拓扑如下:
R1配置如下: router rip
version 2
passive-interface Ethernet1/0
network 10.0.0.0
network 192.168.12.0
no auto-summary
R3查看结果 sh ip route 10.1.1.0 :
R3(config-router)#do sh ip rou 10.1.1.0
Routing entry for 10.1.1.0/24
Known via "rip", distance 120, metric 2
Redistributing via rip
Last update from 10.1.23.2 on Serial0/1, 00:00:22 ago
Routing Descriptor Blocks:
* 10.1.23.2, from 10.1.23.2, 00:00:22 ago, via Serial0/1
Route metric is 2, traffic share count is 1
R1查看结果sh ip route:
R1(config-router)#do sh ip rou
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Ethernet1/0
R 10.2.2.0 [120/1] via 192.168.12.2, 00:00:26, Serial0/0
C 10.1.1.0 is directly connected, Loopback0
R 10.1.23.0 [120/1] via 192.168.12.2, 00:00:26, Serial0/0
[120/1] via 10.1.13.3, 00:00:13, Ethernet1/0
由于配置被动接口,R1不能从E1/0发送任何路由的信息,只能接收路由信息
router rip
version 2
passive-interface Ethernet1/0
network 10.0.0.0
network 192.168.12.0
neighbor 10.1.13.3 手工指定邻居
no auto-summary
R3查看结果 sh ip route 10.1.1.0 :
Routing entry for 10.1.1.0/24
Known via "rip", distance 120, metric 1
Redistributing via rip
Last update from 10.1.13.1 on Ethernet1/0, 00:00:15 ago 说明通过被动接口E1/0发送路由条目
Routing Descriptor Blocks:
* 10.1.13.1, from 10.1.13.1, 00:00:15 ago, via Ethernet1/0
Route metric is 1, traffic share count is 1
3、RIP的验证--明文、MD5、key idR1上配置并启用明文验证,R3未配置
配置密钥串:
key chain R1
key 1
key-string cisco
key 2
key-string ccie
应用到接口下:
interface Ethernet1/0
ip address 10.1.13.1 255.255.255.0
ip rip authentication mode MD5/Text
ip rip authentication key-chain R1
half-duplex
查看R3上的路由条目10.1.1.0观察变化:
R 10.1.1.0 [120/1] via 10.1.13.1, 00:02:54(hold down timer), Ethernet1/0
失效计时器到期
R 10.1.1.0/24 is possibly down
R3配置并启用明文验证
key chain R3
key 1
key-string ccie
key 2
key-string cisco
应用到接口命令同R1,sh ip route可以看到
R 10.1.1.0 [120/1] via 10.1.13.1, 00:00:10, Ethernet1/0
由上实验结果发现明文认证R1和R3的key1并不一致,MD5验证过程不赘述,总结验证原则如下:
① 明文认证的匹配原则是:
A. 发送方发送最小Key ID的密钥
B. 不携带Key ID号码
C. 接收方会和所有Key Chain 中的密钥匹配,如果匹配成功,则通过认证。
② MD5 认证的匹配原则是:
A. 发送方发送最小Key ID的密钥
B. 携带Key ID号码
C. 接收方首先会查找是否有相同的Key ID,如果有,只匹配一次,决定认证是否
成功。如果没有该Key ID,只向下查找下一条,匹配,认证成功;不匹配,认证失败
将R3的lo0-3宣告进RIP,但是不使用network命令,配置如下:
router rip
version 2
redistribute connected route-map CON
network 10.0.0.0
no auto-summary
!
route-map CON permit 10
match interface Loopback0 Loopback1 Loopback2 Loopback3
在R3上做手工汇总:
interface Serial0/1
ip summary-address rip 172.16.0.0 255.255.252.0
观察路由表:
R 172.16.0.0/24 is possibly down,
routing via 10.1.23.3, Serial0/1
R 172.16.0.0/22 [120/1] via 10.1.23.3, 00:00:05, Serial0/1
R 172.16.1.0/24 is possibly down,
routing via 10.1.23.3, Serial0/1
R 172.16.2.0/24 is possibly down,
routing via 10.1.23.3, Serial0/1
R 172.16.3.0/24 is possibly down,
routing via 10.1.23.3, Serial0/1
R2(config-router)#do sh ip int se 0/1
Serial0/1 is up, line protocol is up
Internet address is 10.1.23.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled(帧中继物理接口默认关闭, Ethernet、Serial、FR子接口(p2p/mp)默认开启)
ICMP redirects are always sent
启用水平分割:
interface Serial0/1
ip address 10.1.23.2 255.255.255.0
encapsulation frame-relay
ip split-horizon
R3收到的路由10.1.1.0/24只从R1走,希望也从R2走,并负载均衡,可通过偏移列表实现
router rip
version 2
redistribute connected route-map CON
offset-list 1 in 1 Ethernet1/0
network 10.0.0.0
no auto-summary
access-list 1 permit 10.1.1.0 0.0.0.255
验证路由表,:
R 10.1.1.0 [120/2] via 10.1.23.2, 00:00:12, Serial0/1
[120/2] via 10.1.13.1, 00:00:15, Ethernet1/0
R1上只希望看到172.16.X.0(X为偶数)路由,配置如下:
router rip
version 2
passive-interface Ethernet1/0
network 10.0.0.0
network 192.168.12.0
neighbor 10.1.13.3
distribute-list 10 in Ethernet1/0
no auto-summary
access-list 10 deny 172.16.1.0 0.0.2.0 --将奇数条目deny掉
access-list 10 permit any
验证,查看路由表:
C 192.168.12.0/24 is directly connected, Serial0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
R 172.16.0.0/24 [120/1] via 10.1.13.3, 00:00:17, Ethernet1/0
R 172.16.0.0/22 [120/2] via 192.168.12.2, 00:00:03, Serial0/0
R 172.16.2.0/24 [120/1] via 10.1.13.3, 00:00:17, Ethernet1/0
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Ethernet1/0
R 10.2.2.0 [120/1] via 192.168.12.2, 00:00:05, Serial0/0
C 10.1.1.0 is directly connected, Loopback0
R 10.1.23.0 [120/1] via 192.168.12.2, 00:00:07, Serial0/0
[120/1] via 10.1.13.3, 00:00:18, Ethernet1/0
R1、R2之间做触发更新,在R1、R2的S0/0口配置: ip rip triggered
注:触发更新只能配置在点到点类型的广域网接口,否则报错:
RIP: Serial0/1 is not a point-to-point interface.
show ip protocol 发现:
Sending updates every 30 seconds, next due in 21 seconds
Invalid after 180 seconds, hold down 0, flushed after 240
更改计时器:
R1(config-router)#router rip
R1(config-router)#timers basic 30 180 0 240
所以启用触发更新会自动生成Timers basic 30 180 0 240
以上为RIP实验分析RIP某些特性,未涉及详细报文,有兴趣可以debug分析