RIP 是由Xerox 在70 年代开发的,最初定义在RFC1058 中。RIP 用两种数据包传输更新:更新和请求,每个有RIP 功能的路由器默认情况下每隔30 秒利用UDP 520 端口向与它直连的网络邻居广播(RIP v1)或组播(RIP v2)路由更新。因此路由器不知道网络的全局情况,如果路由更新在网络上传播慢,将会导致网络收敛较慢,造成路由环路。为了避免路由环路,RIP 采用水平分割、毒性逆转、定义最大跳数、闪式更新、抑制计时5 个机制来避免路由环路。
RIP 协议分为版本1 和版本2。不论是版本1 或版本2,都具备下面的特征:
1. 是距离向量路由协议;
2. 使用跳数(Hop Count)作为度量值;
3.默认路由更新周期为30 秒;
4. 管理距离(AD)为120;
5. 支持触发更新;
6. 最大跳数为15 跳;
7. 支持等价路径,默认4 条,最大6 条;
8. 使用UDP520 端口进行路由更新。
而RIPv1 和RIPv2 的区别如表4-1。
4.2 RIPv1
4.2.1 实验1:RIPv1 基本配置
1.实验目的
通过本实验可以掌握:
(1)在路由器上启动RIPv1 路由进程
(2)启用参与路由协议的接口,并且通告网络
(3)理解路由表的含义
(4)查看和调试RIPv1 路由协议相关信息
2.拓扑结构
实验拓扑如图4-1 所示。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#router rip //启动RIP 进程
R1(config-router)#version 1 //配置RIP 版本1
R1(config-router)#network 1.0.0.0 //通告网络
R1(config-router)#network 192.168.12.0
(2)步骤2:配置路由器R2
R2(config)#router rip
R2(config-router)#version 1
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
(3)步骤3:配置路由器R3
R3(config)#router rip
R3(config-router)#version 1
R3(config-router)#network 192.168.23.0
R3(config-router)#network 192.168.34.0
(4)步骤4:配置路由器R4
R4(config)#router rip
R4(config-router)#version 1
R4(config-router)#network 192.168.34.0
R4(config-router)#network 4.0.0.0
4.实验调试
(1) show ip route
该命令用来查看路由表。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 4.0.0.0/8 [120/3] via 192.168.12.2, 00:00:03, Serial0/0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:03, Serial0/0/0
R 192.168.34.0/24 [120/2] via 192.168.12.2, 00:00:03, Serial0/0/0
以上输出表明路由器R1 学到了3 条RIP 路由,其中路由条目“R 4.0.0.0/8 [120/3]
via 192.168.12.2, 00:00:03, Serial0/0/0”的含义如下:
① R:路由条目是通过RIP 路由协议学习来的;
② 4.0.0.0/8:目的网络;
③ 120:RIP 路由协议的默认管理距离;
④ 3: 度量值,从路由器R1 到达网络4.0.0.0/8 的度量值为3 跳;
⑤ 192.168.12.2:下一跳地址;
⑥ 00:00:03:距离下一次更新还有27(30-3)秒;
⑦ Serial0/0/0:接收该路由条目的本路由器的接口。
同时通过该路由条目的掩码长度可以看到,RIPv1 确实不传递子网信息。
(2)show ip protocols
该命令查看IP 路由协议配置和统计信息。
R1#show ip protocols
【注意】
“//”后的信息表示注释,不是输出内容。
Routing Protocol is "rip"
//路由器上运行的路由协议是RIP
Outgoing update filter list for all interfaces is not set
//在出方向上没有设置过滤列表
Incoming update filter list for all interfaces is not set
//在入方向上没有设置过滤列表
Sending updates every 30 seconds, next due in 23 seconds
//更新周期是30 秒,距离下次更新还有23 秒
【注意】
为了防止更新同步,RIP 会以15%的误差发送更新,即实际发送更新的周期的范围是
25.5-30 秒。
Invalid after 180 seconds, hold down 180, flushed after 240
//invalid after:路由条目如果在180 秒还没有收到更新,则被标记为无效
【技术要点】
被标记为无效的路由条目类似如下所示:
R 4.0.0.0/8 is possibly down, routing via 192.168.12.2, Serial0/0/0
可以通过很多方式使路由条目进入无效周期,例如在接口上加拒绝接收UDP520 端口的
ACL,还比如将接口设置为被动接口等。
//hold down:抑制计时器的时间为180 秒
//flushed after:路由条目如果在240 秒还没有收到更新,则从路由表中删除此路由条目
【提示】
可以通过下面的命令来调整以上三个时间参数:
R1(config-router)#timers basic update invalid holddown flushed
Redistributing: rip
//只运行RIP 协议,没有其它的协议重分布进来
Default version control: send version 1, receive version 1
//默认发送版本1 的路由更新,接收本版1 的路由更新
Interface Send Recv Triggered RIP Key-chain
Serial0/0/0 1 1
Loopback0 1 1
//以上三行显示了运行RIP 协议的接口,以及可以接收和发送的RIP 路由更新的版本
Automatic network summarization is in effect
//RIP 路由协议默认开启自动汇总功能
Maximum path: 4
//RIP 路由协议可以支持4 条等价路径,最大为6 条
【提示】
可以通过下面的命令来修改RIP 路由协议支持等价路径的条数:
R1(config-router)#maximum-paths number-paths
Routing for Networks:
1.0.0.0
192.168.12.0
//以上三行表明RIP 通告的网络
Routing Information Sources:
Gateway Distance Last Update
192.168.12.2 120 00:00:03
//以上三行表明路由信息源,其中:
//gateway:学习路由信息的路由器的接口地址,也就是下一跳地址
//distance:管理距离
//last update:更新发生在多长时间以前
Distance: (default is 120)
//默认管理距离是120
(3)debug ip rip
该命令可以查看RIP 路由协议的动态更新过程。
R1#clear ip route *
R1#debug ip rip
Feb 9 12:43:13.311: RIP: sending request on Serial0/0/0 to 255.255.255.255
Feb 9 12:43:13.315: RIP: sending request on Loopback0 to 255.255.255.255
Feb 9 12:43:13.323: RIP: received v1 update from 192.168.12.2 on Serial0/0/0
Feb 9 12:43:13.323: 4.0.0.0 in 3 hops
Feb 9 12:43:13.323: 192.168.23.0 in 1 hops
Feb 9 12:43:13.323: 192.168.34.0 in 2 hops
Feb 9 12:43:15.311: RIP: sending v1 flash update to 255.255.255.255 via Loopback0 (1.1.1.1)
Feb 9 12:43:15.311: RIP: build flash update entries
Feb 9 12:43:15.311: network 4.0.0.0 metric 4
Feb 9 12:43:15.311: network 192.168.12.0 metric 1
Feb 9 12:43:15.311: network 192.168.23.0 metric 2
Feb 9 12:43:15.311: network 192.168.34.0 metric 3
Feb 9 12:43:15.311: RIP: sending v1 flash update to 255.255.255.255 via Serial0/0/0
(192.168.12.1)
Feb 9 12:43:15.311: RIP: build flash update entries
Feb 9 12:43:15.311: network 1.0.0.0 metric 1
通 过以上输出,可以看到RIPv1 采用广播更新(255.255.255.255),分别向Loopback0和s0/0/0 发送路由更新,同时从s0/0/0 接收三条路由更新,分别是4.0.0.0,度量值是3跳;192.168.34.0, 度量值是2 跳;192.168.23.0,度量值是1 跳。
【技术要点】
flash update(闪式更新)指的是当网络上某个路径的度量值发生变化,路由器立即发出更新信息,而不管是否到达常规路由信息更新的周期。
4.2.2 实验2:被动接口与单播更新
1.实验目的
通过本实验可以掌握:
(1)被动接口的含义、配置和应用场合
(2)单播更新的应用场合和配置
2.拓扑结构
实验拓扑如图4-2 所示。
由于以太口g0/0 和g0/1 连接主机,不需要向这些接口发送路由更新,所以可以考虑将路由器的该接口设置为被动接口。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#router rip
R1(config-router)#version 1
R1(config-router)#network 10.0.0.0
R1(config-router)#network 172.16.0.0
R1(config-router)#network 192.168.12.0
R1(config-router)#passive-interface GigabitEthernet0/0
R1(config-router)#passive-interface GigabitEthernet0/1
(2)步骤2:配置路由器R2
R2(config)#router rip
R2(config-router)#version 1
R2(config-router)#network 192.168.12.0
R2(config-router)#network 2.0.0.0
4.实验调试
R1#debug ip rip
R1#clear ip route *
Feb 9 13:24:41.275: RIP: sending request on Serial0/0/0 to 255.255.255.255
Feb 9 13:24:41.283: RIP: received v1 update from 192.168.12.2 on Serial0/0/0
Feb 9 13:24:41.283: 2.0.0.0 in 1 hops
Feb 9 13:24:43.275: RIP: sending v1 flash update to 255.255.255.255 via Serial0/0/0
(192.168.12.1)
Feb 9 13:24:43.275: RIP: build flash update entries
Feb 9 13:24:43.275: network 10.0.0.0 metric 1
Feb 9 13:24:43.275: network 172.16.0.0 metric 1
从以上输出可以看出,路由器R1 确实不向被动接口g0/0 和g0/1 发送路由更新。
【技术要点】
被动接口只能接收路由更新,不能以广播或组播方式发送更新,但是可以以单播的方式发送更新,配置单播更新的命令如下:
R1(config-router)#neighbor A.B.C.D
【实例】
如 图4-3 所示,路由器R1 只想把路由更新送到路由器R3 上,由于RIPv1 路由协议采用广播更新,默认情况下,路由更新将发送给以太网上任何一个设备,为了防止这种情况发生,把路由器R1 的g0/0 配置成被动接口,然而路由器R1 还想把路由更新发送给R3,这时候必须采用单播更新,为指定的相邻路由器R3 发送路由更新。路由器R1 具体的配置如下:
R1(config)#router rip
R1(config-router)#passive-interface GigabitEthernet0/0
R1(config-router)#neighbor 172.16.1.3
4.2.3 实验3:使用子网地址
1.实验目的
通过本实验可以掌握:
(1)RIPv1 使用子网地址的条件
(2)RIPv1 接收子网路由的原则
2.拓扑结构
实验拓扑如图4-4 所示。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#router rip
R1(config-router)#version 1
R1(config-router)#network 172.16.0.0
(2)步骤2:配置路由器R2
R2(config)#router rip
R2(config-router)#version 1
R2(config-router)#network 172.16.0.0
4.实验调试
分别查看R1、R2 的路有表:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.1.0 is directly connected, Loopback0
C 172.16.2.0 is directly connected, Serial0/0/0
R 172.16.3.0 [120/1] via 172.16.2.2, 00:00:03, Serial0/0/0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 3 subnets
R 172.16.1.0 [120/1] via 172.16.2.1, 00:00:21, Serial0/0/0
C 172.16.2.0 is directly connected, Serial0/0/0
C 172.16.3.0 is directly connected, Loopback0
从路由器R1 和R2 的路由表输出可以看出,它们互相学习到了24 位的路由条目,从而可以说明,某些情况下RIPv1 更新确实可以携带子网信息。
【技术要点】
RIPv1 路由更新可以携带子网信息必须同时满足两个条件:
(1)整个网络所有地址在同一个主类网络;
(2)子网掩码长度必须相同。
【思考】
假如在图4-4 中,路由器R2 的s0/0/0 接口的IP 地址的掩码长度为25 位,那么,R2的路由表是怎样的呢?结果如下:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
R 172.16.1.0/25 [120/1] via 172.16.2.1, 00:00:17, Serial0/0/0
C 172.16.2.0/25 is directly connected, Serial0/0/0
C 172.16.3.0/24 is directly connected, Loopback0
由此得出RIP v1 接收子网路由的原则:如果路由器收到的是子网路由条目,那么就以接收该路由条目的接口的掩码长度作为该子网路由条目的掩码长度。
4.3 RIPv2
4.3.1 实验4:RIPv2 基本配置
1.实验目的
通过本实验可以掌握:
(1)在路由器上启动RIPv2 路由进程
(2)启用参与路由协议的接口,并且通告网络
(3)auto-summary 的开启和关闭
(4)查看和调试RIPv2 路由协议相关信息
2.拓扑结构
实验拓扑如图4-1 所示。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 1.0.0.0
R1(config-router)#network 192.168.12.0
(2)步骤2:配置路由器R2
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
(3)步骤3:配置路由器R3
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
R3(config-router)#network 192.168.34.0
(4)步骤4:配置路由器R4
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 192.168.34.0
R4(config-router)#network 4.0.0.0
4.实验调试
(1) show ip route
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R 4.4.4.0/24 [120/3] via 192.168.12.2, 00:00:22, Serial0/0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:22, Serial0/0/0
R 192.168.34.0/24 [120/2] via 192.168.12.2, 00:00:22, Serial0/0/0
从上面输出的路由条目“4.4.4.0/24”,可以看到RIPv2 路由更新是携带子网信息的。
(2)show ip protocols
R1#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 19 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial0/0/0 2 2
Loopback0 2 2
// RIPv2 默认情况下只接收和发送版本2 的路由更新
【提示】
可以通过命令“ip rip send version”和“ip rip receive version”来控制在路由器接口上接收和发送的版本,例如在s0/0/0 接口上接收版本1 和2 的路由更新,但是只发送版本2 的路由更新,配置如下:
R1(config-if)#ip rip send version 2
R1(config-if)#ip rip receive version 1 2
【注意】
接口特性是优于进程特性的,对于本实验,虽然在RIP 进程中配置了“version 2” ,
但是如果在接口上配置了“ip rip receive version 1 2” ,则该接口可以接收版本1 和
2 的路由更新。
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
1.0.0.0
192.168.12.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.2 120 00:00:26
Distance: (default is 120)
4.3.2 实验5:RIPv2 手工汇总
1.实验目的
通过本实验可以掌握:
(1)RIPv2 路由的手工汇总
(2)RIPv2 不支持CIDR 汇总
(3)RIPv2 可以传递CIDR 汇总
2.拓扑结构
实验拓扑如图4-5 所示。
3.实验步骤
路由器R1、R2 和R3 的配置和4.3.1 实验4 相同,R4 的配置如下:
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 192.168.34.0
R4(config-router)#network 4.0.0.0
R4(config)#interface s0/0/0
R4(config-if)#ip summary-address rip 4.4.0.0 255.255.252.0//RIP 手工路由汇总
4.实验调试
(1)在没有执行汇总之前路由器R1 的路由表如下:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 4 subnets
R 4.4.0.0 [120/3] via 192.168.12.2, 00:00:21, Serial0/0/0
R 4.4.1.0 [120/3] via 192.168.12.2, 00:00:21, Serial0/0/0
R 4.4.2.0 [120/3] via 192.168.12.2, 00:00:12, Serial0/0/0
R 4.4.3.0 [120/3] via 192.168.12.2, 00:00:05, Serial0/0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:21, Serial0/0/0
R 192.168.34.0/24 [120/2] via 192.168.12.2, 00:00:22, Serial0/0/0
从上面的输出看到路由器R1 的路由表中有R4 的4 条环回接口的明细路由。
(2)在执行汇总以后路由器R1 的路由表如下:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/22 is subnetted, 1 subnets
R 4.4.0.0 [120/3] via 192.168.12.2, 00:00:21, Serial0/0/0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:21, Serial0/0/0
R 192.168.34.0/24 [120/2] via 192.168.12.2, 00:00:22, Serial0/0/0
上面的输出表明在路由器R1 的路由表中接收到汇总路由,当然R2,R3 上也能收到汇总路由。
【思考】
现在将路由器R4 上四个环回接口lo0-lo4 的地址分别修改为192.168.96.4/24,
192.168.97.4/24, 192.168.98.4/24, 192.168.99.4/24,在s0/0/0 接口下还能够实现路由
汇总吗?R4 上做如下的配置:
R4(config-if)#router rip
R4(config-router)#network 192.168.96.0
R4(config-router)#network 192.168.97.0
R4(config-router)#network 192.168.98.0
R4(config-router)#network 192.168.99.0
R4(config-if)#ip summary-address rip 192.168.96.0 255.255.252.0
路由器会提示如下信息:
“Summary mask must be greater or equal to major net”
显示的提示信息表明汇总后的掩码长度必须要大于或等于主类网络的掩码程度,因为
“22<24”,所以不能汇总。
所以RIPv2 不支持CIDR 汇总,但是可以传递CIDR 汇总。
解决方案如下:
(1)用静态路由发布被汇总的路由
R4(config)#ip route 192.168.96.0 255.255.252.0 null0
(2)将静态路由重分布到RIP 网络中
R4(config)#router rip
R4(config-router)#redistribute static //将静态路由重分布到RIP 路由协议中
R4(config-router)#no network 192.168.96.0
R4(config-router)#no network 192.168.97.0
R4(config-router)#no network 192.168.98.0
R4(config-router)#no network 192.168.99.0
(3)在路由器R1 上查看路由表
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:18, Serial0/0/0
R 192.168.34.0/24 [120/2] via 192.168.12.2, 00:00:18, Serial0/0/0
R 192.168.96.0/22 [120/3] via 192.168.12.2, 00:00:18, Serial0/0/0
通过输出不难看出RIPv2 是可以传递CIDR 汇总信息的。
4.3.3 实验6:RIPv2 认证和触发更新
1.实验目的
通过本实验可以掌握:
(1)RIPv2 明文认证的配置和匹配原则
(2)RIPv2 MD5 认证的配置和匹配原则
(3)RIPv2 触发更新
2.拓扑结构
实验拓扑如图4-1 所示。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#key chain test //配置钥匙链
R1(config-keychain)#key 1 //配置KEY ID
R1(config-keychain-key)#key-string cisco //配置KEY ID 的密匙
R1(config)#interface s0/0/0
R1(config-if)#ip rip authentication mode text
//启用认证,认证模式为明文,默认认证模式就是明文,所以也可以不用指定
R1(config-if)#ip rip authentication key-chain test //在接口上调用钥匙链
R1(config-if)#ip rip triggered //在接口上启用触发更新
(2)步骤2:配置路由器R2
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
R2(config)#interface s0/0/0
R2(config-if)#ip rip triggered
R2(config-if)#ip rip authentication key-chain test
R2(config-if)#interface s0/0/1
R2(config-if)#ip rip authentication key-chain test
R2(config-if)#ip rip triggered
(3)步骤3:配置路由器R3
R3(config)#key chain test
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco
R3(config)#interface s0/0/0
R3(config-if)#ip rip authentication key-chain test
R3(config-if)#ip rip triggered
R3(config-if)#interface s0/0/1
R3(config-if)#ip rip authentication key-chain test
R3(config-if)#ip rip triggered
(4)步骤4:配置路由器R4
R4(config)#key chain test
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string cisco
R4(config)#interface s0/0/0
R4(config-if)#ip rip authentication key-chain test
R4(config-if)#ip rip triggered
4.实验调试
(1)show ip protocols
R2#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 4 seconds
Invalid after 180 seconds, hold down 0, flushed after 240
// 由于触发更新,hold down 计时器自动为0
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial0/0/0 2 2 Yes test
Serial0/0/1 2 2 Yes test
//以上两行表明s0/0/0 和s0/0/1 接口启用了认证和触发更新
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.12.0
192.168.23.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.1 120 00:26:10
192.168.23.3 120 00:26:01
Distance: (default is 120)
(2)debug ip rip
R2#debug ip rip
RIP protocol debugging is on
R2#clear ip route *
*Feb 11 13:51:31.827: RIP: sending triggered request on Serial0/0/0 to 224.0.0.9
*Feb 11 13:51:31.831: RIP: sending triggered request on Serial0/0/1 to 224.0.0.9
*Feb 11 13:51:31.843: RIP: sending triggered request on Serial0/0/0 to 224.0.0.9
*Feb 11 13:51:31.847: RIP: sending triggered request on Serial0/0/1 to 224.0.0.9
*Feb 11 13:51:31.847: RIP: send v2 triggered flush update to 192.168.12.1 on Serial0/0/0 with
no route
*Feb 11 13:51:31.851: RIP: start retransmit timer of 192.168.12.1
*Feb 11 13:51:31.855: RIP: send v2 triggered flush update to 192.168.23.3 on Serial0/0/1 with
no route
*Feb 11 13:51:31.855: RIP: start retransmit timer of 192.168.23.3
*Feb 11 13:51:32.019: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.019: RIP: received v2 triggered update from 192.168.12.1 on Serial0/0/0
*Feb 11 13:51:32.023: RIP: sending v2 ack to 192.168.12.1 via Serial0/0/0 (192.168.12.2),
flush, seq# 1
*Feb 11 13:51:32.027: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Feb 11 13:51:32.031: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.035: RIP: received v2 triggered update from 192.168.23.3 on Serial0/0/1
*Feb 11 13:51:32.035: RIP: sending v2 ack to 192.168.23.3 via Serial0/0/1(192.168.23.2),
flush, seq# 2
*Feb 11 13:51:32.039: 192.168.34.0/24 via 0.0.0.0 in 1 hops
*Feb 11 13:51:32.043: 4.4.4.0/24 via 0.0.0.0 in 2 hops
*Feb 11 13:51:32.071: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.071: RIP: received v2 triggered update from 192.168.23.3 on Serial0/0/1
*Feb 11 13:51:32.071: RIP: sending v2 ack to 192.168.23.3 via Serial0/0/1(192.168.23.2),
flush, seq# 3
*Feb 11 13:51:32.075: 192.168.34.0/24 via 0.0.0.0 in 1 hops
*Feb 11 13:51:32.079: 4.4.4.0/24 via 0.0.0.0 in 2 hops
*Feb 11 13:51:32.083: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.083: RIP: received v2 triggered ack from 192.168.23.3 on Serial0/0/1
flush seq# 2
*Feb 11 13:51:32.087: RIP: send v2 triggered update to 192.168.23.3 on Serial0/0/1
*Feb 11 13:51:32.087: RIP: build update entries
*Feb 11 13:51:32.091: route 176: 192.168.12.0/24 metric 1, tag 0
*Feb 11 13:51:32.091: route 181: 1.1.1.0/24 metric 2, tag 0
*Feb 11 13:51:32.095: RIP: Update contains 2 routes, start 176, end 188
*Feb 11 13:51:32.095: RIP: start retransmit timer of 192.168.23.3
*Feb 11 13:51:32.099: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.099: RIP: received v2 triggered update from 192.168.12.1 on Serial0/0/0
*Feb 11 13:51:32.103: RIP: sending v2 ack to 192.168.12.1 via Serial0/0/0 (192.168.12.2),
flush, seq# 2
*Feb 11 13:51:32.107: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Feb 11 13:51:32.107: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.111: RIP: received v2 triggered ack from 192.168.12.1 on Serial0/0/0
flush seq# 3
*Feb 11 13:51:32.111: RIP: send v2 triggered update to 192.168.12.1 on Serial0/0/0
*Feb 11 13:51:32.115: RIP: build update entries
*Feb 11 13:51:32.115: route 178: 192.168.23.0/24 metric 1, tag 0
*Feb 11 13:51:32.119: route 184: 192.168.34.0/24 metric 2, tag 0
*Feb 11 13:51:32.123: route 187: 4.4.4.0/24 metric 3, tag 0
*Feb 11 13:51:32.123: RIP: Update contains 3 routes, start 178, end 188
*Feb 11 13:51:32.123: RIP: start retransmit timer of 192.168.12.1
*Feb 11 13:51:32.263: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.263: RIP: received v2 triggered ack from 192.168.23.3 on Serial0/0/1
seq# 3
*Feb 11 13:51:32.267: RIP: received packet with text authentication cisco
*Feb 11 13:51:32.271: RIP: received v2 triggered ack from 192.168.12.1 on Serial0/0/0
seq# 4
从上面的输出可以看出,在路由器R2 上,虽然我们打开了debug ip rip,但是由于采用触发更新,所以并没有看到每30 秒更新一次的信息,而是清除了路由表这件事件触发了路由更新。而且所有的更新中都有“triggered”的字样,同时在接收的更新中带有“text authentication”的字样,证明接口s0/0/0 和s0/0/1 启用了触发更新和明文认证。
(3)show ip rip database
该命令可以查看RIP 数据库。
R2#show ip rip database
1.0.0.0/8 auto-summary
1.1.1.0/24
[1] via 192.168.12.1, 00:12:22 (permanent), Serial0/0/0
* Triggered Routes:
- [1] via 192.168.12.1, Serial0/0/0
4.0.0.0/8 auto-summary
4.4.4.0/24
[2] via 192.168.23.3, 00:12:22 (permanent), Serial0/0/1
* Triggered Routes:
- [2] via 192.168.23.3, Serial0/0/1
192.168.12.0/24 auto-summary
192.168.12.0/24 directly connected, Serial0/0/0
192.168.23.0/24 auto-summary
192.168.23.0/24 directly connected, Serial0/0/1
192.168.34.0/24 auto-summary
192.168.34.0/24
[1] via 192.168.23.3, 00:12:22 (permanent), Serial0/0/1
* Triggered Routes:
- [1] via 192.168.23.3, Serial0/0/1
以上输出进一步说明了在s0/0/0 和s0/0/1 启用了触发更新。
(4)show run
R2#show run | begin router rip
router rip
version 2
timers basic 30 180 0 240
//由于触发更新,在配置中自动加入上面一行,且hold down 计时器被设置为0
network 192.168.12.0
network 192.168.23.0
no auto-summary
关于MD5 认证,只需要在接口下声明认证模式为MD5 即可,例如在R1 上的配置如下:
R1(config)#key chain test //定义钥匙链
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config)#interface s0/0/0
R1(config-if)#ip rip authentication mode md5 //认证模式为MD5
R1(config-if)#ip rip authentication key-chain test
其他的配置和明文认证相同,这里不再赘述。当在R2 上执行“debug ip rip”时显示
类似如下的信息:
*Feb 11 14:04:36.851: RIP: sending triggered request on Serial0/0/0 to 224.0.0.9
*Feb 11 14:04:36.855: RIP: sending triggered request on Serial0/0/1 to 224.0.0.9
*Feb 11 14:04:36.867: RIP: sending triggered request on Serial0/0/0 to 224.0.0.9
*Feb 11 14:04:36.871: RIP: sending triggered request on Serial0/0/1 to 224.0.0.9
*Feb 11 14:04:36.871: RIP: send v2 triggered flush update to 192.168.12.1 on Serial0/0/0 with
no route
*Feb 11 14:04:36.875: RIP: start retransmit timer of 192.168.12.1
*Feb 11 14:04:36.875: RIP: send v2 triggered flush update to 192.168.23.3 on Serial0/0/1 with
no route
*Feb 11 14:04:36.879: RIP: start retransmit timer of 192.168.23.3
*Feb 11 14:04:36.927: RIP: received packet with MD5 authentication
*Feb 11 14:04:36.931: RIP: received v2 triggered update from 192.168.23.3 on Serial0/0/1
*Feb 11 14:04:36.931: RIP: sending v2 ack to 192.168.23.3 via Serial0/0/1 (192.168.23.2),
flush, seq# 4
*Feb 11 14:04:36.935: 192.168.34.0/24 via 0.0.0.0 in 1 hops
*Feb 11 14:04:36.943: 4.4.4.0/24 via 0.0.0.0 in 2 hops
*Feb 11 14:04:36.947: RIP: received packet with MD5 authentication
*Feb 11 14:04:36.947: RIP: received v2 triggered update from 192.168.12.1 on Serial0/0/0
*Feb 11 14:04:36.951: RIP: sending v2 ack to 192.168.12.1 via Serial0/0/0 (192.168.12.2),
flush, seq# 3
*Feb 11 14:04:36.955: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Feb 11 14:04:36.959: RIP: received packet with MD5 authentication
*Feb 11 14:04:36.959: RIP: received v2 triggered update from 192.168.12.1 on Serial0/0/0
*Feb 11 14:04:36.963: RIP: sending v2 ack to 192.168.12.1 via Serial0/0/0 (192.168.12.2),
flush, seq# 4
*Feb 11 14:04:36.967: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Feb 11 14:04:36.967: RIP: received packet with MD5 authentication
*Feb 11 14:04:36.971: RIP: received v2 triggered ack from 192.168.12.1 on Serial0/0/0
flush seq# 5
*Feb 11 14:04:36.971: RIP: send v2 triggered update to 192.168.12.1 on Serial0/0/0
*Feb 11 14:04:36.975: RIP: build update entries
*Feb 11 14:04:36.975: route 191: 192.168.23.0/24 metric 1, tag 0
*Feb 11 14:04:36.979: route 194: 192.168.34.0/24 metric 2, tag 0
*Feb 11 14:04:36.979: route 197: 4.4.4.0/24 metric 3, tag 0
*Feb 11 14:04:36.983: RIP: Update contains 3 routes, start 191, end 201
*Feb 11 14:04:36.983: RIP: start retransmit timer of 192.168.12.1
*Feb 11 14:04:36.991: RIP: received packet with MD5 authentication
*Feb 11 14:04:36.991: RIP: received v2 triggered update from 192.168.23.3 on Serial0/0/1
*Feb 11 14:04:36.991: RIP: sending v2 ack to 192.168.23.3 via Serial0/0/1 (192.168.23.2),
flush, seq# 5
*Feb 11 14:04:36.999: 192.168.34.0/24 via 0.0.0.0 in 1 hops
*Feb 11 14:04:36.999: 4.4.4.0/24 via 0.0.0.0 in 2 hops
*Feb 11 14:04:37.003: RIP: received packet with MD5 authentication
*Feb 11 14:04:37.003: RIP: received v2 triggered ack from 192.168.23.3 on Serial0/0/1
flush seq# 4
*Feb 11 14:04:37.007: RIP: send v2 triggered update to 192.168.23.3 on Serial0/0/1
*Feb 11 14:04:37.007: RIP: build update entries
*Feb 11 14:04:37.011: route 189: 192.168.12.0/24 metric 1, tag 0
*Feb 11 14:04:37.015: route 200: 1.1.1.0/24 metric 2, tag 0
*Feb 11 14:04:37.015: RIP: Update contains 2 routes, start 189, end 201
*Feb 11 14:04:37.019: RIP: start retransmit timer of 192.168.23.3
*Feb 11 14:04:37.059: RIP: received packet with MD5 authentication
*Feb 11 14:04:37.059: RIP: received v2 triggered ack from 192.168.12.1 on Serial0/0/0
seq# 6
*Feb 11 14:04:37.067: RIP: received packet with MD5 authentication
*Feb 11 14:04:37.071: RIP: received v2 triggered ack from 192.168.23.3 on Serial0/0/1
seq# 5
以上输出信息表明采用了MD5 认证和触发更新。
【技术要点】
(1)在以太网接口下,不支持触发更新;
(2)触发更新需要协商,链路的两端都需要配置;
(3)在认证的过程中,如果定义多个key ID,明文认证和MD5 认证的匹配原则是不一
样的:
① 明文认证的匹配原则是:
A. 发送方发送最小Key ID的密钥
B. 不携带Key ID号码
C. 接收方会和所有Key Chain 中的密钥匹配,如果匹配成功,则通过认证。
【实例1】
路由器R1 有一个Key ID,key1=cisco;
路由器R2 有两个Key ID,key1=ccie,key2=cisco
根据上面的原则,R1 认证失败,R2 认证成功,所以在RIP 中,出现单边路由并不
稀奇。
② MD5 认证的匹配原则是:
A. 发送方发送最小Key ID的密钥
B. 携带Key ID号码
C. 接收方首先会查找是否有相同的Key ID,如果有,只匹配一次,决定认证是否
成功。如果没有该Key ID,只向下查找下一跳,匹配,认证成功;不匹配,认证失败。
【实例2】
路由器R1 有三个Key ID,key1=cisco,key3=ccie,key5=cisco ;
路由器R2 有一个Key ID,key2=cisco
根据上面的原则,R1 认证失败,R2 认证成功。
4.3.4 实验7:浮动静态路由
1.实验目的
通过本实验可以掌握浮动静态路由原理、配置以及备份应用。
2.拓扑结构
实验拓扑如图4-6 所示。
3.实验步骤
本实验通过修改静态路由的管理距离为130,使得路由器选路的时候优先选择RIP,而
静态路由作为备份。
(1)步骤1:配置路由器R1
R1(config)#ip route 2.2.2.0 255.255.255.0 192.168.12.2 130
//将静态路由的管理距离设置为130
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 1.0.0.0
R1(config-router)#network 192.168.21.0
(2)步骤2:配置路由器R2
R2(config)#ip route 1.1.1.0 255.255.255.0 192.168.12.1 130
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.21.0
R2(config-router)#network 2.0.0.0
4.实验调试
(1)在R1 上查看路由表:
R1#show ip route
(此处省略)
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 192.168.21.2, 00:00:25, GigabitEthernet0/0
C 192.168.21.0/24 is directly connected, GigabitEthernet0/0
从以上输出可以看出,路由器将RIP 的路由放入路由表中,因为RIP 的管理距离为120,
小于在静态路由中设定的130,而静态路由处于备份的地位。
(2)在R1 上将g0/0 接口shutdown,然后查看路由表:
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#shutdown
R1#show ip route
(此处省略)
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
S 2.2.2.0 [130/0] via 192.168.12.2
以上输出说明,当主路由中断后,备份的静态路由被放入到路由表中,也很好地解释了
浮动静态路由作为备份的工作原理。
(3)在R1 上将g0/0 接口启动,然后查看路由表:
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#no shutdown
R1#show ip route
(此处省略)
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 192.168.21.2, 00:00:09, GigabitEthernet0/0
C 192.168.21.0/24 is directly connected, GigabitEthernet0/0
以上输出表明当主路由恢复后,浮动静态路由又恢复到备份的地位。
4.3.4 实验8:ip default-network
1.实验目的
通过本实验可以掌握如何通过ip default-network 向网络中注入一条默认路由。
2.拓扑结构
实验拓扑如图4-7 所示。
3.实验步骤
(1)步骤1:配置路由器R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R1(config)#ip default-network 1.0.0.0
(2)步骤2:配置路由器R2
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 2.0.0.0
4.实验调试
(1)在R2 上查看路由表:
R2#show ip route
(此处省略)
Gateway of last resort is 192.168.12.1 to network 0.0.0.0
//表明默认路由的网关为192.168.12.1
C 192.168.12.0/24 is directly connected, Serial0/0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R* 0.0.0.0/0 [120/1] via 192.168.12.1, 00:00:22, Serial0/0/0
从以上输出可以看出R1 上的“ip default-network”命令确实向RIP 网络中注入一条
“R*”的默认路由。
(2)在R2 上ping 1.1.1.1;
R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
以上输出表明在路由器R2 上可以ping 通地址1.1.1.1,虽然在R1 的RIP 进程中没有通告该网络,也恰恰说明是默认路由起了作用。否则,因为在R2 的路由表中没有1.1.1.0的路由条目,是不可能ping 通的。
【技术要点】
(1)ip default-network 后面的网络一定要是主类网络;
(2)ip default-network 后面的网络可以是直连的或者通过其它协议学到的网络。