思科路由部分11个实验项目全教程
www.net130.com     日期:2008-7-22    浏览次数:
出处:51cto
 实验5 全区域中通过桢中继实现RIPv2路由协议 + 密钥验证

    为什么非要加入密钥验证部分,因为现实中它基本上是必须的

    [P1&P2&BBR]通用部分

   

 router rip
ver 2
net x.x.x.x
key chain cisco
key 1
key-string mypass
int x/x.x
ip rip auth key cisco
ip rip auth mod md5
[P1R1]
int s1/0
ip add 10.0.0.2 255.0.0.0
no shut
ip rip auth key cisco
ip rip auth mod md5
encpa fr
fr map ip 10.0.0.1 103 br

    [P1R2|P2R1|P2R2]配置都是这样,不再阐述

   

 [BBR1]
int s1/0
no ip add
no shut
int s1/0.1 mu
ip add 10.0.0.1
fr map ip 10.0.0.2 301 br
fr map ip 10.0.0.3 302 br
ip rip auth key cisco
ip rip auth mod md5
[BBR2]
int s1/0
no ip add
no shut
int s1/0.1 mu
ip add 11.0.0.1
fr map ip 11.0.0.2 604 br
fr map ip 11.0.0.3 605 br
ip rip auth key cisco
ip rip auth mod md5

    验证结果:

  

 [Copy to clipboard]
CODE:
sh ip route
R 200.200.200.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 100.0.0.0/8 [120/1] via 11.0.0.2, 00:00:01, Serial1/0.1
R 172.17.0.0/16 [120/3] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.16.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.19.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.18.0.0/16 [120/2] via 11.0.0.3, 00:00:00, Serial1/0.1
C 219.146.241.0/24 is directly connected, FastEthernet0/0
R 192.168.4.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 10.0.0.0/8 [120/1] via 219.146.241.2, 00:00:02, FastEthernet0/0
C 11.0.0.0/8 is directly connected, Serial1/0.1
R 192.168.1.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 192.168.2.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 192.168.3.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0
BBR上面sh fr map
[Copy to clipboard]
CODE:
BBR2#sh fr map
key chain cisco
key 1
key-string mypass
int x/x.x
ip rip auth key cisco
ip rip auth mod md5
[P1R1]
int s1/0
ip add 10.0.0.2 255.0.0.0
no shut
ip rip auth key cisco
ip rip auth mod md5
encpa fr
fr map ip 10.0.0.1 103 br

    [P1R2|P2R1|P2R2]配置都是这样,不再阐述

   

 [BBR1]
int s1/0
no ip add
no shut
Serial1/0.1 (up): ip 11.0.0.2 dlci 604(0x25C,0x94C0), static,
broadcast,
CISCO, status defined, active
Serial1/0.1 (up): ip 11.0.0.3 dlci 605(0x25D,0x94D0), static,
broadcast,
CISCO, status defined, active

    注意:

    1.定义密钥,不需要在每台router上全部设定,这样是没有意义的重复劳动,在此网络结构中,只需要在P1,P2还有BBR区域的边界路由器上的边界端口设定key验证,现实当中也一样,不管跑什么协议,除非是不支持此功能的,否则为了安全起见,至少边界路由器要设定验证

    2.此结构中的BBR区域桢中继采用点到多点接口,所以,密钥的实现一定要在子接口里面实现,如果在物理接口上去敲命令,那么你debug肯定会告诉你invaild auth

    知识点:
    桢中继交换机配置

    定义交换机frame switch
    进入端口
    no ip no shut
    封装frame
    定义frame intf-type dce
    定义lmi
    定义clockrate
    定义frame route 100 interface s1/1 200

    典型配置

   

 
interface Serial1/0
no ip address
encapsulation frame-relay
no fair-queue
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 100 interface Serial1/1 200
frame-relay route 600 interface Serial1/2 500
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 200 interface Serial1/0 100
frame-relay route 300 interface Serial1/2 400
!
interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 400 interface Serial1/1 300
frame-relay route 500 interface Serial1/0 600

本新闻共12页,当前在第6页  1  2  3  4  5  6  7  8  9  10  11  12  

相关新闻