 1.0.0.0
network 12.0.0.0

我们现在再来看看RIP的调试信息：

*Apr 1 17:04:53.931: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 17:04:53.931: RIP: build update entries
*Apr 1 17:04:53.935:   network 1.0.0.0 metric 1
*Apr 1 17:05:08.371: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 17:05:08.371: RIP: build update entries
*Apr 1 17:05:08.371:   network 1.0.0.0 metric 1
*Apr 1 17:05:12.471: RIP: received v1 update from 12.1.1.2 on Serial1/1
*Apr 1 17:05:12.475:      2.0.0.0 in 1 hops
*Apr 1 17:05:12.475:      23.0.0.0 in 1 hops
*Apr 1 17:05:21.975: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 17:05:21.975: RIP: build update entries
*Apr 1 17:05:21.979:   network 1.0.0.0 metric 1
*Apr 1 17:05:35.655: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Apr 1 17:05:35.655: RIP: build update entries
*Apr 1 17:05:35.659:   network 1.0.0.0 metric 1

可以看到已经不向所有环回口发送信息了。

RIP还有一个小缺点就是广播更新，这样也是很浪费带宽的，我们可以采用指邻居的方式将RIP改成以单播更新的方式，命令是：neighbor 我们将R1修改为单播更新，同时用passive-interface 将该端口设置为被动接口，这样就不会再发广播更新了。配置完成后我们再看看RIP的调试信息。R1配置如下：

router rip
timers basic 15 90 90 150
passive-interface Serial1/1
passive-interface Loopback0
passive-interface Loopback1
passive-interface Loopback2
network 1.0.0.0
network 12.0.0.0
neighbor 12.1.1.2

调试信息如下：

*Apr 1 17:25:43.139: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 17:25:43.139: RIP: build update entries
*Apr 1 17:25:43.143:   network 1.0.0.0 metric 1
*Apr 1 17:25:57.915: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 17:25:57.915: RIP: build update entries
*Apr 1 17:25:57.919:   network 1.0.0.0 metric 1
*Apr 1 17:26:01.943: RIP: received v1 update from 12.1.1.2 on Serial1/1
*Apr 1 17:26:01.943:      2.0.0.0 in 1 hops
*Apr 1 17:26:01.943:      23.0.0.0 in 1 hops
*Apr 1 17:26:01.943: RIP: received v1 update from 12.1.1.2 on Serial1/1
*Apr 1 17:26:01.943:      2.0.0.0 in 1 hops
*Apr 1 17:26:01.943:      23.0.0.0 in 1 hops
*Apr 1 17:26:12.887: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 17:26:12.887: RIP: build update entries
*Apr 1 17:26:12.891:   network 1.0.0.0 metric 1
*Apr 1 17:26:27.091: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 17:26:27.091: RIP: build update entries
*Apr 1 17:26:27.091:   network 1.0.0.0 metric 1

我们可以看到R1已经使用单播形式放送更新了。

RIP还有以一种更新方式，叫做触发更新，就是有变化才发更新，没有变化不发更新。我们把R1和R2之间链路做成触发更新，命令是：ip rip triggered 并把R1和R2的环回做成不发更新，然后把R2的S1/1口先shutdown掉，并把R3的接口还原到3.0网段的情况配置如下：

R1：

router rip
timers basic 15 90 0 150
passive-interface Loopback0
passive-interface Loopback1
passive-interface Loopback2
network 1.0.0.0
network 12.0.0.0

R2：

router rip
timers basic 30 180 0 240
passive-interface Loopback0
network 2.0.0.0
network 12.0.0.0
network 23.0.0.0

下面是没有启动触发的调试信息：

*Apr 1 18:31:56.090: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 18:31:56.090: RIP: build update entries
*Apr 1 18:31:56.090:   network 1.0.0.0 metric 1
*Apr 1 18:31:56.114: RIP: received v1 request from 12.1.1.2 on Serial1/1
*Apr 1 18:31:56.114: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 18:31:56.114: RIP: build update entries
*Apr 1 18:31:56.118:   network 1.0.0.0 metric 1
*Apr 1 18:31:56.118: RIP: received v1 request from 12.1.1.2 on Serial1/1
*Apr 1 18:31:56.122: RIP: sending v1 update to 12.1.1.2 via Serial1/1 (12.1.1.1)
*Apr 1 18:31:56.122: RIP: build update entries
*Apr 1 18:31:56.126:   network 1.0.0.0 metric 1
*Apr 1 18:31:58.078: RIP: received v1 update from 12.1.1.2 on Serial1/1
*Apr 1 18:31:58.078:      2.0.0.0 in 1 hops

看到有收有发，我们开启触发看看，配置如下：

interface Serial1/1
ip address 12.1.1.1 255.255.255.0
ip rip triggered

interface Serial1/0
ip address 12.1.1.2 255.255.255.0
ip rip triggered

Debug一下看看：

*Apr 1 18:36:40.062: RIP: sending triggered request on Serial1/1 to 255.255.255.255
*Apr 1 18:36:40.066: RIP: sending triggered request on Serial1/1 to 255.255.255.255
*Apr 1 18:36:40.098: RIP: received v1 triggered update from 12.1.1.2 on Serial1/1
*Apr 1 18:36:40.098: RIP: sending v1 ack to 12.1.1.2 via Serial1/1 (12.1.1.1),
     flush, seq# 18
*Apr 1 18:36:40.102: RIP: send v1 triggered flush update to 12.1.1.2 on Serial1/1 with no route
*Apr 1 18:36:40.102: RIP: start retransmit timer of 12.1.1.2
*Apr 1 18:36:40.106:      2.0.0.0 in 1 hops
*Apr 1 18:36:40.110: RIP: received v1 triggered update from 12.1.1.2 on Serial1/1
*Apr 1 18:36:40.110: RIP: sending v1 ack to 12.1.1.2 via Serial1/1 (12.1.1.1),
     flush, seq# 19
*Apr 1 18:36:40.114:      2.0.0.0 in 1 hops
*Apr 1 18:36:40.174: RIP: received v1 triggered ack from 12.1.1.2 on Serial1/1
     flush seq# 15
*Apr 1 18:36:40.178: RIP: send v1 triggered update to 12.1.1.2 on Serial1/1
*Apr 1 18:36:40.178: RIP: build update entries
*Apr 1 18:36:40.178:   route 207: network 1.0.0.0 metric 1
*Apr 1 18:36:40.182: RIP: Update contains 1 routes, start 207, end 222
*Apr 1 18:36:40.182: RIP: start retransmit timer of 12.1.1.2
*Apr 1 18:36:40.206: RIP: received v1 triggered ack from 12.1.1.2 on Serial1/1
     seq# 16

可以看到R1和R2之间有一个协商触发的过程，协商完毕后就不再收发信息。我们现在打开R2的S1/1口看看调试信息：

*Apr 1 18:38:42.878: RIP: received v1 triggered update from 12.1.1.2 on Serial1/1
*Apr 1 18:38:42.882: RIP: sending v1 ack to 12.1.1.2 via Serial1/1 (12.1.1.1),
seq# 20
*Apr 1 18:38:42.882: 23.0.0.0 in 1 hops
*Apr 1 18:38:44.886: RIP: send v1 triggered update to 12.1.1.2 on Serial1/1
*Apr 1 18:38:44.886: RIP: build update entries

收到新增路由后又安静下来，等待触发。触发更新的整个过程就是上面的调试信息了。

RIPv2手动汇总

RIPv2的启用方法是直接在路由配置下用version 2。RIPv2支持手动汇总，且支持认证。我们先来看看RIPv2的手动汇总，首先要关掉RIP的自动汇总，用命令no auto-summary，然后在出口用ip summary-address rip进行汇总，下面我们来把R1的lo0和lo1汇总成28的地址，然后看看R2路由表的情况。配置如下：

R1：

interface Serial1/1
ip address 12.1.1.1 255.255.255.0
ip summary-address rip 1.1.1.0 255.255.255.240

router rip
version 2
passive-interface Loopback0
passive-interface Loopback1
passive-interface Loopback2
network 1.0.0.0
network 12.0.0.0
no auto-summary

R2：

router rip
version 2
passive-interface Loopback0
network 2.0.0.0
network 12.0.0.0
network 23.0.0.0
no auto-summary

没有汇总前R2的路由表：

Gateway of last resort is not set

R    1.0.0.0/8 [120/1] via 12.1.1.1, 00:00:00, Serial1/0
     2.0.0.0/29 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0

汇总后R2的路由表：

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R       1.1.1.0/28 [120/1] via 12.1.1.1, 00:00:01, Serial1/0
R       1.1.1.16/29 [120/1] via 12.1.1.1, 00:00:01, Serial1/0
     2.0.0.0/29 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0

从上面可以看到RIPv2支持手动汇总，而且支持不连续子网掩码，这对网络的规划相当有益。

RIPv2认证

RIPv2支持认证，下面我们来看看RIPv2的一些认证配置命令。首先我们需要在配置模式下用key chain定义一个“钥匙链”，然后在config-keychain模式下用key定义一个“钥匙”，接着在config-keychain-key模式下用key-string定义“钥匙口令”。最后在接口下用ip rip authentication key-chain调用自己的“钥匙链”，我们还可以利用ip rip authentication mode来决定使用那种认证方式。下面我们来做个简单的R1和R2之间的MD5认证，配置如下：

R1：

key chain ccie
key 1
key-string cisco

interface Serial1/1
ip address 12.1.1.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ccie
ip summary-address rip 1.1.1.0 255.255.255.240
serial restart-delay 0

当我们配置好R1后，查看debug信息会发现已经提示认证失败了如下：

*Apr 2 13:45:11.743: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)

我们接着配置R2：

R2：

key chain ccnp
key 1
key-string cisco

interface Serial1/0
ip address 12.1.1.2 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ccnp
serial restart-delay 0

此时我们查看debug信息会发新，MD5认证通过了，如下：

*Apr 2 13:49:23.427: RIP: received packet with MD5 authentication
*Apr 2 13:49:23.431: RIP: received v2 update from 12.1.1.2 on Serial1/1
*Apr 2 13:49:23.431: 2.2.2.0/29 via 0.0.0.0 in 1 hops

同过上面我们还会发现，及时我们给R1和R2配置了不同的“钥匙链”名，但是只要 key-string 一样，认证还是会通过的。下面我们来看看key chain的拓展命令，accept-lifetime和send-lifetime。其中send-lifetime是对发送钥匙的时间做限制，accept-lifetime是对接受钥匙的时间做限制。不管是接收还是发送，都有三种模式：一种是利用duration设置持续时间，另一种是直接跟到期时间，最后一种是用infinite设置为永久使用。我们可以设置多个钥匙，然后利用上面的扩展命令，做到口令的不定时更新。

下面我们来设计一个实验，设置三个不同的口令，第一个口令持续两小时，第二个口令两天后过期，第三个口令用到永远。配置如下：

R1：

key chain ccie
key 1
key-string cisco
accept-lifetime 14:10:00 Apr 2 2010 duration 7200
send-lifetime 14:10:00 Apr 2 2010 duration 7200
key 2
key-string cisco1
accept-lifetime 16:10:00 Apr 2 2010 16:10:00 Apr 4 2010
send-lifetime 16:10:00 Apr 2 2010 16:10:00 Apr 4 2010
key 3
key-string cisco2
accept-lifetime 16:10:00 Apr 4 2010 infinite
send-lifetime 16:10:00 Apr 4 2010 infinite

R2：

key chain ccnp
key 1
key-string cisco
accept-lifetime 14:10:00 Apr 2 2010 duration 7200
send-lifetime 14:10:00 Apr 2 2010 duration 7200
key 2
key-string cisco1
accept-lifetime 16:10:00 Apr 2 2010 16:10:00 Apr 4 2010
send-lifetime 16:10:00 Apr 2 2010 16:10:00 Apr 4 2010
key 3
key-string cisco2
accept-lifetime 16:10:00 Apr 4 2010 infinite
send-lifetime 16:10:00 Apr 4 2010 infinite

上面的命令规定，从2010年4月2日14:10:00 开始使用cisco这个口令，两个小时后，也就是16:10:00 开始使用cisco1这个口令，直到2010年4月4日16:10:00 后一直使用cisco2这个口令。以上就是RIP动态更换口令的例子了。

好了，RIP的简单配置就说到这吧。