思科认证:思科路由实验项目全程记录及知识点归纳(5)
5177 点击·0 回帖
灯火互联
楼主
 |  | |
 | 尝试5 全区域中经由过程桢中继实现RIPv2路由和谈 + 密钥验证 为什么非冲要手密钥验证部门,因为现实中它根基上是必需的 [P1;P2;BBR]通用部门 [pre]router rip ver 2 net x.x.x.x key chain cisco key 1 key-string mypass int x/x.x ip rip auth key cisco ip rip auth mod md5 [P1R1] int s1/0 ip add 10.0.0.2 255.0.0.0 no shut ip rip auth key cisco ip rip auth mod md5 encpa fr fr map ip 10.0.0.1 103 br [/pre] [P1R2|P2R1|P2R2]设置装备摆设都是这样,不再阐述 [pre][BBR1] int s1/0 no ip add no shut int s1/0.1 mu ip add 10.0.0.1 fr map ip 10.0.0.2 301 br fr map ip 10.0.0.3 302 br ip rip auth key cisco ip rip auth mod md5 [BBR2] int s1/0 no ip add no shut int s1/0.1 mu ip add 11.0.0.1 fr map ip 11.0.0.2 604 br fr map ip 11.0.0.3 605 br ip rip auth key cisco ip rip auth mod md5 [/pre] 验证结不美观: [pre][Copy to clipboard] CODE: sh ip route R 200.200.200.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0 R 100.0.0.0/8 [120/1] via 11.0.0.2, 00:00:01, Serial1/0.1 R 172.17.0.0/16 [120/3] via 11.0.0.3, 00:00:00, Serial1/0.1 R 172.16.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1 R 172.19.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1 R 172.18.0.0/16 [120/2] via 11.0.0.3, 00:00:00, Serial1/0.1 C 219.146.241.0/24 is directly connected, FastEthernet0/0 R 192.168.4.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0 R 10.0.0.0/8 [120/1] via 219.146.241.2, 00:00:02, FastEthernet0/0 C 11.0.0.0/8 is directly connected, Serial1/0.1 R 192.168.1.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0 R 192.168.2.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0 R 192.168.3.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0 BBR膳缦沔sh fr map [Copy to clipboard] CODE: BBR2#sh fr map key chain cisco key 1 key-string mypass int x/x.x ip rip auth key cisco ip rip auth mod md5 [P1R1] int s1/0 ip add 10.0.0.2 255.0.0.0 no shut ip rip auth key cisco ip rip auth mod md5 encpa fr fr map ip 10.0.0.1 103 br [/pre] [P1R2|P2R1|P2R2]设置装备摆设都是这样,不再阐述 [pre][BBR1] int s1/0 no ip add no shut Serial1/0.1 (up): ip 11.0.0.2 dlci 604(0x25C,0x94C0), static, broadcast, CISCO, status defined, active Serial1/0.1 (up): ip 11.0.0.3 dlci 605(0x25D,0x94D0), static, broadcast, CISCO, status defined, active [/pre] 注重: 1.界说密钥,不需要在每台router上全数设定,这样是没有意义的一再劳动,在此收集结构中,只需要在P1,P2还有BBR区域的鸿沟路由器上的鸿沟端口设定key验证,现实傍边也一样,不管跑什么和谈,除非是不撑持此功能的,否则为了平安起见,至少鸿沟路由器要设定验证 2.此结构中的BBR区域桢中搜检用获得多点接口,所以,密钥的实现必然要在子接口琅缦沔实现,如不美观在物理接口上去敲呼吁,那么你debug必定会告诉你invaild auth 常识点: 桢中继交流机设置装备摆设 界说交流机frame switch 进入端口 no ip no shut 封装frame 界说frame intf-type dce 界说lmi 界说clockrate 界说frame route 100 interface s1/1 200 典型设置装备摆设 [pre]interface Serial1/0 no ip address encapsulation frame-relay no fair-queue serial restart-delay 0 clock rate 64000 frame-relay intf-type dce frame-relay route 100 interface Serial1/1 200 frame-relay route 600 interface Serial1/2 500 ! interface Serial1/1 no ip address encapsulation frame-relay serial restart-delay 0 clock rate 64000 frame-relay intf-type dce frame-relay route 200 interface Serial1/0 100 frame-relay route 300 interface Serial1/2 400 ! interface Serial1/2 no ip address encapsulation frame-relay serial restart-delay 0 clock rate 64000 frame-relay intf-type dce frame-relay route 400 interface Serial1/1 300 frame-relay route 500 interface Serial1/0 600 | |
 |  |