[思科考试]思科认证：思科路由实验项目全程记录及知识点归纳（5）

尝试5 全区域中经由过程桢中继实现RIPv2路由和谈 + 密钥验证





为什么非冲要手密钥验证部门，因为现实中它根基上是必需的
[P1;P2;BBR]通用部门

[pre]router rip
ver 2
net x.x.x.x
key chain cisco
key 1
key-string mypass
int x/x.x
ip rip auth key cisco
ip rip auth mod md5
[P1R1]
int s1/0
ip add 10.0.0.2 255.0.0.0
no shut
ip rip auth key cisco
ip rip auth mod md5
encpa fr
fr map ip 10.0.0.1 103 br [/pre]


[P1R2|P2R1|P2R2]设置装备摆设都是这样，不再阐述
[pre][BBR1]
int s1/0
no ip add
no shut
int s1/0.1 mu
ip add 10.0.0.1
fr map ip 10.0.0.2 301 br
fr map ip 10.0.0.3 302 br
ip rip auth key cisco
ip rip auth mod md5
[BBR2]
int s1/0
no ip add
no shut
int s1/0.1 mu
ip add 11.0.0.1
fr map ip 11.0.0.2 604 br
fr map ip 11.0.0.3 605 br
ip rip auth key cisco
ip rip auth mod md5
[/pre]

验证结不美观：

[pre][Copy to clipboard]
CODE:
sh ip route
R 200.200.200.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 100.0.0.0/8 [120/1] via 11.0.0.2, 00:00:01, Serial1/0.1
R 172.17.0.0/16 [120/3] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.16.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.19.0.0/16 [120/1] via 11.0.0.3, 00:00:00, Serial1/0.1
R 172.18.0.0/16 [120/2] via 11.0.0.3, 00:00:00, Serial1/0.1
C 219.146.241.0/24 is directly connected, FastEthernet0/0
R 192.168.4.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 10.0.0.0/8 [120/1] via 219.146.241.2, 00:00:02, FastEthernet0/0
C 11.0.0.0/8 is directly connected, Serial1/0.1
R 192.168.1.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 192.168.2.0/24 [120/2] via 219.146.241.2, 00:00:02, FastEthernet0/0
R 192.168.3.0/24 [120/3] via 219.146.241.2, 00:00:02, FastEthernet0/0
BBR膳缦沔sh fr map
[Copy to clipboard]
CODE:
BBR2#sh fr map
key chain cisco
key 1
key-string mypass
int x/x.x
ip rip auth key cisco
ip rip auth mod md5
[P1R1]
int s1/0
ip add 10.0.0.2 255.0.0.0
no shut
ip rip auth key cisco
ip rip auth mod md5
encpa fr
fr map ip 10.0.0.1 103 br
[/pre]
[P1R2|P2R1|P2R2]设置装备摆设都是这样，不再阐述

[pre][BBR1]
int s1/0
no ip add
no shut
Serial1/0.1 (up): ip 11.0.0.2 dlci 604(0x25C,0x94C0), static,
broadcast,
CISCO, status defined, active
Serial1/0.1 (up): ip 11.0.0.3 dlci 605(0x25D,0x94D0), static,
broadcast,
CISCO, status defined, active
[/pre]

注重：
1.界说密钥，不需要在每台router上全数设定，这样是没有意义的一再劳动，在此收集结构中，只需要在P1,P2还有BBR区域的鸿沟路由器上的鸿沟端口设定key验证，现实傍边也一样，不管跑什么和谈，除非是不撑持此功能的，否则为了平安起见，至少鸿沟路由器要设定验证
2.此结构中的BBR区域桢中搜检用获得多点接口，所以，密钥的实现必然要在子接口琅缦沔实现，如不美观在物理接口上去敲呼吁，那么你debug必定会告诉你invaild auth
常识点：
桢中继交流机设置装备摆设
界说交流机frame switch
进入端口
no ip no shut
封装frame
界说frame intf-type dce
界说lmi
界说clockrate
界说frame route 100 interface s1/1 200
典型设置装备摆设

[pre]interface Serial1/0
no ip address
encapsulation frame-relay
no fair-queue
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 100 interface Serial1/1 200
frame-relay route 600 interface Serial1/2 500
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 200 interface Serial1/0 100
frame-relay route 300 interface Serial1/2 400
!
interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 400 interface Serial1/1 300
frame-relay route 500 interface Serial1/0 600