1.configure ripv2 on all routers and advertise their directly connected interfaces.ensure that these routers have full nlri to all the loopback interface advertised into rip. ensure that all routers can ping all loopbacks.configure rip not to advertise on any interface by default(配置ripv2在所有路由器上面,通告这些直连的接口,所有loopback接口都可达,)
(注:路由表不能出现任何/32的主机路由)
(1)当r2连接switch链路或者r3连接switch链路出现断开时,保证r2的lo0还能ping通r3的lo0
(2)为了加快收敛时间,所有运行ripv2的路由器计时器:update time=20s,invalid time=40,hold down time=60s,flush time=100s,配置完成保证各个lo0之间都可达。
r1:
router rip(rip只能主类网络通告)
ver 2
no auto-summary
network 172.16.0.0
net work 1.0.0.0
net 123.0.0.0
r2:
router rip
ver 2
no auto
net 123.0.0.0
net 2.0.0.0
net 10.0.0.0
r3:
router rip
ver 2
no auto
net 10.0.0.0
net 123.0.0.0
net 3.0.0.0
r4:
router rip
ver 2
no auto
net 10.0.0.0
net 4.0.0.0
net 45.0.0.0
r5:
router rip
ver 2
no auto
net 45.0.0.0
net 5.0.0.0
r1:
int s1/0.123
no ip split-horizon(关闭水平分割,当r2,或r3的f0/0接口down的时候,造成r2或r3路由表不全,因为水平分割问题,r1从s1/0.123收到的路由不会再从这个接口发出去)
router rip
timers basic 20 40 60 100(更改rip的计时器)
r2:
router rip
timers basic 20 40 60 100
r3:
router rip
timers basic 20 40 60 100
r4:
router rip
timers basic 20 40 60 100
r5:
router rip
timers basic 20 40 60 100
2、为了优化网络,不能往r1的所有loopback接口发送rip updates;且在r2,r3,r4,r5只看到有关r1左边的4个(loo1,loo2,loo3,loo4)子网的一条汇总路由。
r1:
int s1/0.123
ip summary-address rip 172.16.4.0 255.255.252.0
3、安全问题
(1)r1-r2-r3之间,do not use multicast to propagate your rip routes,(不能使用组播通告路由,默认是组播)且r1,r2和r3之间做明文认证(key chain ccnp,key 1,key-string CCNP)
(2)configure r2(f0/0) and r3(f0/0) and r4(f0/0) to communicate via broadcast updates,且r2,r3和r4之间的接口做md5认证(key chain ccie,key 2,key-string CCIE)
r1:
router rip
ver 2
neighbor 123.1.1.2
neighbor 123.1.1.3
r2:
router rip
ver 2
neighbor 123.1.1.1
r3:
router rip
ver 2
neighbor 123.1.1.1
r1:
key chain ccnp(钥匙串名字)
key 1 (第几把钥匙)
key-string CCNP(定义密码)
int s1/0.123
ip rip authentication key-chain ccnp (调用钥匙串)
ip rip authentication mode text(启用明文认证)
r2:
key chain ccnp(钥匙串名字)
key 1 (第几把钥匙)
key-string CCNP(定义密码)
int s1/1.123
ip rip authentication key-chain ccnp (调用钥匙串)
ip rip authentication mode text(启用明文认证)
r3:
key chain ccnp(钥匙串名字)
key 1 (第几把钥匙)
key-string CCNP(定义密码)
int s1/2.123
ip rip authentication key-chain ccnp (调用钥匙串)
ip rip authentication mode text(启用明文认证)
r2:
key chain ccie
key 2
key-string CCIE
int f0/0
ip rip authentication key-chain ccie
ip rip authentication mode md5
r3:
key chain ccie
key 2
key-string CCIE
int f0/0
ip rip authentication key-chain ccie
ip rip authentication mode md5
r4:
key chain ccie
key 2
key-string CCIE
int f0/0
ip rip authentication key-chain ccie
ip rip authentication mode md5
4、在r4连接r5的r4串行接口能receive and process ripv1 packets,而不做周期性更新
5、在r2上,用最少的命令行,增加八个interface ip address.地址为100.1.0.1/24...100.1.7.1/24,这八个地址在r2的rip数据库中是作为外部路由出现的。
6、使用偏移列表完成下面需求:r3上100.1.0.0/24这条路由的hop为1,其他偶数路由的hop为5,奇数路由的hop为5,大家想想用offset-list能做奇数路由为5,偶数路由为7么? r4:
int s1/3
ip rip receive version 1 2(接收1和2的版本)
ip rip triggered(关闭周期更新为触发更新,触发更新只能在串口使用)
r5:
int s1/3
ip rip receive version 1 2
ip rip triggered
标签:CCIE,r2,r3,ip,rip,RIP,key,0.0,路由 From: https://www.cnblogs.com/smoke520/p/18361972