leve 0 static summary floating route
lo0 R2 s1/1192.168.12.2------192.168.12.1 s1/0 R1 s1/1 192.168.13.1--------s1/0 192.168.13.3 R3
lo0:2.2 r1(R2) s1/0 ---- s2/0 r1(R1) lo0 1.1 s1/0 -------- s2/0 r3 lo0 3.3
R1 loopback 0 1.1.1.1
R2 loopback 0 2.2.2.2
R3 loopback 0 3.3.3.3
step 1...
r1:
en
config t
banner motd #
welcome to beijing onetom
#
disable
en
config t
enable password cisco
service pasword-encryption
hostname R2
no ip domain-lookup
lin consle 0
exec-timeout 0 0
logging synchronous
password zhou
login
exit
line vty 0 4
password zhou
login
exit
line aux 0
no password
no login
exit
int lo 0
ip add 2.2.2.2 255.255.255.255
exit
int s1/0
ip add 192.168.12.2 255.255.255.0
no shutdown
end
r2
en
config t
banner motd $
Welcome to Handsome boy
$
end
disable
en
config t
enable password cisco
service password-encryption
hostname R1
no ip domain-lookup
lin consle 0
exec-timeout 0 0
logging syn
password zhou
login
exit
line vty 0 4
password zhou
login
exit
line aux 0
no password
no login
exit
int lo 0
ip add 1.1.1.1 255.255.255.255
exit
int s2/0
ip add 192.168.12.1 255.255.255.0
no shutdown
exit
int s1/0
ip add 192.168.13.1 255.255.255.0
no shutdown
exit
r3
en
config t
banner motd %
www.Handsome boy.com
%
disable
en
config t
hostname R3
enable password cisco
service password-encryption
no ip domain-lookup
lin consle 0
exec-timeout 0 0
logging syn
password zhou
login
exit
line vty 0 4
password zhou
login
exit
line aux 0
no password
no login
exit
int lo 0
ip add 3.3.3.3 255.255.255.255
exit
int s2/0
ip add 192.168.13.3 255.255.255.0
no shutdown
exit
r1 show ip int bri
r2 show ip int bri
r3 show ip int bri
R1 ping 192.168.12.2
R1 Ping 192.168.13.3
r1 debug ip icmp
r1 config t
ip classless
ip subnet-zero
end
r2 config t
ip classless
ip subnet-zero
end
r3 config t
ip classless
ip subnet-zero
end
-------------------------------------------------------------
添加静态路由
r1 ip route 2.2.2.2 255.255.255.255 s2/0 192.168.12.2
ip route 3.3.3.3 255.255.255.255 s1/0 192.168.13.3
end
r2 ip route 1.1.1.1 255.255.255.255 s1/0 192.168.12.1
ip route 3.3.3.3 255.255.255.255 s1/0 192.168.12.1
end
r3 ip route 1.1.1.1 255.255.255.255 s2/0 192.168.13.1
ip route 2.2.2.2 255.255.255.255 s2/0 192.168.13.1
end
r1 show run
r2 show run
r3 show run
r1 show ip route static
r2 show ip route static
r3 show ip route static
在static 路由中指定出站接口,不指定下一跳会在广播网络上产生过多的流量r1 show arp 在static 路由中指定出站接口,不指定下一跳会在广播网络上产生过多的流量
r2 show arp
r3 show arp
]
R1 #copy running-config startup-config
R2 #copy running-config startup-config
R3 #copy running-config startup-config
这时ping
r3 ping 1.1.1.1
!!!!
r3 ping 2.2.2.2
....
r1 ping 3.3.3.3
!!!!
r1 ping 2.2.2.2
!!!!!
r2 ping 3.3.3.3
....
r2 ping 1.1.1.1
!!!!!
查看路由表
r1 show ip route
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 192.168.12.2, Serial2/0
3.0.0.0/32 is subnetted, 1 subnets
S 3.3.3.3 [1/0] via 192.168.13.3, Serial1/0
可以看到R1有它们的S 静态路由
r2 show ip route
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 [1/0] via 192.168.12.1, Serial1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
S 3.3.3.3 [1/0] via 192.168.12.1, Serial1/0
可以看到R2有它们的S 静态路由
r3 show ip route
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 [1/0] via 192.168.13.1, Serial2/0
C 192.168.13.0/24 is directly connected, Serial2/0
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 192.168.13.1, Serial2/0
3.0.0.0/24 is subnetted, 1 subnets
可以看到R3有它们的S 静态路由
r1 config t
alias exec rt show ip route
alias exec on show ip ospf neighbor
end
r1 rt
r1 on
r2 config t
alias exec rt show ip route
alias exec on show ip ospf neighbor
end
r2 rt
r2 on
r3 config t
alias exec rt show ip route
alias exec on show ip ospf neighbor
end
r3 rt
r3 on
------------------------------------------------------------
为啥不通呢
我们看数据 来分析
先从R1来看 R2 ping 3.3.3.3 时有没有收到R1上面来 再看R1有没有发出去
我们在R1上做个ACL来看 不用DEBUG。
r1 config t
R1(config)#access-list 1 permit any
R1(config)#end
看在哪个接口上面是进来的接口
r1 show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 2/0 130 R Solaris UnSer 1/0
R3 Ser 1/0 149 R Solaris UnSer 2/0
r1 config t
int s1/0
ip access-group 1 in
end
R3 ping 2.2.2.2
....
R1#sh ip accEss-lists
Standard IP access list 1
permit any (5 matches)
收到了5个包
再在上面做个ACL看它有没发出去
R1(config)#int s2/0
R1(config-if)#ip access-group 1 Out
end
r3 ping 2.2.2.2
.....
R1#show ip access
Standard IP access list 1
permit any (9 matches)
可以看到也发出去了
分析
这说明R1把包发出去了 它的静态地址指明了下一条是192.168.12.2 这说明了发到其路由器R2上了 我们知道R2知道自己所有的直连 也就成功了
debug ip packet
R3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
*Mar 26 16:48:41.319: IP: s=192.168.13.3 (local), d=2.2.2.2 (Serial2/0), len 100, sending.
*Mar 26 16:48:43.351: IP: s=192.168.13.3 (local), d=2.2.2.2 (Serial2/0), len 100, sending..
*Mar 26 16:48:45.359: IP: s=192.168.13.3 (local), d=2.2.2.2 (Serial2/0), len 100, sending.
*Mar 26 16:48:47.411: IP: s=192.168.13.3 (local), d=2.2.2.2 (Serial2/0), len 100, sending
*Mar 26 16:48:49.471: IP: s=192.168.13.3 (local), d=2.2.2.2 (Serial2/0), len 100, sending.
Success rate is 0 percent (0/5)
但我们知道ICMP 有回来的包.可现在s=192.168.13.3而路由表没有这个地址的路由条目这就是失败的原因。
我们可以看到这样的现象
r3 ping 2.2.2.2
.....
R3#ping 2.2.2.2 /source 3.3.3.3
^
% Invalid input detected at '^' marker.
R3#ping 2.2.2.2 source 3.3.3.3
^
% Invalid input detected at '^' marker.
R3#ping 2.2.2.2 source 3.3.3.3
^
% Invalid input detected at '^' marker.
R3#ping 2.2.2.2 ?
<cr>
R3#ping
Protocol [ip]:
Target IP address: 2.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 3.3.3.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
这样成功了
R1 它不用 因为192.168.12.2/ 192.168.13.3 是直连啊
R2 config t
ip route 192.168.13.0 255.255.255.0 s1/0 192.168.12.1
ip route 192.168.13.3 255.255.255.255 s1/0 192.168.12.1
end
R3 config t
ip route 192.168.12.0 255.255.255.0 s2/0 192.168.13.1
ip route 192.168.12.2 255.255.255.255 s2/0 192.168.13.1
end
r2>traceroute 3.3.3.3
r3>trace 2.2.2.2
r1 #dir system:
r2 #dir system:
r3 #dir system:
r1 #dir nvram:
r2 #dir nvram:
r3 #dir nvram:
r1 sh user
r2 sh user
r3 sh user
R1 en
cisco 密码
r1 erase nvram
r1 reload
R2 en
config t
cisco 密码
r2 erase startup-config
r2 reload
R3 en
config t
cisco 密码
r3 erase nvram
r3 reload
r1 sh user
r2 sh user
r3 sh user
---------------------------------------------------------------------
重搭实验台
汇总
基本配置同上
--e0 R1 s1/0--s2/0 R2 s1/0--s2/0 R3 e0
R2e0--e0 R4 e1--
R1(): e0 192.168.1.1/27
s1/0 192.168.1.65/27
R2(): e0 192.168.1.193/27
s2/0 192.168.1.66/27
s1/0 10.4.6.1/24
R3(): e0 10.4.7.1/24
s2/0 10.4.6.2/24
R4(): eo 192.168.1.194/27
e1 10.1.5.1/16
static route configuration
R1(): ip route 192.168.1.192 255.255.255.224 192.168.1.66
ip route 10.1.0.0 255.255.0.0 192.168.1.66
ip route 10.4.6.0 255.255.255.0 192.168.1.66
ip route 10.4.7.0 255.255.255.0 192.168.1.66
R2(): ip route 192.168.1.0 255.255.255.224 (s2/0) 192.168.1.65
ip route 10.1.0.0 255.255.0.0 (e0) 192.168.1.194
ip route 10.4.7.0 255.255.255.0 (s1/0) 10.4.6.2
R3(): ip route 192.168.1.0 255.255.255.224 10.4.6.1
ip route 192.168.1.64 255.255.255.224 10.4.6.1
ip route 192.168.1.192 255.255.255.224 10.4.6.1
ip route 10.1.0.0 255.255.0.0 10.4.6.1
R4(piglet小猪): ip route 192.168.1.0 255.255.255.224 192.168.1.193
ip route 192.168.1.64 255.255.255.224 192.168.1.193
ip route 10.4.6.0 255.255.255.0 192.168.1.193
ip route 10.4.7.0 255.255.255.0 192.168.1.193
r2 show ip route 看看配置接口(被R看成直连路由 management distance 0)和下一跳区别(management diatance 1)
r2 show arp 看看配置接口()和下一跳区别(不配置会产生过多的流量)
r2/r1/r3/r4 show ip route static
r2/r1/r3/r4 show cdp neighbor detail
汇总路由
R4():ip route 192.168.1.0 255.255.255.0 192.168.1.193
ip route 10.4.0.0 255.255.0.0 192.168.1.193
R1(): ip route 192.168.1.192 255.255.255.224 192.168.1.66
ip route 10.0.0.0 255.0.0.0 192.168.1.66
R3(): ip route 192.0.0.0 255.0.0.0 10.4.6.1
ip route 10.1.0.0 255.255.0.0 10.4.6.1
选择路由
加上一条路由
R1(POOH)s2/0--s1/0 R3(eeyore)e0-- pc1
R1: s2/0 192.168.1.33/27
R3: s1/0 192.168.1.34/27
e0 10.4.7.34/24
pc1: 10.4.7.1/24
pooh上的static route命令可以实现一条策略,使流量经过指定的R。
R1(): ip route 192.168.1.192 255.255.255.224 192.168.1.66
ip route 10.0.0.0 255.0.0.0 192.168.1.34
ip route 10.1.0.0 255.255.0.0 192.168.1.66
ip route 10.4.7.25 255.255.255.255 192.168.1.66
floating static route 浮动静态路由
加一R5()双链路
R4s1/0 10.1.20.1/24-----s2/0 10.1.20.2/24 R5() E0 10.1.30.1/24
R4()s2/0 10.1.10.1/24-----s1/0 10.1.10.2/24 R5()
R4(): ip route 192.168.1.0 255.255.255.0 192.168.1.193
ip route 10.4.0.0 255.255.0.0 192.168.1.193
ip route 10.1.30.0 255.255.255.0 10.1.10.2
ip route 10.1.30.0 255.255.255.0 10.1.20.2 50 floating static route
R5(): ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1 50
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1 50
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1 50
load sharing 均分负载
equal-cost load sharing 等价均分负载
把上面的flating static route 后面的50去掉就好了
R4(): ip route 192.168.1.0 255.255.255.0 192.168.1.193
ip route 10.4.0.0 255.255.0.0 192.168.1.193
ip route 10.1.30.0 255.255.255.0 10.1.10.2
ip route 10.1.30.0 255.255.255.0 10.1.20.2 equal-cost load sharing
R5(): ip route 10.4.0.0 255.255.0.0 10.1.10.1
ip route 10.4.0.0 255.255.0.0 10.1.20.1
ip route 10.1.5.0 255.255.255.0 10.1.10.1
ip route 10.1.5.0 255.255.255.0 10.1.20.1
ip route 192.168.0.0 255.255.0.0 10.1.10.1
ip route 192.168.0.0 255.255.0.0 10.1.20.1
unequal-clst load sharing 非等价均分负载
递归表查询:下一跳指的不是直连的R接口的实际地址 要多次查询 不建议这样配置
R1(): ip route 192.168.1.0 255.255.255.224 192.168.1.66
ip route 10.1.0.0 255.255.0.0 192.168.1.194
ip route 10.4.6.0 255.255.255.0 10.4.6.2
ip route 10.4.7.0 255.255.255.0 10.4.6.2
pc: arp -a
pc: arp -a
r1 config t
int s1/0
arp timeout 1800
end
r1 show arp
r1 config t
int s1/0
no ip proxy-arp 关闭代理ARP
end
r1 config t
int s2/0
ip gratuitous