】【实验0010】【RIP 路由协议1.doc

】【实验0010】【RIP 路由协议】实验六RIP 路由协议【实验名称】RIP V2配置。【实验目的】掌握在路由器上配置RIP V2。【背景描述】假设校园网通过1台三层交换机连到校园网出口路由器，路由器再和校园外的另1台路由器连接，现做适当配置，实现校园网内部主机与校园网外部主机的相互通信。本实验以两台R1762路由器、1台三层交换机为例。S3550上划分有VLAN10和VLAN50，其中VLAN10用于连接Router1，VLAN50用于连接校园网主机。路由器分别命名为Router1和Router2，路由器之间通过串口采用V35 DCE/DTE电缆连接，DCE端连接到Router1（R1762）上。PC1的IP地址和缺省网关分别为172.16.5.11和172.16.5.1，PC2的IP地址和缺省网关分别为172.16.3.22和172.16.3.1，网络掩码都是255.255.255.0。【技术原理】RIP（Routing Information Protocols，路由信息协议）是应用较早、使用较普遍的IGP（Interior Gateway Protocol，内部网关协议），适用于小型同类网络，是典型的距离矢量（distance-vector）协议。RIP协议跳数做为衡量路径开销的，RIP协议里规定最大跳数为15。RIP协议有两个版本RIPv1和RIPv2。RIPv1属于有类路由协议，不支持VLSM（变长子网掩码），RIPv1是以广播的形式进行路由信息的更新的；更新周期为30秒。RIPv2属于无类路由协议，支持VLSM（变长子网掩码），RIPv2是以组播的形式进行路由信息的更新的，组播地址是224.0.0.9。RIPv2还支持基于端口的认证，提高网络的安全性。【实现功能】实现网络的互连互通，从而实现信息的共享和传递。【实验设备】S3550交换机（1台）、R1762路由器（两台）、V35线缆（1根）、直连线或交叉线（1条）【实验拓扑】0010.JPG (25.75 KB)2008-11-5 17:14注：路由器和主机直连时，需要使用交叉线，在R1762的以太网接口支持MDI/MDIX，使用直连线也可以连通。R1的S1/2为DCE接口。【实验步骤】步骤20. 基本配置。三层交换机基本配置switch#configure terminalswitch(config)#hostname S3550S3550(config)#vlan 10S3550(config-vlan)#exitS3550(config)#vlan 50S3550(config-vlan)#exitS3550(config)#interface f0/1S3550(config-if)#switchport access vlan 10S3550(config-if)#exitS3550(config)#interface f0/5S3550(config-if)#switchport access vlan 50S3550(config-if)#exitS3550(config)#interface vlan 10 !创建VLAN虚接口，并配置IPS3550(config-if)#ip address 172.16.1.2 255.255.255.0S3550(config-if)#no shutdownS3550(config-if)#exitS3550(config)#interface vlan 50 !创建VLAN虚接口，并配置IPS3550(config-if)#ip address 172.16.5.1 255.255.255.0S3550(config-if)#no shutdownS3550(config-if)#exit步骤21. 验证测试：S3550#show vlanVLAN Name Status Ports-1 default active Fa0/2 ,Fa0/3 Fa0/4 ,Fa0/6 ,Fa0/7 Fa0/8 ,Fa0/9 ,Fa0/10 Fa0/11,Fa0/12,Fa0/13 Fa0/14,Fa0/15,Fa0/16 Fa0/17,Fa0/18,Fa0/19 Fa0/20,Fa0/21,Fa0/22 Fa0/23,Fa0/2410 vlan10 active Fa0/150 vlan50 active Fa0/5S3550#show ip interfaceInterface : VL10Description : Vlan 10OperStatus : UPManagementStatus : EnabledPrimary Internet address: 172.16.1.1/24Broadcast address : 255.255.255.255PhysAddress : 00d0.f8ff.8ab5Interface : VL50Description : Vlan 50OperStatus : UPManagementStatus : EnabledPrimary Internet address: 172.16.5.1/24Broadcast address : 255.255.255.255PhysAddress : 00d0.f8ff.8ab6路由器基本配置Router1(config)# interface fastethernet 1/0Router1(config-if)# ip address 172.16.1.1 255.255.255.0Router1(config-if)# no shutdownRouter1(config-if)#exitRouter1(config)# interface serial 1/2Router1(config-if)# ip address 172.16.2.1 255.255.255.0Router1(config-if)#clock rate 64000Router1(config-if)# no shutdownRouter2(config)# interface fastethernet 1/0Router2(config-if)# ip address 172.16.3.1 255.255.255.0Router2(config-if)# no shutdownRouter2(config-if)#exitRouter2(config)# interface serial 1/2Router2(config-if)# ip address 172.16.2.2 255.255.255.0Router2(config-if)# no shutdown验证测试：验证路由器接口的配置和状态。Router1#showipinterface briefInterface IP-Address(Pri) OK? Statusserial 1/2 172.16.2.1/24 YES UPserial 1/3 no address YES DOWNFastEthernet 1/0 172.16.1.1/24 YES UPFastEthernet 1/1 no address YES DOWNNull 0 no address YES UPRouter2#showipinterface briefInterface IP-Address(Pri) OK? Statusserial 1/2 172.16.2.2/24 YES UPserial 1/3 no address YES DOWNFastEthernet 1/0 172.16.3.2/24 YES UPFastEthernet 1/1 no address YES DOWNNull 0 no address YES UP步骤22. 配置RIP v2路由协议。S3550配置RIP协议S3550(config)#router rip !开启RIP协议进程S3550(config-router)#network 172.16.1.0 !申明本设备的直连网段S3550(config-router)#network 172.16.5.0S3550(config-router)#version 2Router1配置RIPv2协议Router1(config)# router ripRouter1(config-router)#network 172.16.1.0Router1(config-router)#network 172.16.2.0Router1(config-router)#version2 !定义RIP协议v2Router1(config-router)#no auto-summary !关闭路由信息的自动汇总功能Router2配置RIP协议Router2(config)# router ripRouter2(config-router)#network 172.16.2.0Router2(config-router)#network 172.16.3.0Router2(config-router)#version2Router2(config-router)#no auto-summary步骤23. 验证三台路由设备的路由表，查看是否自动学习了其他网段的路由信息。S3550#show ip routeType:C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2Type Destination IP Next hop Interface Distance Metric Status-C 172.16.1.0/24 0.0.0.0 VL10 0 0 ActiveR 172.16.2.0/24 172.16.1.1 VL10 120 2 ActiveR 172.16.3.0/24 172.16.1.1 VL10 120 3 ActiveC 172.16.5.0/24 0.0.0.0 VL50 0 0 ActiveRouter1#show ip routeCodes:C - connected, S - static,R - RIP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate defaultGateway of last resort is no setC 10.1.1.2/32 is directly connected, serial 1/2C 172.16.1.0/24 is directly connected, FastEthernet 1/0C 172.16.1.1/32 is local host.C 172.16.2.0/24 is directly connected, serial 1/2C 172.16.2.1/32 is local host.R 172.16.5.0/24 120/1 via 172.16.1.2, 00:00:01, FastEthernet 1/0R 172.16.3.0/24 120/1 via 172.16.2.2, 00:00:21, serial 1/2Router2#show ip routeCodes:C - connected, S - static,R - RIP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate defaultGateway of last resort is no setC 10.1.1.1/32 is directly connected, serial 1/2R 172.16.1.0/24 120/1 via 172.16.2.1, 00:00:03, serial 1/2C 172.16.2.0/24 is directly connected, serial 1/2C 172.16.2.2/32 is local host.R 172.16.5.0/24 120/2 via 172.16.2.1, 00:00:03, serial 1/2步骤24. 测试网络的连通性。C:ping 172.16.3.22 !从PC1 ping PC20010-1.JPG (41.5 KB)2008-11-5 17:14【注意事项】* 1、在串口上配置时钟频率时，一定要在电缆DCE端的路由器上配置，否则链路不通。* 2、No auto-summary功能只有在RIPv2支持。* 3、S3550-24没有no auto-summary命令。* 4、PC主机网关一定要指向直连接口IP地址，例如PC1网关指向三层交换机VLAN50的IP地址。【参考配置】S3550#show running-configBuilding configuration.Current configuration : 383 bytes!version 1.0!hostname s3550vlan 1!vlan 10!vlan 50!interface FastEthernet 0/1switchport access vlan 10!interface FastEthernet 0/5switchport access vlan 50!interface Vlan 10ip address 172.16.1.2 255.255.255.0!interface Vlan 50ip address 172.16.5.1 255.255.255.0!router ripversion 2network 172.16.0.0 mask 255.255.0.0!endRouter1#show running-configBuilding configuration.Current configuration : 600 bytes!version 8.32(building 5)hostname Router1!interface serial 1/2encapsulation PPPppp authentication papip address 172.16.2.1 255.255.255.0clock rate 64000!interface serial 1/3clock rate 64000!interface FastEthernet 1/0ip address 172.16.1.1 255.255.255.0duplex autospeed auto!interface FastEthernet 1/1duplex autospeed auto!interface Null 0!router ripno auto-summaryversion 2network 172.16.0.0!line con 0line aux 0line vty 0 4login!endRouter2#show running-configBuilding configuration.Current configuration : 522 bytes!version 8.32(building 53)hostname r2!interface serial 1/2encapsulation PPPip address 172.16.2.2 255.255.255.0!interface serial 1/3clock rate 64000!interface FastEthernet 1/0ip address 172.16.3.1 255.255.255.0duplex autospeed auto!interface FastEthernet 1/1duplex autospeed auto!interface Null 0!router ripno auto-summaryversion 2net】【实验0019】【PPP CHAP认证】【实验名称】PPP CHAP认证。【实验目的】掌握PPP CHAP认证的过程及配置【背景描述】你是公司的网络管理员，公司为了满足不断增长的业务需求，申请了专线接入，你的客户端路由器与ISP进行链路协商时要验证身份，配置路由器保证链路建立并考虑其安全性。【技术原理】PPP协议位于OSI七层模型的数据链路层，PPP协议按照功能划分为两个子层：LCP、NCP。LCP主要负责链路的协商、建立、回拨、认证、数据的压缩、多链路捆绑等功能。NCP主要负责和上层的协议进行协商，为网络层协议提供服务。PPP的认证功能是指在建立PPP链路的过程中进行密码的验证，验证通过建立连接，验证不通过拆除链路。CHAP（Challenge Handshake Authentication Protocol，挑战式握手验证协议）是指验证双方通过三次握手完成验证过程，比PAP更安全。由验证方主动发出挑战报文，由被验证方应答。在整个验证过程中，链路上传递的信息都进行了加密处理。【实现功能】在链路协商时保证安全验证。链路协商时密码以密文的方式传输，更安全。【实验设备】R1762（两台）、V.35线缆（1条）【实验拓扑】无标题.jpg (8.11 KB)2008-11-14 13:40图 24【实验步骤】步骤1. 基本配置。Red-Giant(config)#hostname RaRa(config)# interface serial 1/2Ra(config-if)#ip address 1.1.1.1 255.255.255.0Ra(config-if)#no shutdownRed-Giant(config)#hostname RbRb(config)# interface serial 1/2Rb(config-if)#ip address 1.1.1.2 255.255.255.0Rb(config-if)#clock rate 64000Rb(config-if)#no shutdown验证测试： (以Ra为例)Ra#show interface serial 1/2serial 1/2 is UP, line protocol is UPHardware is PQ2 SCC HDLC CONTROLLER serialInterface address is: 1.1.1.1/24MTU 1500 bytes, BW 2000 KbitEncapsulation protocol is HDLC, loopback not setKeepalive interval is 10 sec , setCarrier delay is 2 secRXload is 1 ,Txload is 1Queueing strategy: WFQ5 minutes input rate 11 bits/sec, 0 packets/sec5 minutes output rate 11 bits/sec, 0 packets/sec 33 packets input, 726 bytes, 0 no buffer Received 33 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort 32 packets output, 704 bytes, 0 underruns 0 output errors, 0 collisions, 6 interface resets 3 carrier transitions V35 DTE cable DCD=upDSR=upDTR=upRTS=upCTS=up步骤2. 配置PPP CHAP认证Ra(config)#username Rb password 0 star ! 以对方的主机名作为用户名,密码和对方的路由器一致Ra(config)#interface serial 1/2Ra(config-if)#encapsulation pppRa(config-if)#ppp authentication chap ! PPP启用CHAP方式验证Rb(config)#username Ra password 0 star ! 以对方的主机名作为用户名,密码和对方的路由器一致Rb(config)#interface serial 1/2Rb(config-if)# encapsulation ppp验证测试：Ra#debug ppp authentication ! 观察CHAP验证过程%LINK CHANGED: Interface serial 1/2, changed state to down%LINE PROTOCOL CHANGE: Interface serial 1/2, changed state to DOWNPPP: ppp_clear_author(), protocol = TYPE_LCP%LINK CHANGED: Interface serial 1/2, changed state to upPPP: serial 1/2 Send CHAP challenge id=29 to remote hostPPP: serial 1/2 authentication event enqueue ,message type = RECV_CHAP_RESPONSEPPP: dispose authentication message RECV_CHAP_RESPONSEPPP: serial 1/2 CHAP response id=29 ,received from RbPPP: serial 1/2 Send CHAP success id=29 to remotePPP: serial 1/2 remote router passed CHAP authentication.PPP: serial 1/2 lcp authentication OK!PPP: ppp_clear_author(), protocol = TYPE_IPCP%LINE PROTOCOL CHANGE: Interface serial 1/2, changed state to UP【注意事项】1、在DCE端要配置时钟；2、Ra(config)#username Rb password 0 star!username后面的参数是对方的主机名；3、Rb(con