Norvel Networks
目录
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
实验
1．
2．
3．
4．
5．
6．
7．
8．
9．
10．
11．
11．
12．
13．
14．
15．
16．
17．
18．
19．
20．
21．
22．
23．
24．
25．
26．
27．
28．
29．
30．
31．
32．
33．
登录 Cisco 路由器/交换机 1
初始化路由器和创建 Startup-config 文件 5
了解用户模式、特权模式和全局模式
8
配置特权模式密码 13
配置 VTY 登录安全 15
查看路由器的 Running-config 配置文件 16
查看路由器的 Startup-config 配置文件 17
备份路由器的 running-config 至 startup-config
19
清除路由器的配置 21
更改路由器的寄存器值 22
配置路由器的主机名与 IP 地址映射表 23
配置路由器的主机名与 IP 地址映射表 23
配置命令缩写 24
配置路由器的 BANNER 信息 25
做实验前的默认配置
26
查看路由器信息相关命令 27
配置 VTY 接口使用本地用户名与密码进行登录 31
捕获 HyperTerminal 和 Telnet 会话 32
配置路由器基本连接
34
路由器连接登录操作
38
静态路由配置 40
默认路由配置 64
RIP 路由选择基础实验 67
RIPv1 发送和接收规则 76
RIP 不支持不连续子网 81
配置使用 RIPv2 84
配置 RIP 认证 89
IGRP 实验 93
EIGRP 实验 97
OSPF 路由实验 101
使用 ACL 增强 Router 安全 107
标准访问控制列表 108
扩展访问控制列表 110
备份 IOS 到 TFTP 服务器 110
登录 Cisco 路由器/交换机
文件名：533580458
最后更新：3/8/2016
第 1 页 共 111 页
Norvel Networks
图表 1 登录 Cisco Router Switch
实验目的
了解始何在 PC 使用客户端登录到路由器上
实验过程
启动 Hyper Terminal 程序
图表 2 在运行输入 HYPERTRM.EXE 调出超级终端
文件名：533580458
最后更新：3/8/2016
第 2 页 共 111 页
Norvel Networks
图表 3 在"连接描述" 输入连接名称
图表 4 在"连接到"中选择连接到 Router 的 Com 口
文件名：533580458
最后更新：3/8/2016
第 3 页 共 111 页
Norvel Networks
图表 5 在 Com 口属性对话框中点击"还原为默认值"
登录到路由器上开始进行配置
图表 6 点击确认显示 Router 的提示符
文件名：533580458
最后更新：3/8/2016
第 4 页 共 111 页
Norvel Networks
初始化路由器和创建 Startup-config 文件
实验目的
了解路由器初次启动时如何进行配置与保存配置
实验过程
登录没有进行过配置的路由器
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
//如果路由器刚启动时在 nvram 中没有 startup-config 或是寄存器值为 0x2142 时，
路由路会出现初始化本配置向导，如果我们选择 yes 将进入其配置模式
yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
//是否进行基本配置
Configuring global parameters:
Enter host name [Router]: Rack141R1
//输入路由器的 hostname
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
//输入路由器的特权 md5 密码
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: cisco
//输入路由器的特权密码(明文显示在配置文件中)
% Please choose a password that is different from the enable secret
//不允许特权 md5 密码与特权密码(明文)相同
Enter enable password: training
//再次输入特权密码（明文）
文件名：533580458
最后更新：3/8/2016
第 5 页 共 111 页
Norvel Networks
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: training
Configure SNMP Network Management? [yes]: yes
//是否配置 SNMP 网管协议
Community string [public]: public
//配置 SNMP 网管协议的 Communtiy 社团值
Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
unassigned
NO
unset
up
up
Ethernet0/1
unassigned
NO
unset
up
up
unassigned
NO unset up
Serial1/0
unassigned
NO
unset
up
down
Enter interface name used to connect to the
management network from the above interface summary: ethernet0/0
//对路由器上的某个接口进行配置，输入接口的名称即可
Configuring interface Ethernet0/0:
Configure IP on this interface? [yes]: yes
//是否在接口上配置一个 IP 地址
IP address for this interface: 192.168.0.1
//配置接口的 IP 地址
Subnet mask for this interface [255.255.255.0] :
Class C network is 192.168.0.0, 24 subnet bits; mask is /24
The following configuration command script was created:
hostname Rack141R1
enable secret 5 $1$k39O$aQQirPZhZhVOS.TEvypiY/
enable password training
line vty 0 4
password training
snmp-server community public
!
no ip routing
文件名：533580458
最后更新：3/8/2016
第 6 页 共 111 页
Norvel Networks
!
interface Ethernet0/0
no shutdown
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/1
shutdown
no ip address
!!
interface Serial1/0
shutdown
no ip address
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
//选择选存配置文件到 NVRAM 中(即生成 startup-config)，并退出至命令提示行
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
*Mar 1 00:01:31.599: %SYS-5-RESTART: System restarted -Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 06-Nov-06 14:22 by ccai
*Mar 1 00:01:31.627: %SNMP-5-COLDSTART: SNMP agent on host Rack141R1
is undergoing a cold start
Rack141R1>
文件名：533580458
最后更新：3/8/2016
第 7 页 共 111 页
Norvel Networks
了解用户模式、特权模式和全局模式
实验目的
了解思科 IOS 的不同配置模式
实验过程
登录路由器
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>
//现在我们进入到了 User mode，在这个模式下我们使用 ? 号可以看到能够输入
的命令
输入 ? 号查看能够运行的命令列表
Router>?
Exec commands:
access-enable
Create a temporary Access-List entry
access-profile
Apply user-profile to interface
clear
Reset functions
connect
Open a terminal connection
disable
Turn off privileged commands
disconnect
Disconnect an existing network connection
enable
Turn on privileged commands
exit
Exit from the EXEC
help
Description of the interactive help system
lock
Lock the terminal
login
Log in as a particular user
logout
Exit from the EXEC
mls
exec mls router commands
mstat
Show statistics after multiple multicast traceroutes
mtrace
Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad
Open a X.29 PAD connection
ping
Send echo messages
ppp
Start IETF Point-to-Point Protocol (PPP)
进入特权模式
Router>enable
Router#
//进行特权模式后，可以看到路由器的提示符由 > 变成了 #
在特权模式下输入 ? 号查看能够运行的命令
文件名：533580458
最后更新：3/8/2016
第 8 页 共 111 页
Norvel Networks
Router#?
//输入?号查看可以运行的命令
//与用户模式比较一下，看看有什么区别？
Exec commands:
access-enable
Create a temporary Access-List entry
access-profile
Apply user-profile to interface
access-template Create a temporary Access-List entry
bfe
For manual emergency modes setting
cd
Change current directory
clear
Reset functions
clock
Manage the system clock
configure
Enter configuration mode
connect
Open a terminal connection
copy
Copy from one file to another
debug
Debugging functions (see also 'undebug')
delete
Delete a file
dir
List files on a filesystem
disable
Turn off privileged commands
disconnect
Disconnect an existing network connection
enable
Turn on privileged commands
erase
Erase a filesystem
exit
Exit from the EXEC
help
Description of the interactive help system
lock
Lock the terminal
login
Log in as a particular user
logout
Exit from the EXEC
mls
exec mls router commands
mstat
Show statistics after multiple multicast traceroutes
mtrace
Trace reverse multicast path from destination to source
name-connection Name an existing network connection
no
Disable debugging functions
pad
Open a X.29 PAD connection
ping
Send echo messages
ppp
Start IETF Point-to-Point Protocol (PPP)
reload
Halt and perform a cold restart
show
Show running system information
slip
Start Serial-line IP (SLIP)
start-chat
Start a chat-script on a line
systat
Display information about terminal lines
telnet
Open a telnet connection
terminal
Set terminal line parameters
test
Test subsystems, memory, and interfaces
traceroute
Trace route to destination
文件名：533580458
最后更新：3/8/2016
第 9 页 共 111 页
Norvel Networks
Router#
再退出到用户模式下
Router#disable
Router>
现在进入到全局配置模式下
Router>
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
//当从特权模式转到全局配置模式下时，路由器的提示符由 Router# 变成了
Router(config)#
在全局模式下输入 ? 号查看一下支持的命令
Router(config)#?
// 现在可以看到在全局模式下支持的命令明显的比较多
Configure commands:
aaa
Authentication, Authorization and Accounting.
access-list
Add an access list entry
alias
Create command alias
appletalk
Appletalk global configuration commands
arap
Appletalk Remote Access Protocol
arp
Set a static ARP entry
async-bootp
Modify system bootp parameters
autonomous-system
Specify local AS number to which we belong
banner
Define a login banner
boot
Modify system boot parameters
bridge
Bridge Group.
buffers
Adjust system buffer pool parameters
busy-message
Display message when connection to host fails
call-history-mib
Define call history mib parameters
cdp
Global CDP configuration subcommands
chat-script
Define a modem chat script
clock
Configure time-of-day clock
config-register
Define the configuration register
controller
Configure a specific controller
decnet
Global DECnet configuration subcommands
default
Set a command to its defaults
default-value
Default character-bits values
dialer
Dialer watch commands
dialer-list
Create a dialer list entry
dnsix-dmdp
Provide DMDP service for DNSIX
文件名：533580458
最后更新：3/8/2016
第 10 页 共 111 页
Norvel Networks
dnsix-nat
Provide DNSIX service for audit trails
downward-compatible-config Generate a configuration compatible with older
software
dss
Configure dss parameters
enable
Modify enable password parameters
end
Exit from configure mode
exception
Exception handling
exit
Exit from configure mode
file
Adjust file system parameters
frame-relay
global frame relay configuration commands
help
Description of the interactive help system
hostname
Set system's network name
interface
Select an interface to configure
ip
Global IP configuration subcommands
ipx
Novell/IPX global configuration commands
key
Key management
line
Configure a terminal line
logging
Modify message logging facilities
login-string
Define a host-specific login string
map-class
Configure static map class
map-list
Configure static map list
memory-size
Adjust memory size by percentage
menu
Define a user-interface menu
mls
mls router global commands
modemcap
Modem Capabilities database
mop
Configure the DEC MOP Server
multilink
PPP multilink global configuration
netbios
NETBIOS access control filtering
no
Negate a command or set its defaults
ntp
Configure NTP
partition
Partition device
printer
Define an LPD printer
priority-list
Build a priority list
privilege
Command privilege parameters
prompt
Set system's prompt
queue-list
Build a custom queue list
resume-string
Define a host-specific resume string
rif
Source-route RIF cache
rlogin
Rlogin configuration commands
rmon
Remote Monitoring
route-map
Create route-map or enter route-map command
mode
router
Enable a routing process
rtr
RTR Base Configuration
文件名：533580458
最后更新：3/8/2016
第 11 页 共 111 页
Norvel Networks
scheduler
service
smrp
configuration
snmp-server
stackmaker
state-machine
subscriber-policy
tacacs-server
terminal-queue
tftp-server
username
virtual-profile
x25
x29
Router(config)#
Scheduler parameters
Modify use of network based services
Simple Multicast Routing Protocol
commands
Modify SNMP parameters
Specify stack name and add its member
Define a TCP dispatch state machine
Subscriber policy
Modify TACACS query parameters
Terminal queue commands
Provide TFTP service for netload requests
Establish User Name Authentication
Virtual Profile configuration
X.25 Level 3
X29 commands
退出到特权模式
Router(config)#exit
Router#
文件名：533580458
最后更新：3/8/2016
第 12 页 共 111 页
Norvel Networks
配置特权模式密码
实验目的
了解如何加强特权模式下的安全
实验过程
首先配置路由器的 enable 权限密码
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password cisco
//配置登录特权模式的密码为 cisco
配置完后我们使用 show running-config 查看配置文件：
Router#sh run
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable password cisco
//可以在 show running-config 文件中看到密码以明文形式，这样密码很容易泄漏
为了对明文密码加密，可以使用：
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
再使用 show running-config 查看一下配置文件：
Router#sh run
Building configuration...
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
文件名：533580458
最后更新：3/8/2016
第 13 页 共 111 页
Norvel Networks
!
enable password 7 030752180500
//现在看到当使用了 service password-encryption 后在 show running-config 中密码
不在以明文的方式显示出来
我们使用更加安全的加密方式
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret password
再次查看一下配置文件
Router#sh run
Building configuration...
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$Exm1$1U1XmnWnxYDRemFHhp4aS0
// 在 show running-config 的结果中 enable secret 的密码是无法看到的，且无法破
解
enable password 7 030752180500
文件名：533580458
最后更新：3/8/2016
第 14 页 共 111 页
Norvel Networks
配置 VTY 登录安全
实验目的
了解如何加强远程登录的安全性
实验过程
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
问题
以下配置情况能否进行远程登录：
Router(config)#line vty 0 4
Router(config-line)#password cisco
□可以登录 □不能登录
Router(config-line)#login
Router(config)#line vty 0 4
□可以登录 □不能登录
Router(config-line)#login
Router(config)#line vty 0 4
□可以登录 □不能登录
Router(config-line)#password cisco
Router(config)#line vty 0 4
Router(config-line)#password cisco
□可以登录 □不能登录
Router(config-line)#login
Router(config-line)#no login
Router(config)#line vty 0 4
Router(config-line)#password cisco
□可以登录 □不能登录
Router(config-line)#login
Router(config-line)#no password
使用什么方法可以查看到是否有人登录到自己的路由器上？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
怎么验证我们对 Vty 接口进行的配置呢？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 15 页 共 111 页
Norvel Networks
查看路由器的 Running-config 配置文件
实验目的
了解思科路由器上的 Running-config 文件的作用与操作方法
实验过程
在特权模式下使用 show running-config 调出内存中的配置
Router#show running-config
Building configuration...
Current configuration:
!
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$Exm1$1U1XmnWnxYDRemFHhp4aS0
enable password 7 030752180500
!
username user1 password 7 0311480E145E
username user2 password 7 010615014959
username eee password 7 03
username eee autocommand show ver
username xxx password 7 09
!
interface Loopback0
no ip address
!
interface Ethernet0/0
怎么验证这个文件是否存在可以使用 dir system:
Router#dir system:
Directory of system:/
12 drwx
0
<no date> its
2 dr-x
0
<no date> memory
1 -rw873
<no date> running-config
//可以看到在路由器的 system: 文件系统（即内存）下有一个名为 running-confi
文件名：533580458
最后更新：3/8/2016
第 16 页 共 111 页
Norvel Networks
查看路由器的 Startup-config 配置文件
实验目的
了解思科路由器上的 startup-config 文件的作用与操作方法
实验过程：
查看路由器的 startup-config
Router#
Router#show startup-config
//查看在 nvram 中的 startup-config 配置文件
startup-config is not present
//nvram 中没有此文件
现在使用 copy 命令保存文件
Router#copy system:/running-config nvram:/startup-config
// copy 命令的格式为 copy 源路径:/文件名 目标路径:/文件名
//这句命令的作用是把内存中的 running-config 拷贝到 nvram 中的 startup-config
文件
Destination filename [startup-config]?
Building configuration...
[OK]
当拷贝完成后，查看一下 nvram 中的文件
Router#dir nvram:
Directory of nvram:/
124 -rw895
<no date> startup-config
//现在可以看到在 nvram 中有一个名为 startup-config 的文件
125 ---5
<no date> private-config
1 -rw0
<no date> ifIndex-table
129016 bytes total (127040 bytes free)
Startup-config 文件在路由器重启时是否调入到内存中，是基于路由器的寄存器值
来决定的
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 06-Nov-06 14:22 by ccai
Image text-base: 0x60008B00, data-base: 0x6194C000
ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)
文件名：533580458
最后更新：3/8/2016
第 17 页 共 111 页
Norvel Networks
Router uptime is 23 minutes
System returned to ROM by unknown reload cause
boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
-
suspect
cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.
Processor board ID 00000000
R4700 CPU at 80MHz, Implementation 33, Rev 1.2
Bridging software.
X.25 software, Version 3.0.0.
4 Ethernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
//值是 0x2104 则是指在路由器重启时调 startup-config 到内存
//现在可以看到当前的路由器是 0x2102
文件名：533580458
最后更新：3/8/2016
第 18 页 共 111 页
Norvel Networks
备份路由器的 running-config 至 startup-config
实验目的
了解思科路由器的 Running-config 与 startup-config 文件的区别
实验过程
登录路由器
cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.
Processor board ID 00000000
R4700 CPU at 80MHz, Implementation 33, Rev 1.2
Bridging software.
X.25 software, Version 3.0.0.
4 Ethernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog --ould you like to enter the initial configuration dialog? [yes/no]: {
% Please answer 'yes' or 'no'.
//选择 NO 以进入命令提示符下
这时，输入 show startup-config
Router#show startup-config
startup-config is not present
//思考，现在为什么显示没有这个文件呢？
我们将内存中的配置文件保存到 NVRAM 中
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show startup-config
//现在在次查看 startup-config，可以看到已经有这个文件了！
Using 895 out of 129016 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
文件名：533580458
最后更新：3/8/2016
第 19 页 共 111 页
Norvel Networks
boot-start-marker
boot-end-marker
!
enable password cisco
使用相同的命令
Router#copy system:/running-config nvram:/startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
问题
使用 dir nvram:/ 能否看到 startup-config 的文件内容？
____________________________________________________________________
____________________________________________________________________
简述 running-config 与 startup-config 的区别是什么？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 20 页 共 111 页
Norvel Networks
清除路由器的配置
实验目的
了解如何清除路由器上当前的配置
实验环境描述
当您的路由器已经有配置、或是有残留配置时可以对路由器进行重启，但是如果
路由器保存有 startup-config 的话，下次重启时路由器会自动加载这个配置文件，
所以我们需要对 startup-config 进行清除
实验过程
首先确定您的路由器中是否有 startup-config 文件
Router#show startup-config
Using 1268 out of 129016 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
现在我们对这个文件进行清除
Router#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
Router#
现在再查看一下是否还有 startup-config
Router#show startup-config
%% Non-volatile configuration memory is not present
Router#
练习
在 深 度的实验室中， 我们需要重新做实验 时，是否需要删除 Nvram 中的
startup-config 文件呢？
_____________________________________________________________________
_____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 21 页 共 111 页
Norvel Networks
更改路由器的寄存器值
实验目标
了解 Cisco 路由器上的寄存器值的作用与配置方法
实验过程
登录 Router，使用 show version 查看版本
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 06-Nov-06 14:22 by ccai
Image text-base: 0x60008B00, data-base: 0x6194C000
Configuration register is 0x2142
//在 show version 命令的最后一行显示了当前路由器的寄存器值，本实验中的值
为 0x2142(16 进制)
修改路由器的寄存器值
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
// Config-register 后面跟上想修改的寄存器值
实验总结
表格 1 常用寄存器值
0x2100
Rom Monitor
0x2101
从 Rom 启动
0x2102
从 FLASH 启动，同时读取 NVRAM 中的 startup-config（这是默认
的值）
0x2142
从 FLASH 启动，跳过 NVRAM 中的 startup-config，常用于进行密
码恢复
文件名：533580458
最后更新：3/8/2016
第 22 页 共 111 页
Norvel Networks
配置路由器的主机名与 IP 地址映射表
实验目的
了解思科路由器的 Host 地址映射表的作用与操作方法
实验过程
在 R1 上配置主机名(hostname) 与 IP 地址的映射关系
Rack141R1(config)#ip host Rack141R2 219.145.77.88
Rack141R1(config)#ip host Rack141R3 33.87.73.123
Rack141R1(config)#ip host Rack141R4 141.21.44.2
查看当前路由器上进行的映射关系配置
Rack141R1#show hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host
Port Flags
Age Type
Address(es)
Rack141R2
None (perm, OK) 0
IP
219.145.77.88
Rack141R3
None (perm, OK) 0
IP
33.87.73.123
Rack141R4
None (perm, OK) 0
IP
141.21.44.2
练习
在路由器上配置 hostname 与 IP 地址映射有什么作用呢？
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
（2）怎么样验证我们配置的映射是可以正常使用的？
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 23 页 共 111 页
Norvel Networks
配置命令缩写
实验目的
了解思科路由器上命令缩写的使用
实验过程
登录路由器，开始配置
Rack141R1(config)#alias exec sir show ip route
//定义输入 sir 等于输入 show ip route
Rack141R1(config)#exit
Rack141R1#sir
//现在直接输入 sir 即等于输入了 show ip route,这样我们就可以支持命令缩写了
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
Rack141R1#
实验总结
我们可以定义出自己经常使用的命令的缩写（注：以下并不是标准，具体缩写根
据习惯）
alias exec ct conf t
alias exec sr sh run
alias exec sri sh run int
alias exec u undeb all
alias exec sfm sh frame map
alias exec sfr sh frame route
alias exec sfp sh fram pvc
alias exec sis sh isdn stat
alias exec sam sh atm map
alias configure rr router rip
alias configure ro router ospf
文件名：533580458
最后更新：3/8/2016
第 24 页 共 111 页
Norvel Networks
配置路由器的 BANNER 信息
实验目的
了解如何对思科路由器上进行 Banner 配置
实验过程
使用 bannd motd %进行 banner 配置
Router(config)#
Router(config)#banner motd %
Enter TEXT message. End with the character '%'.
_ --- _
_----_
/
\
@@@@
\
/|
. .|\ @@@@@. . |\
( #( oo)#
@@@@(oo)~)
_!s/ \ ~~\|
\|<~~ \
!t(____ H _)_
_(__~H___)_
%
Router(config)#
退出路由器验证 banner 是否有效
Router con0 is now available
Press RETURN to get started.
*Mar 1 00:20:20.119: %SYS-5-CONFIG_I: Configured from console by console
_ --- _
_----_
/
\
@@@@
\
/|
. .|\ @@@@@. . |\
( #( oo)#
@@@@(oo)~)
_!s/ \ ~~\|
\|<~~ \
!t(____ H _)_
_(__~H___)_
Router>
文件名：533580458
最后更新：3/8/2016
第 25 页 共 111 页
Norvel Networks
做实验前的默认配置
实验目的
了解做实验之前需要进行的基本配置
实验过程
Router(config)#
*Mar 1 00:34:56.395: %SYS-5-CONFIG_I: Configured from console by console
Router(config)#enable password cisco
Router(config)#hostname Rack141R1
Rack141R1(config)#no ip domain-lookup
Rack141R1(config)#line con 0
Rack141R1(config-line)#login
% Login disabled on line 0, until 'password' is set
Rack141R1(config-line)#password cisco
Rack141R1(config-line)#exec-timeout 0 0
Rack141R1(config-line)#logging synchronous
Rack141R1(config-line)#
Rack141R1(config-line)#line vty 0 4
Rack141R1(config-line)#login
% Login disabled on line 66, until 'password' is set
% Login disabled on line 67, until 'password' is set
% Login disabled on line 68, until 'password' is set
% Login disabled on line 69, until 'password' is set
% Login disabled on line 70, until 'password' is set
Rack141R1(config-line)#password cisco
Rack141R1(config-line)#exec-timeout 0 0
Rack141R1(config-line)#logging synchronous
Rack141R1(config-line)#exit
练习
解释做实验之前需要进行配置的每一条命令的具体作用
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 26 页 共 111 页
Norvel Networks
查看路由器信息相关命令
实验目的
了解如何在思科路由器上查看基本的信息
实验过程
使用 show 命令查看思科中路器的不同信息，使用 show version 查看路由器的版
本
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 06-Nov-06 14:22 by ccai
Image text-base: 0x60008B00, data-base: 0x6194C000
ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)
Router uptime is 23 minutes
System returned to ROM by unknown reload cause
boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
-
suspect
cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.
Processor board ID 00000000
R4700 CPU at 80MHz, Implementation 33, Rev 1.2
Bridging software.
X.25 software, Version 3.0.0.
4 Ethernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
查看接口信息
Rack141R1#show ip interface brief
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
unassigned
YES unset administratively down
down
Ethernet0/1
unassigned
YES unset administratively down
down
文件名：533580458
最后更新：3/8/2016
第 27 页 共 111 页
Norvel Networks
Ethernet0/2
down
Ethernet0/3
down
Serial1/0
down
Serial1/1
down
Serial1/2
down
Serial1/3
down
Rack141R1#
unassigned
YES unset
administratively down
unassigned
YES unset
administratively down
unassigned
YES unset
administratively down
unassigned
YES unset
administratively down
unassigned
YES unset
administratively down
unassigned
YES unset
administratively down
查看进程
Rack141R1#show processes
CPU utilization for five seconds: 4%/0%; one minute: 0%; five minutes: 0%
PID QTy
PC Runtime (ms)
Invoked
uSecs
Stacks TTY Process
1 Cwe 60499ED4
0
2
0 5624/6000 0 Chunk
Manager
2 Csp 604C8478
0
544
0 2628/3000
0 Load
Meter
3 M*
0
2776
513
541110280/12000 0 Exec
4 Mwe 610088F4
0
1
023508/24000 0
EDDRI_MAIN
5 Lst 604A87C8
1756
314
5592 5648/6000
0 Check
heaps
6 Cwe 604AE7D0
0
1
0 5608/6000 0 Pool
Manager
7 Mst 603E2728
0
2
0 5604/6000 0 Timers
8 Mwe 6001FF08
0
2
0 5600/6000 0 Serial
Backgroun
9 Mwe 603B5644
0
2
0 5588/6000 0 AAA
high-capacit
10 Mwe 6054E548
4
1
400011624/12000 0 OIR
Handler
11 Msi 605720A4
0
92
0 5612/6000
0
Environmental mo
12 Mwe 60574860
8
54
148 5604/6000
0 ARP
Input
13 Mwe 60770994
0
543
0 5684/6000
0 HC
Counter Timer
14 Mwe 607EF2EC
0
3
0 5592/6000 0 DDR
Timers
文件名：533580458
最后更新：3/8/2016
第 28 页 共 111 页
Norvel Networks
15 Lwe 60A62404
MIB API
16 Mwe 60F5F32C
Idle Timer
17 Mwe 60026358
SERIAL A'detect
12
2
0
6000 5544/6000
2
0
查看内存使用情况
Rack141R1# show memory
Head
Total(b)
Largest(b)
Processor
629D38E0
19681440
13764488
I/O
3C00000
4194304
1966140
0 5604/6000
1
0 Entity
0 ATM
0 5648/6000
0
Used(b)
Free(b)
Lowest(b)
5239676
14441764
14168384
2228120
1966184
1966184
Processor memory
Address
Bytes
Prev
Next Ref
PrevF
NextF Alloc PC
what
629D38E0 0000020000 00000000 629D872C 001 -------- -------- 60496C20
Managed Chunk Queue Elements
629D872C 0000010000 629D38E0 629DAE68 001 -------- -------- 604AA670 List
Elements
629DAE68 0000005000 629D872C 629DC21C 001 -------- -------- 604AA6B4
List Headers
629DC21C 0000000044 629DAE68 629DC274 001 -------- -------- 6192D0AC
*Init*
629DC274 0000000044 629DC21C 629DC2CC 001 -------- -------- 6192D0AC
*Init*
629DC2CC 0000000024 629DC274 629DC310 001 -------- -------- 60546714
*Init*
查看运行的协议
Rack141R1#show protocol
Global values:
Internet Protocol routing is enabled
Ethernet0/0 is administratively down, line protocol is down
Ethernet0/1 is administratively down, line protocol is down
Ethernet0/2 is administratively down, line protocol is down
Ethernet0/3 is administratively down, line protocol is down
Serial1/0 is administratively down, line protocol is down
Serial1/1 is administratively down, line protocol is down
文件名：533580458
最后更新：3/8/2016
第 29 页 共 111 页
Norvel Networks
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
查看 Tech-support
Rack141R1#show tech-support
------------------ show version -----------------Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
练习
总结常用的 show 查看命令
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 30 页 共 111 页
Norvel Networks
配置 VTY 接口使用本地用户名与密码进行登录
实验目的
了解如何配置 Telnet 登录时使用本地路由器所配置的用户名与密码
实验过程
在路由器上配置用户名与密码
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username user1 password user1
Router(config)#username user2 password user2
Router(config)#username user3 autocommand show version
配置 vty 登录时使用本地配置的用户名与密码
Router(config)#line vty 0 4
Router(config-line)#login loca
l
//思考：如果我们用 user3 进行远程登录会是什么样的效果？
文件名：533580458
最后更新：3/8/2016
第 31 页 共 111 页
Norvel Networks
捕获 HyperTerminal 和 Telnet 会话
实验目的：
了解如何使用 HyperTerminal 对路由器的配置过程进行记录
实验过程：
使用超级终端登录到路由器上时，选择菜单中的“捕获文字“选择
图表 7 在超级终端的"传递"菜单选"捕获文字"
这时会弹出捕获文字对话框，要求输入文件名
这个文件名就是我们记录输入过程的文件名
图表 8 在捕获文字对话框中输入文件名
在磁盘上查看我们的记录文件
文件名：533580458
最后更新：3/8/2016
第 32 页 共 111 页
Norvel Networks
图表 9 此时,在磁盘的 D 盘下会有 1.txt
文件名：533580458
最后更新：3/8/2016
第 33 页 共 111 页
Norvel Networks
配置路由器基本连接
61.134.1.X/24
E0/0
S1/3
S1/2
R1
172.16.0.X/24
192.168.0.X/24
S3/1
S2/1
E0/0
E0/0
S2/3
R2
10.0.0.X/24
S3/2
R3
图表 10 配置路由器基本连接拓朴
实验目的
了解如何对思科路由器进行配置的接口配置
实验过程
配置 Router1
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int e0/0
Rack100R1(config-if)#ip ad 61.134.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 192.168.0.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/3
Rack100R1(config-if)#ip ad 172.16.0.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#^Z
Rack100R1#show ip int b
00:02:29: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1#show ip int brief
Interface
IP-Address
OK? Method Status
Protocol
文件名：533580458
最后更新：3/8/2016
第 34 页 共 111 页
Norvel Networks
Ethernet0/0
up
Ethernet0/1
down
Serial1/2
up
Serial1/3
up
Serial3/0
down
Loopback0
61.134.1.1
unassigned
YES unset
192.168.0.1
172.16.0.1
unassigned
1.1.1.1
YES unset
YES manual up
YES
manual up
administratively down
YES
manual
up
YES manual
up
administratively down
up
配置 Router2
Router(config)#
Router(config)#host Rack100R2
Rack100R2(config-if)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#int e0/0
Rack100R2(config-if)#ip ad 61.134.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad
00:04:23: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:04:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Rack100R2(config-if)#ip ad 192.168.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/3
00:04:32: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:04:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2(config-if)#ip ad 10.0.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#exit
Rack100R2(config)#^Z
Rack100R2#show ip int brief
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
61.134.1.2
YES manual up
up
Serial2/0
unassigned
YES unset administratively down
down
Serial2/1
192.168.0.2
YES manual up
up
Serial2/2
unassigned
YES unset administratively down
文件名：533580458
最后更新：3/8/2016
第 35 页 共 111 页
Norvel Networks
down
Serial2/3
up
Serial3/0
down
Loopback0
10.0.0.2
unassigned
2.2.2.2
YES manual up
YES unset
YES manual up
administratively down
up
配置 Router3
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
00:00:40: %SYS-5-CONFIG_I: Configured from console by console
Router(config)#host Rack100R3
Rack100R3(config)#
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int e0/0
Rack100R3(config-if)#ip ad 61.134.1.3 255.255.255.0
Rack100R3(config-if)#no sh
00:05:35: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:05:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Rack100R3(config-if)#int s3/1
Rack100R3(config-if)#ip ad 172.16.0.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#int s3/2
00:05:46: %LINK-3-UPDOWN: Interface Serial3/1, changed state to up
00:05:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/1,
changed state to up
Rack100R3(config-if)#ip ad 10.0.0.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#exit
Rack100R3(config)#^Z
Rack100R3#show ip int brief
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
61.134.1.3
YES manual up
up
Ethernet0/1
unassigned
YES unset administratively down
down
Ethernet0/2
unassigned
YES unset administratively down
down
Ethernet0/3
unassigned
YES unset administratively down
down
Serial3/0
unassigned
YES unset administratively down
文件名：533580458
最后更新：3/8/2016
第 36 页 共 111 页
Norvel Networks
down
Serial3/1
up
Serial3/2
up
Serial3/3
down
Loopback0
172.16.0.3
10.0.0.3
unassigned
3.3.3.3
YES manual
up
YES manual up
YES unset
administratively down
YES manual up
up
测试连通性
Rack100R1#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/44 ms
Rack100R1#debug ip icmp
//打开 icmp 的调试信息
00:10:53: ICMP: echo reply rcvd, src 192.168.0.2, dst 192.168.0.1
00:10:53: ICMP: echo reply rcvd, src 192.168.0.2, dst 192.168.0.1
00:10:53: ICMP: echo reply rcvd, src 192.168.0.2, dst 192.168.0.1
00:10:53: ICMP: echo reply rcvd, src 192.168.0.2, dst 192.168.0.1
00:10:53: ICMP: echo reply rcvd, src 192.168.0.2, dst 192.168.0.1
Rack100R1#u all
//关闭 debug 调试信息
All possible debugging has been turned off
Rack100R1#debug ip packet detail
IP packet debugging is on (detailed)
Rack100R1#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/48/64 ms
Rack100R1#
00:12:11: IP: s=192.168.0.1 (local), d=192.168.0.2 (Serial1/2), len 100, sending
00:12:11:
ICMP type=8, code=0
00:12:11: IP: s=192.168.0.2 (Serial1/2), d=192.168.0.1 (Serial1/2), len 100, rcvd 3
00:12:11:
ICMP type=0, code=0
00:12:11: IP: s=192.168.0.1 (local), d=192.168.0.2 (Serial1/2), len 100, sending
00:12:11:
ICMP type=8, code=0
00:12:11: IP: s=192.168.0.2 (Serial1/2), d=192.168.0.1 (Serial1/2), len 100, rcvd 3
00:12:11:
ICMP type=0, code=0
文件名：533580458
最后更新：3/8/2016
第 37 页 共 111 页
Norvel Networks
路由器连接登录操作
S1/2
R1
192.168.0.X/24
S2/1
R2
实验目的
了解如何登录思科路由器与会话操作
实验过程
在 R1 上远程登录 R2
Rack100R1#
Rack100R1#telnet 192.168.0.2
Trying 192.168.0.2 ... Open
User Access Verification
Password:
Rack100R2>
Rack100R2>
// 在这里输入 Ctrl+Shift+6 ，再按一下 X
Rack100R1#
Rack100R1#sh sess
Conn Host
Address
* 1 192.168.0.2
192.168.0.2
// 在这里输入 Session 连接号码
Rack100R1#1
[Resuming connection 1 to 192.168.0.2 ... ]
Byte
0
Idle Conn Name
0 192.168.0.2
Rack100R2>
文件名：533580458
最后更新：3/8/2016
第 38 页 共 111 页
Norvel Networks
使用 show line 查看登录情况
Rack100R2#sh line
Tty Typ
* 0 CTY
129 AUX
*130 VTY
131 VTY
132 VTY
133 VTY
134 VTY
Tx/Rx
A Modem Roty AccO AccI
9600/9600 -
Uses
0
0
6
0
0
0
0
Noise Overruns
0
0/0
0
0/0
0
0/0
0
0/0
0
0/0
0
0/0
0
0/0
Int
-
Line(s) not in async mode -or- with no hardware support:
1-128
Rack100R2#sh user
Line
User
* 0 con 0
130 vty 0
Host(s)
idle
idle
Idle Location
0
2 192.168.0.1
Rack100R2#
Rack100R2#send *
Enter message, end with CTRL/Z; abort with CTRL/C:
Hello!
^Z
Send message? [confirm]
***
***
*** Message from tty0 to all terminals:
***
Hello!
文件名：533580458
最后更新：3/8/2016
第 39 页 共 111 页
Norvel Networks
静态路由配置
61.134.1.X/24
E0/0
S1/3
S1/2
R1
172.16.0.X/24
192.168.0.X/24
S3/1
S2/1
E0/0
E0/0
S2/3
R2
10.0.0.X/24
S3/2
R3
实验目的
使用静态路由进行路由选择配置
预配置
R1 的接口配置
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 192.168.0.1 255.255.255.0
Rack100R1(config-if)#no sh
00:03:59: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
00:04:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
changed state to up
Rack100R1(config)#int s1/3
Rack100R1(config-if)#no sh
00:04:06: %LINK-3-UPDOWN: Interface Serial1/3, changed state to up
00:04:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/3,
changed state to up
Rack100R1(config-if)#ip ad 172.16.0.1 255.255.255.0
Rack100R1(config-if)#int e0/0
Rack100R1(config-if)#ip ad 61.134.1.1 255.255.255.0
Rack100R1(config-if)#exit
Rack100R1(config)#
00:04:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
文件名：533580458
最后更新：3/8/2016
第 40 页 共 111 页
Norvel Networks
changed state to down
R2 的接口配置
Rack100R2(config)#
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad 192.168.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/3
00:08:11: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:08:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2(config-if)#ip ad 10.0.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#exit
00:08:19: %LINK-3-UPDOWN: Interface Serial2/3, changed state to up
Rack100R2(config-if)#
00:08:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/3,
changed state to up
Rack100R2(config-if)#int e0/0
Rack100R2(config-if)#ip ad 61.134.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#exit
Rack100R2(config)#^Z
R3 的接口配置
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int e0/0
Rack100R3(config-if)#ip ad 61.134.1.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#int s3/1
00:10:32: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:10:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Rack100R3(config-if)#ip ad 172.16.0.3 255.255.255.0
Rack100R3(config-if)#no sh
00:10:43: %LINK-3-UPDOWN: Interface Serial3/1, changed state to up
00:10:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/1,
changed state to up
Rack100R3(config)#int s3/2
文件名：533580458
最后更新：3/8/2016
第 41 页 共 111 页
Norvel Networks
Rack100R3(config-if)#ip ad 10.0.0.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#exit
Rack100R3(config)#^Z
配置过程
在 R1 上加入到 R2-R3 的 10.0.0.0 网段的路由
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
C
C
C
C
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
172.16.0.0 is directly connected, Serial1/3
192.168.0.0/24 is directly connected, Serial1/2
61.0.0.0/24 is subnetted, 1 subnets
61.134.1.0 is directly connected, Ethernet0/0
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#ip route 10.0.0.0 255.255.255.0 192.168.0.2
//使用 ip route 目标网段 网段掩码 下一跳地址 这样的格式添加路由表
Rack100R1(config)#^Z
Rack100R1#
00:42:09: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1#show ip route
//添加完毕后使用 show ip route 查看一下路由表，验证配置
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
文件名：533580458
最后更新：3/8/2016
第 42 页 共 111 页
Norvel Networks
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Serial1/3
10.0.0.0/24 is subnetted, 1 subnets
S
10.0.0.0 [1/0] via 192.168.0.2
//可以看到成功的加入了一条去 10.0.0.0 网段的路由
C
192.168.0.0/24 is directly connected, Serial1/2
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/
加入路由成功之后，在 R1 上 Ping 10.0.0.3 检查路由是否正常
Rack100R1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
.....
//实验情况所示，在 R1 上加入路由后并没有 Ping 成功
//思考一下，为什么没有 ping 成功？
Success rate is 0 percent (0/5)
Rack100R1#debug ip icmp
//debug ip icmp 可以把在 Router 经过的所有的 ICMP 协议的包显示出来,以供我们
进行分析网络情况使用
//默认情况下 traceroute 的源 IP 地址去往路由所使用的接口 IP 地址，根据 debug
IP icmp 的结果可以看到 ICMP 的 echo Request 包已经正常发出，但是没有在 R1
上收到任何的 ICMP echo Relpy 的包，所以在 R1 上 ping 失败
00:50:19: IP: s=192.168.0.1 (local), d=10.0.0.3 (Serial1/2), len 100, sending
00:50:19:
ICMP type=8, code=0
00:50:21: IP: s=192.168.0.1 (local), d=10.0.0.3 (Serial1/2), len 100, sending
00:50:21:
ICMP type=8, code=0
00:50:23: IP: s=192.168.0.1 (local), d=10.0.0.3 (Serial1/2), len 100, sending
00:50:23:
ICMP type=8, code=0
00:50:25: IP: s=192.168.0.1 (local), d=10.0.0.3 (Serial1/2), len 100, sending
00:50:25:
ICMP type=8, code=0
00:50:27: IP: s=192.168.0.1 (local), d=10.0.0.3 (Serial1/2), len 100, sending
00:50:27:
ICMP type=8, code=0
根据现在的配置，我们去在 R3 上进行调试
Rack100R3#
Rack100R3#debug ip icmp
//在 R3 上开启 debug ip icmp 调试 ICMP 的信息
ICMP packet debugging is on
文件名：533580458
最后更新：3/8/2016
第 43 页 共 111 页
Norvel Networks
Rack100R3#
00:50:20: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
Rack100R3#
00:50:22: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
Rack100R3#
00:50:24: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
Rack100R3#
00:50:26: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
Rack100R3#
00:50:28: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
//根据 R3 的 ICMP 调试信息，可以确定 R3 不仅收到来自 192.168.0.1(R1)的 ICMP
Echo 包，而且还向 192.168.0.1 发出了 ICMP Echo Reply 的信息
Rack100R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C
3.3.3.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Serial3/1
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial3/2
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
//在 R3 上使用 show ip route 查看 R3 的路由表，并没有发现 192.168.0.0 这个网
段的路由信息，所以这是导致 ICMP Echo Reply 所然在 R3 上出发了，但是最终
并没有让数据包在 R1 接收到的原因
Rack100R3#
Rack100R3#debug ip packet details
//为了验证我们的解释，我们使用 debug ip pack details 查看 R3 路由器上所有的
数据包，查看每个包的详细包头信息
IP packet debugging is on (detailed)
Rack100R3#
00:51:35: IP: s=192.168.0.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
00:51:35:
ICMP type=8, code=0
00:51:35: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
00:51:35: IP: s=10.0.0.3 (local), d=192.168.0.1, len 100, unroutable
文件名：533580458
最后更新：3/8/2016
第 44 页 共 111 页
Norvel Networks
00:51:35:
ICMP type=0, code=0
//如上，在发出 ICMP echo reply 时，源地址为 10.0.0.3，目标地址为 192.168.0.1，
但是因为 R3 的路由表中没有 192.168.0.0 网段的路由信息，所以这条路由最后的
结果是 unroutable
Rack100R3#
00:51:37: IP: s=192.168.0.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
00:51:37:
ICMP type=8, code=0
00:51:37: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
00:51:37: IP: s=10.0.0.3 (local), d=192.168.0.1, len 100, unroutable
00:51:37: ICMP type=0, code=0
Rack100R3#
00:51:39: IP: s=192.168.0.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
00:51:39: ICMP type=8, code=0
00:51:39: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
00:51:39: IP: s=10.0.0.3 (local), d=192.168.0.1, len 100, unroutable
00:51:39:
ICMP type=0, code=0
Rack100R3#
00:51:41: IP: s=192.168.0.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
00:51:41:
ICMP type=8, code=0
00:51:41: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
00:51:41: IP: s=10.0.0.3 (local), d=192.168.0.1, len 100, unroutable
00:51:41:
ICMP type=0, code=0
Rack100R3#
00:51:43: IP: s=192.168.0.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
00:51:43:
ICMP type=8, code=0
00:51:43: ICMP: echo reply sent, src 10.0.0.3, dst 192.168.0.1
00:51:43: IP: s=10.0.0.3 (local), d=192.168.0.1, len 100, unroutable
00:51:43:
ICMP type=0, code=0
在 R3 上加入 192.168.0.0 网段的路由：
Rack100R3#
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#ip route 192.168.0.0 255.255.255.0 172.16.0.1
// 现在在 R3 上加入一条去 192.168.0.0 的网段路由
Rack100R3(config)#^Z
00:53:01: %SYS-5-CONFIG_I: Configured from console by console
Rack100R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
文件名：533580458
最后更新：3/8/2016
第 45 页 共 111 页
Norvel Networks
T - traffic engineered route
Gateway of last resort is not set
C
C
C
S
//
C
3.0.0.0/24 is subnetted, 1 subnets
3.3.3.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
172.16.0.0 is directly connected, Serial3/1
10.0.0.0/24 is subnetted, 1 subnets
10.0.0.0 is directly connected, Serial3/2
192.168.0.0/24 [1/0] via 172.16.0.1
添加去 192.168.0.0/24 网段的路由下一跳走 172.16.0.1
61.0.0.0/24 is subnetted, 1 subnets
61.134.1.0 is directly connected, Ethernet0/0
现在，在 R1 上再进行 traceroute 测试一下
Rack100R1#traceroute
Protocol [ip]:
Target IP address: 10.0.0.3
//指定 traceroute 目标地址为 10.0.0.3
Source address: 1.1.1.1
//指定 traceroute 源 IP 地址为 1.1.1.1，当源为 1.1.1.1 时，这个数据包到达 10.0.0.3
后，如果数据包要返回，在 R3 上必须要有 1.0.0.0 网段的路由才可以
Numeric display [n]: n
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.0.0.3
1 * * *
2 * * *
3 * * *
4
//我们发现 Traceroute 的结果还是不通，这是什么原因造成的？
Rack100R1#
在 R3 上进行调试，检查问题出自哪里
Rack100R3#
文件名：533580458
最后更新：3/8/2016
第 46 页 共 111 页
Norvel Networks
00:57:13: IP: s=1.1.1.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 28, rcvd 3
00:57:13:
UDP src=34071, dst=33440
00:57:13: ICMP: dst (10.0.0.3) port unreachable sent to 1.1.1.1
00:57:13: IP: s=10.0.0.3 (local), d=1.1.1.1, len 56, unroutable
00:57:13:
ICMP type=3, code=3
//在 R3 上可以看到从 1.1.1.1 的数据包已经到达了 R3,但是 R3 在返回这个数据包
时发生了 unroutetable
Rack100R3#
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#ip route 1.1.1.0 255.255.255.0 10.0.0.2
//为了让 R3 能够到达 1.1.1.0 的网段，添加一条去 1.1.1.0 网段走 10.0.0.2(R2)的路
由
Rack100R3(config)#^Z
Rack100R3#show ip route
00:59:03: %SYS-5-CONFIG_I: Configured from console by console
Rack100R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S
1.1.1.0 [1/0] via 10.0.0.2
//1.1.1.0 网段路由条目添加成功
3.0.0.0/24 is subnetted, 1 subnets
C
3.3.3.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Serial3/1
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial3/2
S
192.168.0.0/24 [1/0] via 172.16.0.1
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R3#ping 1.1.1.1
// 在 R3 上加入路由条目之后，我们再进行 Ping 测试，使用 Ping 1.1.1.1
Type escape sequence to abort.
文件名：533580458
最后更新：3/8/2016
第 47 页 共 111 页
Norvel Networks
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
U.U.U
//Ping 命令的结果显示 U.U.U
//思考这是为什么？我们已经在 R3 上做了去 1.0.0.0 网段的路由，但是现在还是
不通，而且结果是 U.U.U，这是什么原因造成的？
Success rate is 0 percent (0/5)
Rack100R3#
01:04:07: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:04:07:
ICMP type=8, code=0
01:04:07: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:04:07:
ICMP type=3, code=1
01:04:07: ICMP: dst (10.0.0.3) host unreachable rcv from 10.0.0.2
// 从 debug IP ICMP 的调试结果可以看到，R3 从 R2 收到一条
ICMP type=3,code=1 的数据包，显示从 10.0.0.2 接收到主机不可达消息(host
unreachable)
// 思考为什么会从 R2 上返回一条 host unreachable 消息？
01:04:07: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:04:07:
ICMP type=8, code=0
01:04:09: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:04:09:
ICMP type=8, code=0
01:04:09: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:04:09:
ICMP type=3, code=1
01:04:09: ICMP: dst (10.0.0.3) host unreachable rcv from 10.0.0.2
01:04:09: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:04:09:
ICMP type=8, code=0
01:04:11: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:04:11:
ICMP type=8, code=0
01:04:11: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:04:11:
ICMP type=3, code=1
01:04:11: ICMP: dst (10.0.0.3) host unreachable rcv from 10.0.0.2
我们登录到 R2 上进行排错：
// 上面产生 host unreachable 的原因是因为在 R2 上并没有 1.1.1.0 网段的路由
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#ip route 1.1.1.0 255.255.255.0 10.0.0.3
// 为了解决问题，在 R2 上添加 1.1.1.0 网段的路由即可
Rack100R2(config)#^Z
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
文件名：533580458
最后更新：3/8/2016
第 48 页 共 111 页
Norvel Networks
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S
1.1.1.0 [1/0] via 10.0.0.3
// 添加去 1.1.1.0 网段路由的下一跳地址为 10.0.0.3
2.0.0.0/24 is subnetted, 1 subnets
C
2.2.2.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial2/3
C
192.168.0.0/24 is directly connected, Serial2/1
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R2#
01:05:56: %SYS-5-CONFIG_I: Configured from console by console
现在在 R3 上再次进行 Ping 1.1.1.1 测试
Rack100R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
// 现在看到在 R3 上再次 Ping 1.1.1.1 的结果不再是 U.U.U，而是.....的显示
// 思考，为什么我们在 R2 上都配置了去 1.0.0.0 网段的路由，为什么现在 Ping
还是不通？
Success rate is 0 percent (0/5)
Rack100R3#debug ip icmp
// 我们打开 debug ip icmp 看看为什么不通，这时再 ping 1.1.1.1 一次
01:06:18: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:06:18:
ICMP type=8, code=0
01:06:18: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:06:18:
ICMP type=5, code=0
01:06:18: ICMP: redirect rcvd from 10.0.0.2 -- for 1.1.1.1 use gw 10.0.0.3
// 收到了一条 ICMP Redirect 重定向消息
01:06:18: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:06:18:
ICMP type=8, code=0
01:06:20: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:06:20:
ICMP type=8, code=0
01:06:20: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:06:20:
ICMP type=8, code=0
文件名：533580458
最后更新：3/8/2016
第 49 页 共 111 页
Norvel Networks
01:06:22: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:06:22:
ICMP type=8, code=0
01:06:22: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:06:22:
ICMP type=8, code=0
01:06:24: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:06:24:
ICMP type=8, code=0
01:06:24: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:06:24:
ICMP type=8, code=0
01:06:26: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:06:26:
ICMP type=8, code=0
01:06:26: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:06:26:
ICMP type=8, code=0
Rack100R3#traceroute 1.1.1.1
// 在 R3 上进行 tracroute 1.1.1.1 的测试，查看从 R3 去往 R1 的 loopback0 接口的
数据包的路径
Type escape sequence to abort.
Tracing the route to Rack100R1 (1.1.1.1)
1 10.0.0.2 8 msec 60 msec 64 msec
2 10.0.0.3 76 msec 48 msec 80 msec
//从 Traceroute 的结果可以看到数据包从 R3 发出之后到达了 R2,结果由 R2 又发
回给了 R3，这样就产生了环路，数据包是无法到达的
3 * *
Rack100R3#
01:07:58: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 28, sending
01:07:58:
UDP src=35673, dst=33434
01:07:58: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:07:58:
ICMP type=11, code=0
01:07:58: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 28, sending
01:07:58:
UDP src=33197, dst=33435
01:07:58: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:07:58:
ICMP type=11, code=0
01:07:58: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 28, sending
01:07:58:
UDP src=40364, dst=33436
01:07:59: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:07:59:
ICMP type=11, code=0
01:07:59: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 28, sending
01:07:59:
UDP src=33747, dst=33437
01:07:59: ICMP: time exceeded (time to live) sent to 10.0.0.3 (dest was 1.1.1.1)
01:07:59: IP: s=10.0.0.3 (local), d=10.0.0.3 (Serial3/2), len 56, sending
01:07:59:
ICMP type=11, code=0
01:07:59: IP: s=10.0.0.3 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:07:59:
ICMP type=11, code=0
文件名：533580458
最后更新：3/8/2016
第 50 页 共 111 页
Norvel Networks
在 R2 上修改路由方向
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#ip route 1.1.1.0 255.255.255.0 192.168.0.1
//在 R2 上再次加入去往 R1 的 loopback 1.1.1.0 接口的网段路由
Rack100R2(config)#^Z
01:12:30: %SYS-5-CONFIG_I: Configured from console by console
Rack100R2#show ip route
// 添加成功之后查看一下 R2 的路由表是否与我们的配置相同
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 [1/0] via 10.0.0.3
[1/0] via 192.168.0.1
// 因为我们之前在 R2 上配置了走 1.1.1.0 网段的下一跳是 10.0.0.3，所以现在再
配置一条新的下一跳地址的情况下，去往 1.1.1.0 的路由就变成了负载均衡路由
2.0.0.0/24 is subnetted, 1 subnets
C
2.2.2.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial2/3
C
192.168.0.0/24 is directly connected, Serial2/1
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R2#
S
Rack100R2#ping 1.1.1.1
// 在 R2 上测试 ping 1.1.1.1 的结果
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!.!.!
//思考一下，为什么现在在 R2 上出现的 Ping 结果是!.!.!呢？
Success rate is 60 percent (3/5), round-trip min/avg/max = 16/57/88 ms
Rack100R2#
01:13:33: IP: s=192.168.0.2 (local), d=1.1.1.1 (Serial2/1), len 100, sending
01:13:33:
ICMP type=8, code=0
文件名：533580458
最后更新：3/8/2016
第 51 页 共 111 页
Norvel Networks
01:13:33: IP: s=1.1.1.1 (Serial2/1), d=192.168.0.2 (Serial2/1), len 100, rcvd 3
01:13:33:
ICMP type=0, code=0
01:13:33: IP: s=192.168.0.2 (local), d=1.1.1.1 (Serial2/3), len 100, sending
01:13:33:
ICMP type=8, code=0
01:13:35: IP: s=192.168.0.2 (local), d=1.1.1.1 (Serial2/1), len 100, sending
01:13:35:
ICMP type=8, code=0
01:13:35: IP: s=1.1.1.1 (Serial2/1), d=192.168.0.2 (Serial2/1), len 100, rcvd 3
01:13:35:
ICMP type=0, code=0
01:13:35: IP: s=192.168.0.2 (local), d=1.1.1.1 (Serial2/3), len 100, sending
01:13:35:
ICMP type=8, code=0
01:13:37: IP: s=192.168.0.2 (local), d=1.1.1.1 (Serial2/1), len 100, sending
01:13:37:
ICMP type=8, code=0
01:13:37: IP: s=1.1.1.1 (Serial2/1), d=192.168.0.2 (Serial2/1), len 100, rcvd 3
01:13:37:
ICMP type=0, code=0
01:13:37: IP: s=10.0.0.3 (Serial2/1), d=192.168.0.2 (Serial2/1), len 56, rcvd 3
01:13:37:
ICMP type=11, code=0
Rack100R2#
01:13:39: IP: s=10.0.0.3 (Serial2/1), d=192.168.0.2 (Serial2/1), len 56, rcvd 3
01:13:39:
ICMP type=11, code=0
Rack100R2#
如果现在我们在 R3 上 Ping 1.1.1.1 能否成功呢？
Rack100R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
//思考一下，为什么 R2 上都加入了正确的路由后还是在 R3 上无法 Ping 通 R1
Success rate is 0 percent (0/5)
Rack100R3#
01:13:10: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:13:10:
ICMP type=8, code=0
01:13:10: IP: s=10.0.0.2 (Serial3/2), d=10.0.0.3 (Serial3/2), len 56, rcvd 3
01:13:10:
ICMP type=5, code=0
01:13:10: ICMP: redirect rcvd from 10.0.0.2 -- for 1.1.1.1 use gw 10.0.0.3
01:13:10: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:13:10:
ICMP type=8, code=0
01:13:12: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:13:12:
ICMP type=8, code=0
01:13:12: IP: s=10.0.0.3 (Serial3/2), d=1.1.1.1 (Serial3/2), len 100, rcvd local pkt
01:13:12:
ICMP type=8, code=0
01:13:14: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:13:14:
ICMP type=8, code=0
Rack100R3#
文件名：533580458
最后更新：3/8/2016
第 52 页 共 111 页
Norvel Networks
01:13:33: IP: s=192.168.0.2 (Serial3/2), d=1.1.1.1 (Serial3/2), g=10.0.0.2, len 100,
forward
01:13:33:
ICMP type=8, code=0
Rack100R3#
01:13:37: ICMP: time exceeded (time to live) sent to 192.168.0.2 (dest was 1.1.1.1)
01:13:37: IP: s=10.0.0.3 (local), d=192.168.0.2 (Serial3/1), len 56, sending
01:13:37:
ICMP type=11, code=0
Rack100R3#
01:13:39: ICMP: time exceeded (time to live) sent to 192.168.0.2 (dest was 1.1.1.1)
01:13:39: IP: s=10.0.0.3 (local), d=192.168.0.2 (Serial3/1), len 56, sending
01:13:39:
ICMP type=11, code=0
为了彻底解决问题，我们在 R2 上进行配置：
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#no ip route 1.1.1.0 255.255.255.0 10.0.0.3
//不要让 R2 把从 R3 收到的数据包再发回给 R3，故删掉这一条路由
Rack100R2(config)#^Z
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S
1.1.1.0 [1/0] via 192.168.0.1
//现在看到在 R2 上去 1.1.1.0 网段的数据包将直接发给 R1 就可以了
2.0.0.0/24 is subnetted, 1 subnets
C
2.2.2.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial2/3
C
192.168.0.0/24 is directly connected, Serial2/1
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R2#
01:15:52: %SYS-5-CONFIG_I: Configured from console by console
现在在 R3 上再次测试
Rack100R3#ping 1.1.1.1
文件名：533580458
最后更新：3/8/2016
第 53 页 共 111 页
Norvel Networks
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
//终于 Ping 成功！
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/58/64 ms
Rack100R3#
01:16:10: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:16:10:
ICMP type=8, code=0
01:16:10: IP: s=1.1.1.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
01:16:10:
ICMP type=0, code=0
01:16:10: ICMP: echo reply rcvd, src 1.1.1.1, dst 10.0.0.3
//接着我们使用扩展 Ping 命令查看一下数据包的传输路径
Rack100R3#ping
Protocol [ip]:
Target IP address: 1.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: r
Number of hops [ 9 ]:
Loose, Strict, Record, Timestamp, Verbose[RV]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet has IP options: Total option bytes= 39, padded length=40
Record route: <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
Reply to request 0 (148 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(10.0.0.3)
文件名：533580458
最后更新：3/8/2016
第 54 页 共 111 页
Norvel Networks
(192.168.0.2)
Rack100R1 (1.1.1.1)
(192.168.0.1)
(10.0.0.2)
(10.0.0.3) <*>
//可以看到在 R3 上 Ping 1.1.1.1 的数据包的路径是 R3->R2->R1->R2->R3
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 1 (32 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(10.0.0.3)
(192.168.0.2)
Rack100R1 (1.1.1.1)
(192.168.0.1)
(10.0.0.2)
(10.0.0.3) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 2 (88 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(10.0.0.3)
(192.168.0.2)
Rack100R1 (1.1.1.1)
(192.168.0.1)
(10.0.0.2)
(10.0.0.3) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 3 (56 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(10.0.0.3)
(192.168.0.2)
文件名：533580458
最后更新：3/8/2016
第 55 页 共 111 页
Norvel Networks
Rack100R1 (1.1.1.1)
(192.168.0.1)
(10.0.0.2)
(10.0.0.3) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 4 (56 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(10.0.0.3)
(192.168.0.2)
Rack100R1 (1.1.1.1)
(192.168.0.1)
(10.0.0.2)
(10.0.0.3) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/76/148 ms
Rack100R3#
01:17:06: IP: s=10.0.0.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:17:06:
ICMP type=8, code=0
01:17:06: IP: s=1.1.1.1 (Serial3/2), d=10.0.0.3 (Serial3/2), len 100, rcvd 3
01:17:06:
ICMP type=0, code=0
01:17:06: ICMP: echo reply rcvd, src 1.1.1.1, dst 10.0.0.3
紧接着，在 R1 加入 3.3.3.0 路由
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#
01:19:44: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1(config)#ip route 3.3.3.0 255.255.255.0 192.168.0.2
Rack100R1(config)#^Z
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
文件名：533580458
最后更新：3/8/2016
第 56 页 共 111 页
Norvel Networks
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Loopback0
3.0.0.0/24 is subnetted, 1 subnets
S
3.3.3.0 [1/0] via 192.168.0.2
//在 R1 上做路由，去目标网段 3.3.3.0 走 R2
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Serial1/3
10.0.0.0/24 is subnetted, 1 subnets
S
10.0.0.0 [1/0] via 192.168.0.2
C
192.168.0.0/24 is directly connected, Serial1/2
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
//在 R1 上 Ping 3.3.3.3 测试一下
Rack100R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
U.U.U
// 思考，为什么在 R1 上 Ping 3.3.3.3 就是 U.U.U 的结果？
Success rate is 0 percent (0/5)
Rack100R1#debug ip icmp
01:21:18: IP: s=192.168.0.1 (local), d=3.3.3.3 (Serial1/2), len 100, sending
01:21:18:
ICMP type=8, code=0
01:21:18: IP: s=192.168.0.2 (Serial1/2), d=192.168.0.1 (Serial1/2), len 56, rcvd 3
01:21:18:
ICMP type=3, code=1
01:21:18: ICMP: dst (192.168.0.1) host unreachable rcv from 192.168.0.2
// 可以看到从 R2 上收到了一条 host unreachable 主机不可达消息
再在 R2 上加入去 3.3.3.0 网段的路由
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#ip route 3.3.3.0 255.255.255.0 172.16.0.3
//在 R2 上加入一条去 3.3.3.0 走 172.16.0.3 的路由
Rack100R2(config)#^Z
00:15:48: %SYS-5-CONFIG_I: Configured from console by console
Rack100R2#ping 3.3.3.3
文件名：533580458
最后更新：3/8/2016
第 57 页 共 111 页
Norvel Networks
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
//现在 Ping 测试结果失败，思考一下为什么？
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#ip route 172.16.0.0 255.255.255.0 10.0.0.3
//再加入一条去 172.16.0.0 网段走 10.0.0.3 的路由
Rack100R2(config)#exit
Rack100R2#ping 3
00:16:10: %SYS-5-CONFIG_I: Configured from console by console
Rack100R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
//现在可以 Ping 通 3.3.3.3
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
S
C
S
S
C
C
C
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 [1/0] via 192.168.0.1
2.0.0.0/24 is subnetted, 1 subnets
2.2.2.0 is directly connected, Loopback0
3.0.0.0/24 is subnetted, 1 subnets
3.3.3.0 [1/0] via 172.16.0.3
172.16.0.0/24 is subnetted, 1 subnets
172.16.0.0 [1/0] via 10.0.0.3
10.0.0.0/24 is subnetted, 1 subnets
10.0.0.0 is directly connected, Serial2/3
192.168.0.0/24 is directly connected, Serial2/1
61.0.0.0/24 is subnetted, 1 subnets
61.134.1.0 is directly connected, Ethernet0/0
文件名：533580458
最后更新：3/8/2016
第 58 页 共 111 页
Norvel Networks
//根据路由表可以查到，去 3.3.3.0 网段路由器要将数据包发给 172.16.0.3，而路
由表中也有一条去 172.16.0.0 的路由，其一下跳地址为 10.0.0.3，即 R2 与 R3 的
直接连接！
在 R3 上以 3.3.3.3 为源地址进行 Ping 1.1.1.1
Rack100R3#p
Protocol [ip]:
Target IP address: 1.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 3.3.3.3
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Rack100R3#
01:22:12: IP: s=3.3.3.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:22:12:
ICMP type=8, code=0
01:22:14: IP: s=3.3.3.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:22:14:
ICMP type=8, code=0
01:22:16: IP: s=3.3.3.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:22:16:
ICMP type=8, code=0
01:22:18: IP: s=3.3.3.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:22:18:
ICMP type=8, code=0
01:22:20: IP: s=3.3.3.3 (local), d=1.1.1.1 (Serial3/2), len 100, sending
01:22:20:
ICMP type=8, code=0
在 R1 加入其它网段的路由
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#ip route 2.2.2.0 255.255.255.0 192.168.0.2
Rack100R1(config)#^Z
Rack100R1#show ip rou
文件名：533580458
最后更新：3/8/2016
第 59 页 共 111 页
Norvel Networks
01:38:57: %SYS-5-CONFIG_I: Configured from console by consolet
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
S
2.2.2.0 [1/0] via 192.168.0.2
3.0.0.0/24 is subnetted, 1 subnets
S
3.3.3.0 [1/0] via 192.168.0.2
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Serial1/3
10.0.0.0/24 is subnetted, 1 subnets
S
10.0.0.0 [1/0] via 192.168.0.2
C
192.168.0.0/24 is directly connected, Serial1/2
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R1#
做测试，全网通
Rack100R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/60 ms
Rack100R1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/48 ms
Rack100R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
文件名：533580458
最后更新：3/8/2016
第 60 页 共 111 页
Norvel Networks
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/35/64 ms
Rack100R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/51/96 ms
检查 R2 路由条目
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S
1.1.1.0 [1/0] via 192.168.0.1
2.0.0.0/24 is subnetted, 1 subnets
C
2.2.2.0 is directly connected, Loopback0
3.0.0.0/24 is subnetted, 1 subnets
S
3.3.3.0 [1/0] via 172.16.0.3
172.16.0.0/24 is subnetted, 1 subnets
S
172.16.0.0 [1/0] via 10.0.0.3
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, Serial2/3
C
192.168.0.0/24 is directly connected, Serial2/1
61.0.0.0/24 is subnetted, 1 subnets
C
61.134.1.0 is directly connected, Ethernet0/0
Rack100R2#
Rack100R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/32/56 ms
Rack100R2#ping 3.3.3.3
Type escape sequence to abort.
文件名：533580458
最后更新：3/8/2016
第 61 页 共 111 页
Norvel Networks
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/39/52 ms
Rack100R2#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/38/44 ms
Rack100R2#ping 172.16.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/60 ms
Rack100R2#
在 R3 加上路由条目
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#ip route 2.2.2.0 255.255.255.0 10.0.0.2
Rack100R3(config)#^Z
Rack100R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/64/88 ms
Rack100R3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/35/48 ms
Rack100R3#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/48 ms
Rack100R3#ping 192.168.0.1
Type escape sequence to abort.
文件名：533580458
最后更新：3/8/2016
第 62 页 共 111 页
Norvel Networks
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/33/60 ms
Rack100R3#
文件名：533580458
最后更新：3/8/2016
第 63 页 共 111 页
Norvel Networks
默认路由配置
10.1.1.x/24
S1/2
R1
S2/1
R2
图表 11 默认路由配置
实验目的
了解默认路由的作用与配置方法
预配置
R1 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config)#int lo0
Rack100R1(config-if)#
02:27:24: %SYS-5-CONFIG_I: Configured from console by consolei
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#^Z
R2 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s2/1
Rack100R1(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#^Z
实验过程
先在 R1 上 Ping R2 的 2.2.2.2 网段
Rack100R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
//现在 Ping 2.2.2.2 是无法成功的
Success rate is 0 percent (0/2)
文件名：533580458
最后更新：3/8/2016
第 64 页 共 111 页
Norvel Networks
因为在 R1 上没有去 2.2.2.0 网段的路由
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
C
C
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
10.1.1.0 is directly connected, Serial1/2
在 R1 上加一条默认路由
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
Rack100R1(config)#
02:30:38: RT: add 0.0.0.0/0 via 10.1.1.2, static metric [1/0]
02:30:38: RT: default path is now 0.0.0.0 via 10.1.1.2
02:30:38: RT: new default network 0.0.0.0
// 使用 debug ip routing 可以看到路由表的变化
Rack100R1(config)#
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is 10.1.1.2 to network 0.0.0.0
C
C
S*
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
10.1.1.0 is directly connected, Serial1/2
0.0.0.0/0 [1/0] via 10.1.1.2
文件名：533580458
最后更新：3/8/2016
第 65 页 共 111 页
Norvel Networks
//现在可以看到多了一条默认路由
在 R2 上也加入一条默认路由
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#ip route 0.0.0.0 0.0.0.0 s2/1
Rack100R2(config)#
现在再次 Ping 测试一下
Rack100R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/37/68 ms
Rack100R1#
文件名：533580458
最后更新：3/8/2016
第 66 页 共 111 页
Norvel Networks
RIP 路由选择基础实验
S1/3
S1/2
R1
10.1.1.x/24
10.1.2.X/24
S2/1
R2
S3/1
172.16.1.0/24
R3
192.168.1.0/24
图表 12 RIP 路由选择基础实验拓朴
实验目的
使用 RIP 协议配置此拓朴，保证全网连通性
初始配置
在 R1 上根据拓朴进行初始配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/3
Rack100R1(config-if)#
00:01:21: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
00:01:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
changed state to up
Rack100R1(config-if)#ip ad 10.1.2.1 255.255.255.0
Rack100R1(config-if)#no sh
在 R2 上根据拓朴进行初始配置
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
00:01:34: %SYS-5-CONFIG_I: Configured from console by console
Rack100R2(config-if)#int lo1
文件名：533580458
最后更新：3/8/2016
第 67 页 共 111 页
Norvel Networks
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#exit
Rack100R2(config)#^Z
Rack100R2#
00:02:03: %SYS-5-CONFIG_I: Configured from console by console
00:02:03: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:02:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2#show ip int brief
Interface
IP-Address
OK? Method Status
Protocol
Serial2/0
unassigned
YES unset administratively down
down
Serial2/1
10.1.1.2
YES manual up
up
Serial2/2
unassigned
YES unset administratively down
down
Serial2/3
unassigned
YES unset administratively down
down
Loopback0
2.2.2.2
YES manual up
up
Loopback1
172.16.1.2
YES manual up
up
Rack100R2#ping 10.1.1.1
//进行直连接口之间的 Ping 测试
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 10
在 R3 上根据拓朴进行初始配置
Router(config)#
00:02:07: %SYS-5-CONFIG_I: Configured from console by consolet
Router(config)#host Rack100R3
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int lo1
Rack100R3(config-if)#ip ad 192.168.1.3 255.255.255.0
Rack100R3(config-if)#int s3/1
Rack100R3(config-if)#ip ad 10.1.2.3 255.255.255.0
文件名：533580458
最后更新：3/8/2016
第 68 页 共 111 页
Norvel Networks
Rack100R3(config-if)#no sh
Rack100R3(config-if)#exit
Rack100R3(config)#^Z
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
00:02:36: %LINK-3-UPDOWN: Interface Serial3/1, changed state to up
Rack100R3#ping 10.1.2.2
//进行直连接口之间的 Ping 测试
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
Rack100R3#
00:02:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/1,
changed state to up
Rack100R3#ping 10.1.2.1
//进行直连接口之间的 Ping 测试
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/38/64 ms
Rack100R3#
实验过程
配置 RIP 协议
Rack100R1(config)#router rip
Rack100R1(config-router)#network 1.0.0.0
Rack100R1(config-router)#network 10.0.0.0
//使用 network 命令宣告 RIP 网段
Rack100R1(config-router)#^Z
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#router rip
Rack100R2(config-router)#network 172.16.0.0
Rack100R2(config-router)#network 2.0.0.0
Rack100R2(config-router)#network 10.0.0.0
Rack100R2(config-router)#^Z
Rack100R3#
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#router rip
Rack100R3(config-router)#network 3.0.0.0
文件名：533580458
最后更新：3/8/2016
第 69 页 共 111 页
Norvel Networks
Rack100R3(config-router)#network 192.168.1.0
Rack100R3(config-router)#network 10.0.0.0
Rack100R3(config-router)#^Z
Rack100R3#
检查 RIP 协议的运行情况
Rack100R1#show ip protocols
Routing Protocol is "rip"
// 查看到路由器运行 RIP 协议
Sending updates every 30 seconds, next due in 1 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv Key-chain
Serial1/2
1
12
Serial1/3
1
12
Loopback0
1
12
//默认情况下接口上的 RIP 收的版本是 1、2，发的版本是 1
Routing for Networks:
1.0.0.0
10.0.0.0
//可以看到在 Router 被 Rip 路由的网段
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
120
00:00:04
10.1.2.3
120
00:00:17
Distance: (default is 120)
查看 RIP 协议运行正常后的路由表情况
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
C
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 is directly connected, Loopback0
文件名：533580458
最后更新：3/8/2016
第 70 页 共 111 页
Norvel Networks
R
2.0.0.0/8 [120/1] via 10.1.1.2, 00:00:11, Serial1/2
//这里的 2.0.0.0/8 是因为 RIP 默认情况下边界路由器将进行自动汇总
R
3.0.0.0/8 [120/1] via 10.1.2.3, 00:00:03, Serial1/3
R
172.16.0.0/16 [120/1] via 10.1.1.2, 00:00:11, Serial1/2
//在 Router 查看到使用 RIP 协议接收到的路由信息,并且可以看到[120/1]代表从本
路由器出去到达 172.16.0.0 只需要 1 跳即可
10.0.0.0/24 is subnetted, 2 subnets
C
10.1.2.0 is directly connected, Serial1/3
C
10.1.1.0 is directly connected, Serial1/2
R
192.168.1.0/24 [120/1] via 10.1.2.3, 00:00:03, Serial1/3
现在，我们在 R1 上进行 RIP 调试
Rack100R1#debug ip rip
//开启 RIP 调试信息
RIP protocol debugging is on
Rack100R1#
01:21:21: RIP: sending v1 update to 255.255.255.255 via Serial1/2 (10.1.1.1)
// 可以看到现在是使用 RIPv1 向 255.255.255.255 发送更新
01:21:21:
subnet 10.1.2.0, metric 1
01:21:21:
network 1.0.0.0, metric 1
01:21:21:
network 3.0.0.0, metric 2
01:21:21:
network 192.168.1.0, metric 2
01:21:21: RIP: sending v1 update to 255.255.255.255 via Serial1/3 (10.1.2.1)
01:21:21:
subnet 10.1.1.0, metric 1
01:21:21:
network 1.0.0.0, metric 1
01:21:21:
network 2.0.0.0, metric 2
01:21:21:
network 172.16.0.0, metric 2
01:21:21: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
01:21:21:
network 2.0.0.0, metric 2
01:21:21:
network 3.0.0.0, metric 2
01:21:21:
network 172.16.0.0, metric 2
01:21:21:
network 10.0.0.0, metric 1
01:21:21:
network 192.168.1.0, metric 2
Rack100R1#
01:21:41: RIP: received v1 update from 10.1.1.2 on Serial1/2
// RIP 从 S1/2 的接口上收到了 10.1.1.2 发送过来的更新
01:21:41:
2.0.0.0 in 1 hops
01:21:41:
172.16.0.0 in 1 hops
01:21:41: RIP: received v1 update from 10.1.2.3 on Serial1/3
01:21:41:
3.0.0.0 in 1 hops
01:21:41:
192.168.1.0 in 1 hops
在 R2 上进行调试
文件名：533580458
最后更新：3/8/2016
第 71 页 共 111 页
Norvel Networks
Rack100R2#
Rack100R2#debug ip rip
RIP protocol debugging is on
Rack100R2#clear ip route *
Rack100R2#
01:31:49: RIP: sending general request on Serial2/1 to 255.255.255.255
01:31:49: RIP: sending general request on Serial2/1 to 224.0.0.9
01:31:49: RIP: sending general request on Loopback0 to 255.255.255.255
01:31:49: RIP: sending general request on Loopback0 to 224.0.0.9
01:31:49: RIP: sending general request on Loopback1 to 255.255.255.255
01:31:49: RIP: sending general request on Loopback1 to 224.0.0.9
01:31:49: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
01:31:49: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our
addresses)
01:31:49: RIP: received v1 update from 10.1.1.1 on Serial2/1
01:31:49:
10.1.2.0 in 1 hops
01:31:49:
1.0.0.0 in 1 hops
01:31:49:
3.0.0.0 in 2 hops
01:31:49:
192.168.1.0 in 2 hops
01:31:49: RIP: sending v1 update to 255.255.255.255 via Serial2/1 (10.1.1.2)
01:31:49:
network 2.0.0.0, metric 1
01:1:49:
network 172.16.0.0, metric 1
01:31:49: RIP: sending v1 update to 255.255.255.255 via Loopback0 (2.2.2.2)
01:31:49:
network 1.0.0.0, metric 2
01:31:49:
network 3.0.0.0, metric 3
01:31:49:
network 172.16.0.0, metric 1
01:31:49:
network 10.0.0.0, metric 1
01:31:49:
network 192.168.1.0, metric 3
01:31:49: RIP: sending v1 update to 255.255.255.255 via Loopback1 (172.16.1.2)
01:31:49:
network 1.0.0.0, metric 2
01:31:49:
network 2.0.0.0, metric 1
01:31:49:
network 3.0.0.0, metric 3
01:31:49:
network 10.0.0.0, metric 1
01:31:49:
network 192.168.1.0, metric 3
Rack100R2#show ip route rip
R
1.0.0.0/8 [120/1] via 10.1.1.1, 00:00:17, Serial2/1
R
3.0.0.0/8 [120/2] via 10.1.1.1, 00:00:17, Serial2/1
10.0.0.0/24 is subnetted, 2 subnets
R
10.1.2.0 [120/1] via 10.1.1.1, 00:00:17, Serial2/1
R
192.168.1.0/24 [120/2] via 10.1.1.1, 00:00:17, Serial2/1
分别查看 R2 的路由表和 R3 的路由表
Rack100R2#
文件名：533580458
最后更新：3/8/2016
第 72 页 共 111 页
Norvel Networks
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
R
C
R
C
R
C
R
1.0.0.0/8 [120/1] via 10.1.1.1, 00:00:05, Serial2/1
2.0.0.0/24 is subnetted, 1 subnets
2.2.2.0 is directly connected, Loopback0
3.0.0.0/8 [120/2] via 10.1.1.1, 00:00:05, Serial2/1
172.16.0.0/24 is subnetted, 1 subnets
172.16.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 [120/1] via 10.1.1.1, 00:00:05, Serial2/1
10.1.1.0 is directly connected, Serial2/1
192.168.1.0/24 [120/2] via 10.1.1.1, 00:00:05, Serial2/1
Rack100R3#
Rack100R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
R
R
C
R
C
R
C
1.0.0.0/8 [120/1] via 10.1.2.1, 00:00:07, Serial3/1
2.0.0.0/8 [120/2] via 10.1.2.1, 00:00:07, Serial3/1
3.0.0.0/24 is subnetted, 1 subnets
3.3.3.0 is directly connected, Loopback0
172.16.0.0/16 [120/2] via 10.1.2.1, 00:00:07, Serial3/1
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 is directly connected, Serial3/1
10.1.1.0 [120/1] via 10.1.2.1, 00:00:07, Serial3/1
192.168.1.0/24 is directly connected, Loopback1
文件名：533580458
最后更新：3/8/2016
第 73 页 共 111 页
Norvel Networks
我们在 R3 上假设 192.168.1.0 接口 down 掉（使用 shutdown 命令）
//当在 R3 的 192.168.1.0 的接口上使用 shutdown 模拟该网段出现问题，现在来到
R1 上查看路由表情况
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Loopback0
R
2.0.0.0/8 [120/1] via 10.1.1.2, 00:00:04, Serial1/2
R
3.0.0.0/8 [120/1] via 10.1.2.3, 00:00:04, Serial1/3
R
172.16.0.0/16 [120/1] via 10.1.1.2, 00:00:04, Serial1/2
10.0.0.0/24 is subnetted, 2 subnets
C
10.1.2.0 is directly connected, Serial1/3
C
10.1.1.0 is directly connected, Serial1/2
R
192.168.1.0/24 is possibly down, routing via 10.1.2.3, Serial1/3
// 此时在 R1 上可以看到该路由显示 possibly down 状态
// 思考一下，R1 为什么会认为这个网段 possibly down？那么此时在 R2 上的
192.168.1.0 的网段路由状态是什么呢？
Rack100R1#ping 192.168.1.3
// 现在在 R1 上 Ping 192.168.1.3 这个地址
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
U.U.U
// 思考为什么 Ping 的结果是 U.U.U 呢？
Success rate is 0 percent (0/5)
Rack100R2#show ip route
// 我们再来到 R2 上查看一下路由表情况
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
文件名：533580458
最后更新：3/8/2016
第 74 页 共 111 页
Norvel Networks
Gateway of last resort is not set
R
C
R
C
R
C
R
1.0.0.0/8 [120/1] via 10.1.1.1, 00:00:15, Serial2/1
2.0.0.0/24 is subnetted, 1 subnets
2.2.2.0 is directly connected, Loopback0
3.0.0.0/8 [120/2] via 10.1.1.1, 00:00:15, Serial2/1
172.16.0.0/24 is subnetted, 1 subnets
172.16.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 [120/1] via 10.1.1.1, 00:00:15, Serial2/1
10.1.1.0 is directly connected, Serial2/1
192.168.1.0/24 is possibly down, routing via 10.1.1.1, Serial2/1
//思考一下，多长时间这条路由会从路由表中删除掉呢？怎么验证？
练习
RIP 版本 1 使用的 UDP 端口号是多少？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
每一个 RIP 更新包最多可以包括多少条路由？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 75 页 共 111 页
Norvel Networks
RIPv1 发送和接收规则
172.16.2.X/24
172.17.0.X/24
172.17.1.X/24
172.16.1.X/25
1.1.1.X/24
2.2.2.X/24
172.16.3.X/24
S1/2
R1
S2/1
R2
图表 13 Ripv1 发送和接收规则拓朴
预备知识
RIPv1 路由接收规则
接收的路由更新是否与接收接口上的地址在同一个网络下
如果是  接收方使用自己的接收接口上的掩码匹配路由更新包
如果不是  那么检查是否有这个网络的子网存在于路由表之中
如果有，那么路由器忽略这个更新
如果没有，路由器匹配一个有类的掩码
RIPv1 路由发送规则
要发送的路由更新是否与发送接口的地址在同一个网络下
如果不是  发送更新的路由器会汇总要发送的路由更新并发送出去
如果是  是否和发送接口拥有相同的子网掩码
不是  路由器丢弃更新，不会发送
是  路由器发送路由更新
实验目的
通过本实验强化 RIPv1 路由更新发送和接收的规则的理解
预配置
配置 R1 的预配置
Rack100R1#
Rack100R1#
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int lo1
Rack100R1(config-if)#ip ad 172.17.0.1 255.255.255.0
Rack100R1(config-if)#int lo2
Rack100R1(config-if)#ip ad 172.16.2.1 255.255.255.0
Rack100R1(config-if)#int lo3
Rack100R1(config-if)#ip ad 172.16.1.1 255.255.255.128
Rack100R1(config-if)#^Z
00:04:04: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1#conf t
文件名：533580458
最后更新：3/8/2016
第 76 页 共 111 页
Norvel Networks
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 172.16.3.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#exit
R2 的预配置
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#exit
Rack100R2(config)#int lo1
Rack100R2(config-if)#ip ad 172.17.1.2 255.255.255.0
Rack100R2(config-if)#exit
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip ad 172.16.3.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#exit
Rack100R2(config)#^Z
实验过程
在 R1 上启动 RIP 协议
Rack100R1#
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#router rip
Rack100R1(config-router)#network 1.1.1.1
Rack100R1(config-router)#network 172.17.0.1
Rack100R1(config-router)#network 172.16.1.1
Rack100R1(config-router)#exit
在 R2 上启动 RIP 协议
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#router rip
Rack100R2(config-router)#network 2.2.2.2
Rack100R2(config-router)#network 172.17.1.2
Rack100R2(config-router)#network 172.16.3.2
Rack100R2(config-router)#exit
在 R2 上进行调试
文件名：533580458
最后更新：3/8/2016
第 77 页 共 111 页
Norvel Networks
Rack100R2#
Rack100R2#debug ip rip
RIP protocol debugging is on
Rack100R2#clear ip route *
Rack100R2#
00:16:00: RIP: sending general request on Serial2/1 to 255.255.255.255
00:16:00: RIP: sending general request on Serial2/1 to 224.0.0.9
00:16:00: RIP: sending general request on Loopback0 to 255.255.255.255
00:16:00: RIP: sending general request on Loopback0 to 224.0.0.9
00:16:00: RIP: sending general request on Loopback1 to 255.255.255.255
00:16:00: RIP: sending general request on Loopback1 to 224.0.0.9
00:16:00: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
00:16:00: RIP: ignored v2 packet from 172.17.1.2 (sourced from one of our
addresses)
00:16:00: RIP: received v1 update from 172.16.3.1 on Serial2/1
00:16:00:
172.16.2.0 in 1 hops
00:16:00:
1.0.0.0 in 1 hops
00:16:00:
172.17.0.0 in 1 hops
// 从 RIP 调试信息可以看到 172.17.0.0 更新发送过来，但是使用 show ip route
发现没有在路由表中放置 RIP 学习到的这条路由
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
R
C
C
R
C
1.0.0.0/8 [120/1] via 172.16.3.1, 00:00:10, Serial2/1
2.0.0.0/24 is subnetted, 1 subnets
2.2.2.0 is directly connected, Loopback0
172.17.0.0/24 is subnetted, 1 subnets
172.17.1.0 is directly connected, Loopback1
172.16.0.0/24 is subnetted, 2 subnets
172.16.2.0 [120/1] via 172.16.3.1, 00:00:10, Serial2/1
172.16.3.0 is directly connected, Serial2/1
R1 调试
Rack100R1#debug ip rip
RIP protocol debugging is on
文件名：533580458
最后更新：3/8/2016
第 78 页 共 111 页
Norvel Networks
Rack100R1#clear ip route *
Rack100R1#
00:18:44: RIP: sending v1 update to 255.255.255.255 via Serial1/2 (172.16.3.1)
00:18:44:
subnet 172.16.2.0, metric 1
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 172.17.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.17.0.0, metric 1
00:18:44:
network 172.16.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback1 (172.17.0.1)
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.16.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback2 (172.16.2.1)
00:18:44:
subnet 172.16.3.0, metric 1
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.17.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback3 (172.16.1.1)
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.17.0.0, metric 1
00:18:44: RIP: sending general request on Serial1/2 to 255.255.255.255
00:18:44: RIP: sending general request on Serial1/2 to 224.0.0.9
00:18:44: RIP: sending general request on Loopback0 to 255.255.255.255
00:18:44: RIP: sending general request on Loopback0 to 224.0.0.9
00:18:44: RIP: sending general request on Loopback1 to 255.255.255.255
00:18:44: RIP: sending general request on Loopback1 to 224.0.0.9
00:18:44: RIP: sending general request on Loopback2 to 255.255.255.255
00:18:44: RIP: sending general request on Loopback2 to 224.0.0.9
00:18:44: RIP: sending general request on Loopback3 to 255.255.255.255
00:18:44: RIP: sending general request on Loopback3 to 224.0.0.9
00:18:44: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses)
00:18:44: RIP: ignored v2 packet from 172.17.0.1 (sourced from one of our
addresses)
//
00:18:44: RIP: ignored v2 packet from 172.16.2.1 (sourced from one of our
addresses)
00:18:44: RIP: ignored v2 packet from 172.16.1.1 (sourced from one of our
addresses)
00:18:44: RIP: received v1 update from 172.16.3.2 on Serial1/2
00:18:44:
2.0.0.0 in 1 hops
00:18:44:
172.17.0.0 in 1 hops
文件名：533580458
最后更新：3/8/2016
第 79 页 共 111 页
Norvel Networks
00:18:44: RIP: sending v1 update to 255.255.255.255 via Serial1/2 (172.16.3.1)
00:18:44:
subnet 172.16.2.0, metric 1
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 172.17.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.17.0.0, metric 1
00:18:44:
network 172.16.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback1 (172.17.0.1)
00:18:44:
network 1.0.0.0, metric 1
00:18:44:
network 2.0.0.0, metric 2
00:18:44:
network 172.16.0.0, metric 1
00:18:44: RIP: sending v1 update to 255.255.255.255 via Loopback2 (172.16.2.1)
00:18:44:
subnet 172.16.3.0, metric 1
00:18:44:
network 1.0.0.0, metric 1
文件名：533580458
最后更新：3/8/2016
第 80 页 共 111 页
Norvel Networks
RIP 不支持不连续子网
172.16.0.X/24
172.16.1.X/24
192.168.0.X/24
S1/2
R1
S2/1
R2
图表 14 RIP 不支持不连续子网实验拓朴
实验目的
了解 RIP 为什么不支持不连续子网以及如何进行解决
预配置
R1 上进行预配置
Rack100R1(config)#
00:01:28: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 192.168.0.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int lo0
00:01:38: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
00:01:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
changed state to up
Rack100R1(config-if)#ip ad 172.16.0.1 255.255.255.0
Rack100R1(config)#
R2 上进行预配置
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip ad 192.168.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int lo0
0:01:57: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:01:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config)#^Z
RIP 配置过程
在 R1 上配置 RIP
Rack100R1(config)#router rip
文件名：533580458
最后更新：3/8/2016
第 81 页 共 111 页
Norvel Networks
Rack100R1(config-router)#network 172.16.0.1
Rack100R1(config-router)#network 192.168.1.0
Rack100R1(config-router)#^Z
在 R2 上配置 RIP
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#router rip
Rack100R2(config-router)#network 172.16.0.2
Rack100R2(config-router)#network 192.168.2.2
Rack100R2(config)#exit
当配置完成之后，根据 RIPv1 的接收与工作原理可验证学习不到路由
请在这里写出 RIP 不支持不连续子网的原因（结合本拓朴实验说明）
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
解决方法，配置第二个 IP 地址，使其成为连续子网
172.16.0.X/24
172.16.1.X/24
192.168.0.X/24
S2/1
S1/2
R1
172.16.9.X/24
R2
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip address 172.16.9.1 255.255.255.0 secondary
Rack100R1(config-if)#
练习
是否还有其它方法解决 RIPv1 不支持不连续子网的情况
文件名：533580458
最后更新：3/8/2016
第 82 页 共 111 页
Norvel Networks
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 83 页 共 111 页
Norvel Networks
配置使用 RIPv2
172.16.0.X/24
172.16.1.X/24
192.168.0.X/24
S1/2
R1
S2/1
R2
实验目的
了解如何配置 RIP 版本 2 路由协议
预配置
R1 上进行预配置
Rack100R1(config)#
00:01:28: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 192.168.0.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int lo0
00:01:38: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
00:01:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
changed state to up
Rack100R1(config-if)#ip ad 172.16.0.1 255.255.255.0
Rack100R1(config)#
R2 上进行预配置
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip ad 192.168.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int lo0
0:01:57: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:01:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config)#^Z
实验过程
在 R1 和 R2 上配置 RIP
Rack100R1(config)#router rip
Rack100R1(config-router)#version 2
文件名：533580458
最后更新：3/8/2016
第 84 页 共 111 页
Norvel Networks
//在 Router rip 下使用 version2 可开启 RIP 版本 2
Rack100R1(config-router)#network 172.16.0.1
Rack100R1(config-router)#network 192.168.1.0
Rack100R1(config-router)#^Z
Rack100R1(config)#router rip
Rack100R1(config-router)#network 172.16.0.1
Rack100R1(config-router)#network 192.168.1.0
Rack100R1(config-router)#^Z
检查 RIP 协议的运行情况
Rack100R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 17 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Key-chain
Serial1/2
2
2
Loopback0
2
2
//查看到 RIP 接收和发送版本都是 2
Routing for Networks:
172.16.0.0
192.168.0.0
192.168.1.0
Routing Information Sources:
Gateway
Distance
Last Update
192.168.0.2
120
00:01:01
172.16.9.2
120
00:03:18
172.16.0.2
120
00:08:24
Distance: (default is 120)
Rack100R1#debug ip rip
//开启 Rip 版本 2 的调试
RIP protocol debugging is on
Rack100R1#clear ip route *
Rack100R1#
00:17:00: RIP: sending general request on Serial1/2 to 224.0.0.9
// 查看到 RIPv2 使用组播地址 224.0.0.9 来发送更新!
00:17:00: RIP: sending general request on Loopback0 to 224.0.0.9
文件名：533580458
最后更新：3/8/2016
第 85 页 共 111 页
Norvel Networks
00:17:00: RIP: ignored v2 packet from 172.16.0.1 (sourced from one of our
addresses)
00:19:18: RIP: sending v2 update to 224.0.0.9 via Serial1/2 (192.168.0.1)
00:19:18:
172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:19:18: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.0.1)
00:19:18:
192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
// 查看到 R1 使用 Ripv2 发送路由更新
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 1 subnets
C
172.16.0.0 is directly connected, Loopback0
C
192.168.0.0/24 is directly connected, Serial1/2
// 但是现在查看路由表中并没有 RIP 路由,思考这是为什么呢？
来到 R2 上进行调试
Rack100R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 21 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv Key-chain
Serial2/1
1
12
Loopback0
1
12
//在 R2 上并没有使用 version 2 命令
//现在在 R2 上接收更新是版本 1 和 2,即现在能收到 R1 的版本 2 的更新，但是发
送为版本 1
Routing for Networks:
172.16.0.0
192.168.0.0
192.168.2.0
Routing Information Sources:
Gateway
Distance
Last Update
文件名：533580458
最后更新：3/8/2016
第 86 页 共 111 页
Norvel Networks
192.168.0.1
120
172.16.9.1
120
172.16.0.1
120
Distance: (default is 120)
00:00:23
00:06:03
00:11:07
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
R
//
C
C
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
172.16.0.0/16 [120/1] via 192.168.0.1, 00:00:26, Serial2/1
思考这里为什么能学习到路由，而在 R1 上学习不到任何 RIP 路由?
172.16.1.0/24 is directly connected, Loopback0
192.168.0.0/24 is directly connected, Serial2/1
解决方法
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip rip send version 2
Rack100R2(config-if)#ip rip receive version 2
// 另一种配置 RIP 版本的方法就是在接口模式下使用 ip rip send/receive 版本号
进行配置
Rack100R2(config-if)#exit
Rack100R2(config)#
再次来到 R1 上
Rack100R1#
00:22:55: RIP: received v2 update from 192.168.0.2 on Serial1/2
00:22:55:
172.16.0.0/16 -> 0.0.0.0 in 1 hops
Rack100R1#
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
文件名：533580458
最后更新：3/8/2016
第 87 页 共 111 页
Norvel Networks
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
R
172.16.0.0/16 [120/1] via 192.168.0.2, 00:00:07, Serial1/2
//现在在 R1 上终于可以看到路由条目了
C
172.16.0.0/24 is directly connected, Loopback0
C
192.168.0.0/24 is directly connected, Serial1/2
问题
RIP 版本 2 与 RIP 版本 1 有什么区别?
____________________________________________________________________
____________________________________________________________________
RIP 版本 2 的路由更新包的三层目标地址是？
____________________________________________________________________
____________________________________________________________________
RIP 版本 2 的路由更新包中的下一跳字段的作用是？
____________________________________________________________________
____________________________________________________________________
RIP 版本 2 与 RIP 版本 1 是否兼容？
____________________________________________________________________
____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 88 页 共 111 页
Norvel Networks
配置 RIP 认证
172.16.0.X/24
172.16.1.X/24
192.168.0.X/24
S1/2
R1
S2/1
R2
实验目的
了解如何配置 RIP 版本 2 的认证
预配置：
R1 上进行预配置
Rack100R1(config)#
00:01:28: %SYS-5-CONFIG_I: Configured from console by console
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 192.168.0.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int lo0
00:01:38: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
00:01:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2,
changed state to up
Rack100R1(config-if)#ip ad 172.16.0.1 255.255.255.0
Rack100R1(config)#
R2 上进行预配置
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip ad 192.168.0.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int lo0
0:01:57: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
00:01:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1,
changed state to up
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config)#^Z
实验过程：
在 R1 上配置密码
Rack100R1#conf t
文件名：533580458
最后更新：3/8/2016
第 89 页 共 111 页
Norvel Networks
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#key chain R1
// 配置密码组,组名为 R1
Rack100R1(config-keychain)#key 1
Rack100R1(config-keychain-ke)#key-string cisco
Rack100R1(config-keychain-ke)#exit
Rack100R1(config-keychain)#key 2
Rack100R1(config-keychain-ke)#key-string cisco1
Rack100R1(config-keychain-ke)#exit
Rack100R1(config)#exit
Rack100R1#
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip rip authentication mode md5
// 配置 RIP 认证为密文认证(默认为明文)
Rack100R1(config-if)#ip rip authentication key-chain R1
// 配置 RIP 认证使用 key-chain R1
Rack100R1(config-if)#
现在在 R1 上使用 debug ip rip 进行调试
Rack100R1#debug ip rip
RIP protocol debugging is on
Rack100R1#clear ip route *
Rack100R1#
00:29:54: RIP: ignored v2 packet from 192.168.0.2 (invalid authentication)
// 现在发现 R1 与 R2 之间认证失败
Rack100R1#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 18 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Key-chain
Serial1/2
2
2
R1
Loopback0
2
2
//使用 show ip protocol 可以看到 S1/2 的 RIP 更新使用了 Key-chain R1
Routing for Networks:
172.16.0.0
192.168.0.0
文件名：533580458
最后更新：3/8/2016
第 90 页 共 111 页
Norvel Networks
192.168.1.0
Routing Information Sources:
Gateway
Distance
192.168.0.2
120
172.16.9.2
120
172.16.0.2
120
Distance: (default is 120)
Last Update
00:03:30
00:18:15
00:23:20
现在在 R2 上配置认证
Rack100R2#
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#key chain R2
Rack100R2(config-keychain)#key 3
Rack100R2(config-keychain-ke)#key-string cisco
Rack100R2(config-keychain-ke)#key 4
Rack100R2(config-keychain-ke)#key-string cisco1
Rack100R2(config-keychain-ke)#
Rack100R2(config-keychain-ke)#exit
Rack100R2(config-keychain)#int s2/1
Rack100R2(config-if)#ip rip authen mod md5
//配置 RIP 的认证模式为 MD5 加密
Rack100R2(config-if)#ip rip authen key-c R2
//配置 RIP 的认证使用 Key-Chain R2
现在在 R2 上再进行调试
Rack100R2#debug ip rip
//开启 debug ip rip 调试
Rack100R2#clear ip route *
Rack100R2#
00:35:14: RIP: sending general request on Serial2/1 to 224.0.0.9
00:35:14: RIP: sending general request on Loopback0 to 255.255.255.255
00:35:14: RIP: sending general request on Loopback0 to 224.0.0.9
00:35:14: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our
addresses)
Rack100R2#
00:35:20: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:35:20:
172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:35:20: RIP: sending v1 update to 255.255.255.255 via Loopback0 (172.16.1.2)
00:35:20:
network 192.168.0.0, metric 1
Rack100R2#
00:35:23: RIP: received packet with MD5 authentication
文件名：533580458
最后更新：3/8/2016
第 91 页 共 111 页
Norvel Networks
// R2 与 R1 的 MD5 认证通过！
00:35:23: RIP: received v2 update from 192.168.0.1 on Serial2/1
00:35:23:
172.16.0.0/16 -> 0.0.0.0 in 1 hops
00:35:23: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:35:23:
172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:35:23: RIP: sending v1 update to 255.255.255.255 via Loopback0 (172.16.1.2)
00:35:23:
network 192.168.0.0, metric 1
问题
当使用 RIP 版本 2 的认证时，版本 2 的更新包中的 Auth-type 字段分别的值是什
么？
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
有办法使用 RIP 版本 1 配置 RIP 认证吗？
____________________________________________________________________
____________________________________________________________________
文件名：533580458
最后更新：3/8/2016
第 92 页 共 111 页
Norvel Networks
IGRP 实验
S1/3
S1/2
R1
10.1.1.x/24
10.1.2.X/24
S2/1
R2
S3/1
172.16.1.0/24
192.168.1.0/24
R3
实验目的
了解如何配置 IGRP 协议
预配置
R1 的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/3
Rack100R1(config-if)#ip ad 10.1.2.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#^Z
Rack100R1#
R2 的预配置
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#int lo1
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad 10.1.1.2 255.255.255.0
文件名：533580458
最后更新：3/8/2016
第 93 页 共 111 页
Norvel Networks
Rack100R2(config-if)#no sh
Rack100R2(config-if)#^Z
Rack100R2#
R3 的预配置
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int lo1
Rack100R3(config-if)#ip ad 192.168.1.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#int s3/1
Rack100R3(config-if)#ip ad 10.1.2.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#^Z
Rack100R3#
实验过程
在 R1 上配置 IGRP
Rack100R1(config)#router igrp 100
Rack100R1(config-router)#network 10.1.1.1
Rack100R1(config-router)#network 10.1.2.1
Rack100R1(config-router)#exit
Rack100R1(config)#^Z
在 R2 上配置 IGRP
Rack100R2(config)#router igrp 100
Rack100R2(config-router)#network 10.1.1.2
Rack100R2(config-router)#network 172.16.1.2
Rack100R2(config-router)#exit
Rack100R2(config)#^Z
在 R3 上配置 IGRP
Rack100R3(config)#router igrp 100
Rack100R3(config-router)#network 192.168.1.3
Rack100R3(config-router)#network 10.1.2.3
Rack100R3(config-router)#^Z
Rack100R3#
在 R1 上查看 IGRP 运行的情况
Rack100R1#show ip protocols
Routing Protocol is "igrp 100"
Sending updates every 90 seconds, next due in 11 seconds
文件名：533580458
最后更新：3/8/2016
第 94 页 共 111 页
Norvel Networks
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
1.0.0.0
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
100
00:01:09
Distance: (default is 100)
查看 R1、R2、R3 的路由表
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
I
C
C
I
172.16.0.0/16 [100/8976] via 10.1.1.2, 00:00:03, Serial1/2
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 is directly connected, Serial1/3
10.1.1.0 is directly connected, Serial1/2
192.168.1.0/24 [100/8976] via 10.1.2.3, 00:00:03, Serial1/3
Rack100R2#
Rack100R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
文件名：533580458
最后更新：3/8/2016
第 95 页 共 111 页
Norvel Networks
T - traffic engineered route
Gateway of last resort is not set
C
I
C
I
172.16.0.0/24 is subnetted, 1 subnets
172.16.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 [100/10476] via 10.1.1.1, 00:00:10, Serial2/1
10.1.1.0 is directly connected, Serial2/1
192.168.1.0/24 [100/10976] via 10.1.1.1, 00:00:10, Serial2/1
Rack100R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
I
C
I
C
172.16.0.0/16 [100/10976] via 10.1.2.1, 00:00:42, Serial3/1
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 is directly connected, Serial3/1
10.1.1.0 [100/10476] via 10.1.2.1, 00:00:42, Serial3/1
192.168.1.0/24 is directly connected, Loopback1
文件名：533580458
最后更新：3/8/2016
第 96 页 共 111 页
Norvel Networks
EIGRP 实验
S1/3
S1/2
R1
10.1.1.x/24
10.1.2.X/24
S2/1
R2
S3/1
172.16.1.0/24
192.168.1.0/24
R3
实验目的
了解如何配置 EIGRP 协议
预配置
R1 的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/3
Rack100R1(config-if)#ip ad 10.1.2.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#^Z
Rack100R1#
R2 的预配置
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#int lo1
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad 10.1.1.2 255.255.255.0
文件名：533580458
最后更新：3/8/2016
第 97 页 共 111 页
Norvel Networks
Rack100R2(config-if)#no sh
Rack100R2(config-if)#^Z
Rack100R2#
R3 的预配置
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int lo1
Rack100R3(config-if)#ip ad 192.168.1.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#int s3/1
Rack100R3(config-if)#ip ad 10.1.2.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#^Z
Rack100R3#
实验过程
在 R1 上配置 EIGRP
Rack100R1(config)#router eigrp 64
Rack100R1(config-router)#network 1.1.1.1
Rack100R1(config-router)#network 10.1.1.1
Rack100R1(config-router)#^Z
在 R2 上配置 EIGRP
Rack100R2(config)#router eigrp 64
Rack100R2(config-router)#network 2.0.0.0
Rack100R2(config-router)#network 172.16.0.0
Rack100R2(config-router)#network 10.0.0.0
Rack100R2(config-router)#^Z
在 R3 上配置 EIGRP
Rack100R3(config)#router eigrp 64
Rack100R3(config-router)#network 3.3.3.3
Rack100R3(config-router)#network 192.168.1.3
Rack100R3(config-router)#network 10.0.0.0
Rack100R3(config-router)#^Z
在 R1 上查看 EIGRP 相关配置
Rack100R1#show ip protocols
Routing Protocol is "eigrp 64"
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
文件名：533580458
最后更新：3/8/2016
第 98 页 共 111 页
Norvel Networks
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 64
Automatic network summarization is in effect
Automatic address summarization:
1.0.0.0/8 for Serial1/2, Serial1/3
Summarizing with metric 128256
10.0.0.0/8 for Loopback0
Summarizing with metric 2169856
Routing for Networks:
1.0.0.0
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
(this router)
5
00:02:01
10.1.1.2
90
00:00:30
10.1.2.3
90
00:00:29
Distance: internal 90 external 170
Rack100R1#show ip route
//查看路由表
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
D
C
D
D
D
C
D
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
1.0.0.0/8 is a summary, 00:02:33, Null0
1.1.1.0/24 is directly connected, Loopback0
2.0.0.0/8 [90/2297856] via 10.1.1.2, 00:01:34, Serial1/2
3.0.0.0/8 [90/2297856] via 10.1.2.3, 00:01:02, Serial1/3
172.16.0.0/16 [90/2297856] via 10.1.1.2, 00:01:34, Serial1/2
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
10.1.2.0/24 is directly connected, Serial1/3
10.0.0.0/8 is a summary, 00:02:33, Null0
文件名：533580458
最后更新：3/8/2016
第 99 页 共 111 页
Norvel Networks
C
D
10.1.1.0/24 is directly connected, Serial1/2
192.168.1.0/24 [90/2297856] via 10.1.2.3, 00:01:02, Serial1/3
Rack100R1#show ip route eigrp
//查看所有的 EIGRP 路由条目
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D
1.0.0.0/8 is a summary, 00:02:58, Null0
D
2.0.0.0/8 [90/2297856] via 10.1.1.2, 00:01:59, Serial1/2
D
3.0.0.0/8 [90/2297856] via 10.1.2.3, 00:01:27, Serial1/3
D
172.16.0.0/16 [90/2297856] via 10.1.1.2, 00:01:59, Serial1/2
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D
10.0.0.0/8 is a summary, 00:02:58, Null0
D
192.168.1.0/24 [90/2297856] via 10.1.2.3, 00:01:27, Serial1/3
Rack100R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 64
H
Address
Interface
Seq
Hold Uptime
(sec)
Num
1 10.1.2.3
0 10.1.1.2
Se1/3
Se1/2
11 00:02:08
13 00:02:41
SRTT
(ms)
56
22
RTO
Q
Cnt
336 0 2
200 0 3
Rack100R1#show ip eigrp topology
IP-EIGRP Topology Table for process 64
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 1.0.0.0/8, 1 successors, FD is 128256
via Summary (128256/0), Null0
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 2.0.0.0/8, 1 successors, FD is 2297856
via 10.1.1.2 (2297856/128256), Serial1/2
P 3.0.0.0/8, 1 successors, FD is 2297856
via 10.1.2.3 (2297856/128256), Serial1/3
P 10.1.2.0/24, 1 successors, FD is 2169856
via Connected, Serial1/3
P 10.0.0.0/8, 1 successors, FD is 2169856
via Summary (2169856/0), Null0
P 10.1.1.0/24, 1 successors, FD is 2169856
via Connected, Serial1/2
P 192.168.1.0/24, 1 successors, FD is 2297856
文件名：533580458
最后更新：3/8/2016
第 100 页 共 111 页
Norvel Networks
via 10.1.2.3 (2297856/128256), Serial1/3
P 172.16.0.0/16, 1 successors, FD is 2297856
via 10.1.1.2 (2297856/128256), Serial1/2
Rack100R1#show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 64
Hellos sent/received: 182/151
Updates sent/received: 8/5
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 3/5
Input queue high water mark 2, 0 drops
Rack100R1#show ip eigrp interfaces
IP-EIGRP interfaces for process 64
Xmit Queue
Pending
Interface
Lo0
0
Se1/2
0
Se1/3
0
Peers Un/Reliable SRTT
0
0/0
Mean
Pacing Time
Un/Reliable
0
Flow Timer
0/10
Multicast
Routes
0
1
0/0
22
0/15
79
1
0/0
56
0/15
50
Rack100R1#debug ip packet detail
Rack100R1#clear ip route *
00:31:48: IP: s=10.1.1.2 (Serial1/2), d=224.0.0.10, len 60, rcvd 2, proto=88
// EIGRP 采用组播地址 224.0.0.10，Protocol 为 88
00:31:48: IP: s=1.1.1.1 (local), d=224.0.0.10 (Loopback0), len 60, sending
broad/multicast, proto=88
OSPF 路由实验
文件名：533580458
最后更新：3/8/2016
第 101 页 共 111 页
Norvel Networks
S1/3
S1/2
R1
10.1.1.x/24
10.1.2.X/24
S2/1
R2
S3/1
172.16.1.0/24
R3
192.168.1.0/24
实验目的
了解如何使用 OSPF 路由协议进行配置
预配置
R1 的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int lo0
Rack100R1(config-if)#ip ad 1.1.1.1 255.255.255.0
Rack100R1(config-if)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#int s1/3
Rack100R1(config-if)#ip ad 10.1.2.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config-if)#^Z
Rack100R1#
R2 的预配置
Rack100R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#int lo1
Rack100R2(config-if)#ip ad 172.16.1.2 255.255.255.0
Rack100R2(config-if)#no sh
Rack100R2(config-if)#int s2/1
Rack100R2(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R2(config-if)#no sh
文件名：533580458
最后更新：3/8/2016
第 102 页 共 111 页
Norvel Networks
Rack100R2(config-if)#^Z
Rack100R2#
R3 的预配置
Rack100R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R3(config)#int lo0
Rack100R3(config-if)#ip ad 3.3.3.3 255.255.255.0
Rack100R3(config-if)#int lo1
Rack100R3(config-if)#ip ad 192.168.1.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#int s3/1
Rack100R3(config-if)#ip ad 10.1.2.3 255.255.255.0
Rack100R3(config-if)#no sh
Rack100R3(config-if)#^Z
Rack100R3#
OSPF 配置
在 R1 上配置 OSPF
Rack100R1(config)#router ospf 64
//在 Router 上开启 OSPF 进程 64
Rack100R1(config-router)#network 1.1.1.0 0.0.0.255 area 0
//宣告 1.1.1.0 到骨干区域 Area 0
Rack100R1(config-router)#network 10.1.1.0 0.0.0.255 area 0
Rack100R1(config-router)#network 10.1.2.0 0.0.0.255 area 0
Rack100R1(config-router)#exit
Rack100R1(config)#^Z
在 R2 上配置 OSPF
Rack100R2(config)#router ospf 100
Rack100R2(config-router)#network 2.2.2.0 0.0.0.255 area 0
Rack100R2(config-router)#network 172.16.1.0 0.0.0.255 area 0
Rack100R2(config-router)#network 10.1.1.0 0.0.0.255 area 0
Rack100R2(config-router)#exit
Rack100R2(config)#^Z
在 R3 上配置 OSPF
Rack100R3(config)#router ospf 101
Rack100R3(config-router)#network 3.3.3.0 0.0.0.255 area 0
Rack100R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
Rack100R3(config-router)#network 10.1.2.0 0.0.0.255 area 0
Rack100R3(config-router)#exit
Rack100R3(config)#^Z
文件名：533580458
最后更新：3/8/2016
第 103 页 共 111 页
Norvel Networks
在 R1 上查看 OSPF 配置
Rack100R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
C
O
O
O
C
C
O
1.0.0.0/24 is subnetted, 1 subnets
1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [110/65] via 10.1.1.2, 00:00:13, Serial1/2
3.0.0.0/32 is subnetted, 1 subnets
3.3.3.3 [110/65] via 10.1.2.3, 00:00:13, Serial1/3
172.16.0.0/32 is subnetted, 1 subnets
172.16.1.2 [110/65] via 10.1.1.2, 00:00:13, Serial1/2
10.0.0.0/24 is subnetted, 2 subnets
10.1.2.0 is directly connected, Serial1/3
10.1.1.0 is directly connected, Serial1/2
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.3 [110/65] via 10.1.2.3, 00:00:13, Serial1/3
Rack100R1#show ip protocols
Routing Protocol is "ospf 64"
// 运行了 OSPF 64 进程
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: ospf 64
Routing for Networks:
1.1.1.0/24
10.1.1.0/24
10.1.2.0/24
Routing Information Sources:
Gateway
Distance
Last Update
192.168.1.3
110
00:01:03
172.16.1.2
110
00:01:03
Distance: (default is 110)
文件名：533580458
最后更新：3/8/2016
第 104 页 共 111 页
Norvel Networks
Rack100R1#show ip ospf neighbor
Neighbor ID
Interface
172.16.1.2
Serial1/2
192.168.1.3
Serial1/3
Pri
State
Dead Time
Address
1
FULL/
-
00:00:33
10.1.1.2
1
FULL/
-
00:00:33
10.1.2.3
Rack100R1#show ip ospf interface
//查看 Router 上运行 OSPF 的接口
Serial1/2 is up, line protocol is up
Internet Address 10.1.1.1/24, Area 0
Process ID 64, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.1.2
Suppress hello for 0 neighbor(s)
Serial1/3 is up, line protocol is up
Internet Address 10.1.2.1/24, Area 0
Process ID 64, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.1.3
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 1.1.1.1/24, Area 0
Process ID 64, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
Rack100R1#show ip ospf da
OSPF Router with ID (1.1.1.1) (Process ID 64)
Router Link States (Area 0)
Link ID
count
文件名：533580458
最后更新：3/8/2016
ADV Router
Age
Seq#
Checksum Link
第 105 页 共 111 页
Norvel Networks
1.1.1.1
172.16.1.2
192.168.1.3
1.1.1.1
172.16.1.2
192.168.1.3
文件名：533580458
最后更新：3/8/2016
160
225
161
0x80000005 0x8102
0x80000004 0x515
0x80000004 0xD534
5
4
4
第 106 页 共 111 页
Norvel Networks
使用 ACL 增强 Router 安全
10.1.1.x/24
S1/2
S2/1
R1
R2
实验目的
了解如何使用 ACL 增强路由器远程登录时的安全性
预配置
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config)#^Z
Rack100R2(config)#int s2/1
Rack100R2(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R2(config-if)#no sh
实验过程
在 R1 上配置 access-list 加强 Telnet 安全
Rack100R1(config)#access-list 1 permit 10.1.1.2 0.0.0.0
Rack100R1(config)#line vty 0 4
Rack100R1(config-line)#access-class 1 in
Rack100R1(config-line)#^Z
在 R2 上做个测试
Rack100R2(config)#int lo0
Rack100R2(config-if)#ip ad 2.2.2.2 255.255.255.0
Rack100R2(config-if)#^Z
Rack100R2(config)#ip telnet source-interface loopback 0
Rack100R2(config)#^Z
//现在做测试无法登录 10.1.1.1
Rack100R2#telnet 10.1.1.1
Trying 10.1.1.1 ...
% Connection timed out; remote host not responding
文件名：533580458
最后更新：3/8/2016
第 107 页 共 111 页
Norvel Networks
标准访问控制列表
10.1.1.x/24
S1/2
R1
S2/1
R2
图表 15 标准访问控制列表拓朴
实验目的
了解如何使用标准访问控制列表对网络进行策略控制
预配置
R1 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config)#router ospf 1
Rack100R1(config-router)#network 0.0.0.0 0.0.0.0 area 0
R2 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s2/1
Rack100R1(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R2(config)#router ospf 1
Rack100R2(config-router)#network 0.0.0.0 0.0.0.0 are 0
Rack100R2(config-router)#
实验过程
在 R2 做测试,从 2.2.2.0 出发 Ping R1 的 10.1.1.0
Rack100R2#p
Protocol [ip]:
Target IP address: 10.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: 2.2.2.2
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/60 ms
文件名：533580458
最后更新：3/8/2016
第 108 页 共 111 页
Norvel Networks
Rack100R2#
在 R1 做访问控制列表，拒绝 2.2.2.0 网段的访问
Rack100R1(config)#access-list 50 deny 2.2.2.0 0.0.0.255
Rack100R1(config)#access-list 50 permit any
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip access-group 50 in
Rack100R1(config-if)#^Z
在 R2 上再次 Ping 测试
Rack100R2#p
Protocol [ip]:
Target IP address: 1.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 2.2.2.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Rack100R2#
文件名：533580458
最后更新：3/8/2016
第 109 页 共 111 页
Norvel Networks
扩展访问控制列表
10.1.1.x/24
S1/2
S2/1
R1
R2
实验目的
了解如何使用扩展访问控制列表对网络进行策略控制
实验过程
R1 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip ad 10.1.1.1 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R1(config)#router ospf 1
Rack100R1(config-router)#network 0.0.0.0 0.0.0.0 area 0
R2 上的预配置
Rack100R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack100R1(config)#int s2/1
Rack100R1(config-if)#ip ad 10.1.1.2 255.255.255.0
Rack100R1(config-if)#no sh
Rack100R2(config)#router ospf 1
Rack100R2(config-router)#network 0.0.0.0 0.0.0.0 are 0
Rack100R2(config-router)#
实验过程
Rack100R1(config)#access-list 100 deny icmp any any
Rack100R1(config)#access-list 100 permit ip any any
Rack100R1(config)#int s1/2
Rack100R1(config-if)#ip access-group 100 out
Rack100R1(config-if)#^Z
备份 IOS 到 TFTP 服务器
文件名：533580458
最后更新：3/8/2016
第 110 页 共 111 页
Norvel Networks
10.1.1.x/24
E0
R1
TFTP Server
实验目的
学习使用 TFTP 协议将思科路由器的 IOS 备份到 TFTP
实验预配置
配置好 Router1 的以太网接口
Router#conf t
Router(config)#int e0
Router(config-if)#ip ad 10.1.1.1 255.255.255.0
Router(config-if)#no sh
测试能否与 TFTP Server 通信
Router#ping 10.1.1.251
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds:
!!!!!
实验过程
Router#copy flash tftp
//将 flash 上的文件 copy 到 tftp 上
Source filename [ ]? c2600-js-l_121-3.bin
Address or name of remote host [ ]?192.168.119.20
Destination filename [c2600-js-l_121-3.bin]?
Accessing tftp://192.168.119.20/c2600-js-l_121-3.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
data Verifying Check sum .................. OK
[OK 8906589 Bytes]
8906589 bytes copied in 277.45 secs
Router#
文件名：533580458
最后更新：3/8/2016
第 111 页 共 111 页