RIP实验学习笔记

RIP实验学习笔记 2009.6.5—6.10

一．实验目的 A.理解RIP的原理和操作； B.清楚RIP注意问题； C.熟悉RIP配置命令； D.使用show和debug命令查看拓扑变化时收敛过程； E.抓包分析RIP报文；

二．拓扑和要求

S1、R1、R2之间RIP采用MD5认证； R1、R4之间RIP采用明文认证； S2运行OSPF,R2从S2重发布，并在LAN上通告这些路由，用于演示RIP的下一条特性； R5的帧中继配置在物理接口上，一边查看no ip split-horizon默认行为的效果； 三．实验过程 3.1 连通性配置 遇到的问题：

?1.R5路由器ping不通自己的S0/0接口地址172.31.25.1，能ping通R2的子接口s1/0.205地址172.31.25.2，从R2上却能ping通172.31.25.1；

R5>ping 172.31.25.1

Sending 5, 100-byte ICMP Echos to 172.31.25.1, timeout is 2 seconds: .....

Success rate is 0 percent (0/5) R5>ping 172.31.25.2

Sending 5, 100-byte ICMP Echos to 172.31.25.2, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/44 ms R2#ping 172.31.25.1

Sending 5, 100-byte ICMP Echos to 172.31.25.1, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/48 ms

2.子接口水平分割缺省是enable的；但物理接口的水平分割缺省是disable的（配置了IP地址的FR封装的物理接口上水平分割缺省是disable的！）；

R2#sh ip int s1/0.203

Serial1/0.203 is up, line protocol is up Internet address is 172.31.23.2/30 Broadcast address is 255.255.255.255 Proxy ARP is enabled Security level is default Split horizon is enabled R5#sh ip int s0/0

Serial0/0 is up, line protocol is up Internet address is 172.31.25.1/30 Broadcast address is 255.255.255.255 Proxy ARP is enabled Security level is default Split horizon is disabled

2.traceroute的问题，从S1上traceroute 172.31.103.3 S1#traceroute 172.31.103.3 1 172.31.11.1 28 msec 172.31.11.2 32 msec 172.31.11.1 16 msec 2 172.31.23.1 52 msec 172.31.13.2 24 msec 172.31.23.1 20 msec

3. S2的loopback接口地址在路由条目里显示为172.31.221.202/32(从OSPF重发布来的)，而S1的loopback接口地址路由条目显示为172.31.211.0/24（rip来）

3.2 基本rip配置

R1(config)#router rip R1(config-router)#?

Router configuration commands:

address-family Enter Address Family command mode

auto-summary Enable automatic network number summarization default Set a command to its defaults

default-information Control distribution of default information default-metric Set metric of redistributed routes distance Define an administrative distance distribute-list Filter networks in routing updates

exit Exit from routing protocol configuration mode flash-update-threshold Specify flash update threshold in second input-queue Specify input queue depth

maximum-paths Forward packets over multiple paths neighbor Specify a neighbor router network Enable routing on an IP network no Negate a command or set its defaults offset-list Add or subtract offset from IGRP or RIP metrics output-delay Interpacket delay for RIP updates passive-interface Suppress routing updates on an interface

redistribute Redistribute information from another routing protocol timers Adjust routing timers

traffic-share How to compute traffic share over alternate paths

validate-update-source Perform sanity checks against source address of routing updates version Set routing protocol version network命令注解

The RIP network command only allows for a classful network as a parameter, which in turn enables RIP on all of that router’s interfaces that are part of that network. Enabling RIP on an interface makes the router begin sending RIP updates, listening for RIP updates (UDP port 520), and advertising that interface’s connected subnet.Because the RIP network command has no way to simply match one interface at a time, a RIP configuration may enable these three functions on an interface ，but some or all of these functions are not required. The three RIP functions can be ndividually disabled on an interface with some effort：

RIP Function Sending RIP updates Listening for RIP updates Advertising the connected subnet How to Disable Make the interface passive: configure router rip, followed by passiveinterface type number Filter all incoming routes using a distribute list Filter outbound advertisements on other interfaces using distribute lists, filtering an interface’s connected subnet; using neighbor subcommand to advertise rip updates to that neighbor; （1）R6能ping通，R6路由表为： R6>sh ip route

172.31.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.31.16.0/24 is directly connected, Serial0/0.601

R 172.31.0.0/16 [120/1] via 10.1.26.2, 00:00:14, Serial0/0.602 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks R 10.0.0.0/8 [120/3] via 10.1.26.2, 00:00:14, Serial0/0.602 C 10.1.26.0/24 is directly connected, Serial0/0.602

问题1.Ping 172.31.25.1(R5的物理串口地址)问题

C 10.1.106.0/24 is directly connected, Loopback1 （2）R5自己ping不通25.1，能ping通172.31.25.2 （3）R4能ping通R5

（4）R3ping不通172.31.25.1，也ping不通172.31.25.2；（R3ping自己反应很慢，ping其他都ping不通，R1ping R3的103.3正常，但ping不通R3的13.2）， R3#ping 172.31.23.1

Sending 5, 100-byte ICMP Echos to 172.31.23.1, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1612/1685/1752 ms R3#ping 172.31.23.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.23.2, timeout is 2 seconds: .....

Success rate is 0 percent (0/5) R3路由表为：

172.31.0.0/16 is variably subnetted, 18 subnets, 2 masks

R 172.31.211.0/24 [120/6] via 172.31.23.2, 00:00:11, Serial0/0.302 R 172.31.223.0/24 [120/2] via 172.31.23.2, 00:00:11, Serial0/0.302 [120/2] via 172.31.13.1, 00:00:17, Serial0/0.301 R 172.31.16.0/24 [120/1] via 172.31.13.1, 00:00:17, Serial0/0.301 R 172.31.23.0/30 [120/2] via 172.31.13.1, 00:00:17, Serial0/0.301 C 172.31.23.0/24 is directly connected, Serial0/0.302

R 172.31.25.0/30 [120/1] via 172.31.23.2, 00:00:13, Serial0/0.302 R 172.31.24.0/30 [120/1] via 172.31.23.2, 00:00:13, Serial0/0.302

？问题2：从R2上PING172.31.13.1（R1接口）和172.31.13.2（R3接口）， 如何解决？？？

R2#sh ip route

R 172.31.13.0/24 [120/1] via 172.31.23.1, 00:00:17, Serial1/0.203 R 172.31.13.0/30 [120/1] via 172.31.11.1, 00:00:09, FastEthernet0/0 R2#sh ip route 172.31.13.0 Routing entry for 172.31.13.0/30

Known via \ Redistributing via rip

Last update from 172.31.11.1 on FastEthernet0/0, 00:00:27 ago Routing Descriptor Blocks:

* 172.31.11.1, from 172.31.11.1, 00:00:27 ago, via FastEthernet0/0 Route metric is 1, traffic share count is 1 R2#sh ip route 172.31.13.0 255.255.255.0 Routing entry for 172.31.13.0/24

Known via \ Redistributing via rip

Last update from 172.31.23.1 on Serial1/0.203, 00:00:19 ago

Routing Descriptor Blocks:

* 172.31.23.1, from 172.31.23.1, 00:00:19 ago, via Serial1/0.203 Route metric is 1, traffic share count is 1 3.3 认证配置

配置R1,R2在LAN上MD5认证

R1: 定义密钥链 key chain keyLAN --–key 1--—key string ripv2;

Fa0/0接口上启用rip认证 Ip rip authentication key-chain keyLAN ---ip rip authentication mode md5 R2：定义密钥链：key chain lankey--?key 1-?key-string ripv2-?key 2-?key-string ripv22

Fa0/0接口上启用RIP认证：ip rip authentication mode md5?ip rip authentication key-chain lankey; 配置R1与R4明文认证 R1：

R4(config)#key chain withR2 R4(config-keychain)#KEY 1

R4(config-keychain-key)#key-string plaintext R4(config-keychain-key)#exit R4(config-keychain)#exit R4(config)#int s0/0.401

R4(config-subif)#ip rip authentication key-chain withR2

3.4 水平分割和下一跳

水平分割缺省在每个接口上是ON的，除了配置了IP地址的FR封装的物理串口上（本例中的R5串口S0/0） R5#sh ip int s0/0

Serial0/0 is up, line protocol is up Split horizon is disabled ICMP redirects are always sent

下一跳（next-hop）属性允许路由器对通告的路由下一跳指向其他路由器，而不是自己；本例中S2运行OSPF，R2将S2连接的网络通过重发布通告给其他路由器，由于R2/S2/R1连接在同一个LAN上，因此R2在向R1通告S2的路由的时候将下一条指向S2而不是R2自己 配置：

S2:router ospf 10?network 172.31.0.0 .0.0.255.255 area 0

R2:router ospf 20?network 172.31.0.0 0.0.255.255 area 0 ,network 10.1.26.0 0.0.0.255 area 0 Router rip-?redistribute ospf 20 metric 2 R1路由如下：

R1#show ip route 172.31.221.202 Routing entry for 172.31.221.202/32 Known via \ Redistributing via rip

Last update from 172.31.11.202 on FastEthernet0/0, 00:00:02 ago Routing Descriptor Blocks:

* 172.31.11.202, from 172.31.11.2, 00:00:02 ago, via FastEthernet0/0 Route metric is 2, traffic share count is 1 R1#sh ip route

Gateway of last resort is not set

本文来源：https://www.bwwdw.com/article/vh7d.html