MENU

学 Cisco CCNP 的一些笔记

• July 23, 2018 • Read: 321 • 随手一记

前言 :

浮动静态路由 2018/07/23 08:16

性感六浮动静态路由
实现在f1/0 发生故障时,s0/0能及时替代

R1:
R1(config)#interface loopback 0    //创建回环口0,模拟真实pc
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#interface fastEthernet 1/0   //进入f1/0端口设置ip地址
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#int serial 0/0   
R1(config-if)#ip add 21.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#ip route 2.2.2.0 255.255.255.0 12.1.1.2   //配到R2回环口的路由
R1(config)#ip route 2.2.2.0 255.255.255.0 serial 0/0 100   //将s0/0优先级设置为100.
R1#show ip route 
S       2.2.2.0 [1/0] via 12.1.1.2
R1(config)#int f1/0
R1(config-if)#sh
R1#show ip route 
S       2.2.2.0 is directly connected, Serial0/0
R2同理

高级rip 2018/07/23 11:36

性感六高级rip

  • rip v1和v2之间的兼容

  • R1运行v1版本.R2,R3运行v2版本
R1:
R1(config)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#int f0/0
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ip rip send version 1 2    //核心配置  R1发送v1 v2 
R1(config-if)#ip rip receive version 1 2   //R1接受 v1 v2
R1(config-if)#ex
R1(config)#router rip       
R1(config-router)#version 1
R1(config-router)#network 1.0.0.0
R1(config-router)#net 12.0.0.0
验证:
R1#show ip protocols   //显示当前路由器运行的路由协议
R1#show run interface fastEthernet 0/0   //查看f0/0接口的配置
Building configuration...

Current configuration : 146 bytes
!
interface FastEthernet0/0
 ip address 12.1.1.1 255.255.255.0
 ip rip send version 1 2
 ip rip receive version 1 2
 duplex auto
 speed auto
end
R2:
R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#no auto-summary 
R2(config-router)#network 2.0.0.0
R2(config-router)#net 12.0.0.0
R2(config-router)#net 23.0.0.0
R3同理

修改rip计时器时间 2018/07/24 18:19

R2(config)#router rip
R2(config-router)#timers basic 5 15 15 20   //每隔5s发送更新包,超过15秒没收到标记为is possibly down.20s没收到删除路由

rip被动接口 2018/07/24 18:43

R2(config)#router rip
R1(config-router)#passive-interface f0/0   //被动接口只接收更新包,不发送.

验证:

R1:
R1#debug ip rip
RIP protocol debugging is on
*Mar  1 04:55:15.782: RIP: received v2 update from 12.1.1.2 on FastEthernet0/0
*Mar  1 04:55:15.782:      2.2.2.0/24 via 0.0.0.0 in 1 hops
*Mar  1 04:55:15.782:      3.3.3.0/24 via 0.0.0.0 in 2 hops
*Mar  1 04:55:15.786:      23.1.1.0/24 via 0.0.0.0 in 1 hops
R1#
*Mar  1 04:55:18.102: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
*Mar  1 04:55:18.102: RIP: build update entries
*Mar  1 04:55:18.102:   network 2.0.0.0 metric 2
*Mar  1 04:55:18.102:   network 3.0.0.0 metric 3
*Mar  1 04:55:18.106:   network 12.0.0.0 metric 1
*Mar  1 04:55:18.106:   network 23.0.0.0 metric 2

R2:
R2#clear ip route *   //清理路由表
R2#show ip route

rip路由汇总 2018/07/24 19:13

R3(config)#int lo 1
R3(config-if)#ip add 172.16.16.1 255.255.255.0   //R3新创建四个回环口
R3(config-if)#no sh
R3(config)#int lo 2
R3(config-if)#ip add 172.16.17.1 255.255.255.0
R3(config-if)#no sh
R3(config)#int lo 3
R3(config-if)#ip add 172.16.18.1 255.255.255.0
R3(config-if)#no sh
R3(config)#int lo 4
R3(config-if)#ip add 172.16.19.1 255.255.255.0
R3(config-if)#no sh
R3(config)#router rip 
R3(config-router)#net 172.16.0.0   //通告网络

R2#show ip ro   //R2查看路由表看到路由多了非常占内存
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     3.0.0.0/24 is subnetted, 1 subnets
R       3.3.3.0 [120/1] via 23.1.1.3, 00:00:06, FastEthernet1/0
     23.0.0.0/24 is subnetted, 1 subnets
C       23.1.1.0 is directly connected, FastEthernet1/0
     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
R       172.16.16.0/22 [120/1] via 23.1.1.3, 00:00:00, FastEthernet1/0
R       172.16.16.0/24 [120/1] via 23.1.1.3, 00:00:06, FastEthernet1/0
R       172.16.17.0/24 [120/1] via 23.1.1.3, 00:00:07, FastEthernet1/0
R       172.16.18.0/24 [120/1] via 23.1.1.3, 00:00:07, FastEthernet1/0
R       172.16.19.0/24 [120/1] via 23.1.1.3, 00:00:07, FastEthernet1/0
     12.0.0.0/24 is subnetted, 1 subnets

R3(config-if)#ip summary-address rip 172.16.16.0 255.255.252.0    //R3出接口做自动汇总

R2#show ip ro   //R2查看路由表
     172.16.0.0/22 is subnetted, 1 subnets
R       172.16.16.0 [120/1] via 23.1.1.3, 00:00:05, FastEthernet1/0

rip水平分割 2018/07/25 13:12

R2(config)#int f0/0
R2(config-if)#no ip split-horizon   //关闭水平分割,即还会向邻居发送不是自己的路由

rip单播更新 2018/07/25 13:18

R2(config)#router rip
R2(config-router)#neighbor 12.1.1.1 

验证:
R2#debug ip rip
*Mar  1 00:17:39.659: RIP: sending v2 update to 12.1.1.1 via FastEthernet0/0 (12.1.1.2)

rip偏移列表 2018/07/26 9:37

R2(config)#access-list 1 permit 3.3.3.0    //抓路由两种方式,第一种访问控制列表
R2(config)#router rip
R2(config-router)#offset-list 1 in 9 fastEthernet 0/0   //改metric值 
R2#sh ip ro
R       3.3.3.0 [120/10] via 23.1.1.3, 00:00:03, FastEthernet0/0

rip认证 2018/07/27 10:03

R3(config)#key chain xgl   //只支持rip V2版本   创建钥匙库 名字为xgl
R3(config-keychain)#key 1   //第一把钥匙
R3(config-keychain-key)#key-string xgl   //第一把钥匙密码
R3(config)#int f0/0   
R3(config-if)#ip rip authentication key-chain xgl   //进入相应端口,启用钥匙库
R3(config-if)#ip rip authentication mode md5    //模式为md5加密
R3#show key chain 
Key-chain xgl:
    key 1 -- text "xgl"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
R2同理

rip触发更新 2018/07/28 10:35

R2(config)#int s0/1
R2(config-if)#ip rip triggered    //只有串口支持,实际用的不多
验证:
R2#show ip protocols 
Routing Protocol is "rip"
  Sending updates every 30 seconds, next due in 10 seconds
  Invalid after 180 seconds, hold down 0, flushed after 240
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Redistributing: static, rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial0/1             2     2          Yes                       
    Loopback0             2     2                                    
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    2.0.0.0
    12.0.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    12.1.1.1             120      00:00:21
  Distance: (default is 120)

rip默认路由 2018/07/29 10:37

R2(config)#ip route 0.0.0.0 0.0.0.0 lo 0   //用lo 0 模拟这是公网接口
R2(config)#router rip
R2(config-router)#redistribute static 
验证:
R1#sh ip ro
R*   0.0.0.0/0 [120/1] via 12.1.1.2, 00:00:00, Serial0/1

rip综合实验 2018/07/30 13:15

性感六rip高级实验
性感六rip高级实验2

先进行基本配置

R2模拟公网上的路由器,不需要自己手动配,把下列配置复制粘贴过去即可

R2配置:
key chain cisco
key 1
key-string cisco
intface loopback 0
ip address 2.2.2.2 255.255.255.255
interface loopback 1
ip address 199.172.2.254 255.255.255.0
interface loopback 2
ip address 199.172.3.254 255.255.255.0
interface loopback 3
ip address 199.172.4.254 255.255.255.0
interface loopback 4
ip address 199.172.1.254 255.255.255.0
interface serial0/0
ip address 150.100.12.2 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain cisco
clock rate 64000
no shutdown
router rip
version 2
no au
netw 2.0.0.0
netw 150.100.0.0
netw 199.172.1.0
netw 199.172.2.0
netw 199.172.3.0
netw 199.172.4.0

1.R3不能向R4通告路由更新(20分),但是必须把路由通告给R1

R3(config)#int lo 0
R3(config-if)#ip add 3.3.3.3 255.255.255.0   //R3上建一个回环口来模拟
R3(config-if)#no sh
R3(config-if)#ex
R3(config)#router rip
R3(config-router)#net 3.0.0.0
R3(config-router)#passive-interface f0/0   //在R3上启用被动接口,不给任何端口发送路由信息
R3(config-router)#neighbor 10.1.134.1   //单独给R1发送
验证:
R1#sh ip ro rip
R    3.0.0.0/8 [120/1] via 10.1.134.3, 00:00:18, FastEthernet0/0
R4#sh ip ro rip

2.R1是链接到互联网的路由器,在R1上面通过rip向内网注入一条默认路由,强迫R1向R4发送从R3学习过来的路由.

R1(config)#ip route 0.0.0.0 0.0.0.0 serial 1/0
R1(config)#router rip
R1(config-router)#redistribute static 
验证:
R4#sh ip ro rip
R*   0.0.0.0/0 [120/1] via 10.1.134.1, 00:00:06, FastEthernet0/0

R1(config)#int f0/0
R1(config-if)#no ip split-horizon 
R4#sh ip ro rip
R    3.0.0.0/8 [120/2] via 10.1.134.1, 00:00:06, FastEthernet0/0

3.修改R4 rip计时器时间,update为5s,invalid为10s,holddown为20s,没有收到更新后15s删除

R4(config-router)#timers basic 5 15 15 20

4.在删除R1上发送出来的缺省路由后,R1与R4之间分别链接主机H1和H2(回环口代替),发现不能互相访问对方.解决

R1(config)#router rip
R1(config-router)#no redistribute static   //首先关掉重分布静态
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.224 secondary    //相邻子网不会路由汇总,
R4(config)#int f0/0
R4(config-if)#ip add 192.168.1.2 255.255.255.224 secondary 
R4#ping 192.168.1.92

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/40 ms

5.R1的S1/0上级联一个rip邻居,要求仅在R1 S1/0接口上面发送和接受rip V2的更新,并且要求使用md5加密认证.

R1(config)#key chain xgl
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string xgl
R1(config)#int s1/0
R1(config-if)#ip rip authentication key-chain xgl
R1(config-if)#ip rip authentication mode md5 
验证:
R1#sh ip ro ri
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 150.100.12.2, 00:00:01, Serial1/0
R    3.0.0.0/8 [120/1] via 10.1.134.3, 00:00:27, FastEthernet0/0
R    199.172.3.0/24 [120/1] via 150.100.12.2, 00:00:01, Serial1/0
R    199.172.2.0/24 [120/1] via 150.100.12.2, 00:00:01, Serial1/0
R    199.172.4.0/24 [120/1] via 150.100.12.2, 00:00:01, Serial1/0

6.你不能用任何手段登录到R2查询或修改配置,R1配置只能允许R2 Telnet R1 enable模式(不需要输密码和enable),R2只能用2.2.2.2来发出Telnet

R1(config)#access-list 1 permit 2.2.2.2
R1(config)#line vty 0 4
R1(config-line)#access-class 1 in 
R1(config-line)#no login 
R1(config-line)#privilege level 15   //设置级别为15
验证:
R2#telnet 150.100.12.1 /source-interface loopback 0
Trying 150.100.12.1 ... Open

R1#

7.R3收到R1发送过来的199.172.x.0/24网段路由,要求路由在路由表li里metric为10

R3(config)#access-list 1 permit 199.172.0.0 0.0.7.255
R3(config)#router rip
R3(config-router)#offset-list 1 in 9 fastEthernet 0/0

ospf路由基础 2018/08/01 11:30

性感六ospf

R1(config)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#int f0/0
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 12.1.1.0 0.0.0.255 a 0
R1(config-router)#net 1.1.1.0 0.0.0.255 a 0
R2,R3同理
验证:
R2#sh ip os neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/DR         00:00:29    23.1.1.3        FastEthernet1/0
1.1.1.1           1   FULL/BDR        00:00:35    12.1.1.1        FastEthernet0/0

R2#sh ip pro   //查看当前运行路由协议 router ID , 通告的网络 , metric值 , 
Routing Protocol is "ospf 100"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 2.2.2.2
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    2.2.2.0 0.0.0.255 area 0
    12.1.1.0 0.0.0.255 area 0
    23.1.1.0 0.0.0.255 area 0
  Routing Information Sources:
    Gateway         Distance      Last Update
    3.3.3.3              110      00:48:22
    1.1.1.1              110      00:48:22
    2.2.2.2              110      00:48:22
  Distance: (default is 110)

R1#sh ip os interface    //查看ospf协议的接口 , 
Loopback0 is up, line protocol is up 
  Internet Address 1.1.1.1/24, Area 0 
  Process ID 100, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
FastEthernet0/0 is up, line protocol is up 
  Internet Address 12.1.1.1/24, Area 0 
  Process ID 100, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State BDR, Priority 1 
  Designated Router (ID) 2.2.2.2, Interface address 12.1.1.2
  Backup Designated router (ID) 1.1.1.1, Interface address 12.1.1.1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:01
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 2.2.2.2  (Designated Router)
  Suppress hello for 0 neighbor(s)

R1#clear ip os process 
Reset ALL OSPF processes? [no]: y   //清理ospf进程 两台路由器都得清,因为邻居关系是双向的

ospf不规则区域

OSPF不规则区域解决办法

1.单点双向重分布

    R1(config)#router os 100
    R1(config-router)#no netw 13.1.1.0 0.0.0.255 a 2
    R1(config-router)#ex
    R1(config)#router os 200
    R1(config-router)#netw 13.1.1.0 0.0.0.255 a 2
    R1(config-router)#redistribute ospf 100 subnets 
    R1(config-router)#ex
    R1(config)#router os 100
    R1(config-router)#red ospf 200 subnets 

验证:

    R3#sh ip ro os 
         1.0.0.0/24 is subnetted, 1 subnets
    O E2    1.1.1.0 [110/1] via 13.1.1.1, 00:00:05, FastEthernet0/0
         2.0.0.0/32 is subnetted, 1 subnets
    O E2    2.2.2.2 [110/2] via 13.1.1.1, 00:00:05, FastEthernet0/0
         4.0.0.0/32 is subnetted, 1 subnets
    O E2    4.4.4.4 [110/3] via 13.1.1.1, 00:00:05, FastEthernet0/0
         24.0.0.0/24 is subnetted, 1 subnets
    O E2    24.1.1.0 [110/2] via 13.1.1.1, 00:00:05, FastEthernet0/0
         12.0.0.0/24 is subnetted, 1 subnets
    O E2    12.1.1.0 [110/1] via 13.1.1.1, 00:00:05, FastEthernet0/0

2.建隧道

R2(config)#int tunnel 12
R2(config-if)#ip add 21.1.1.2 255.255.255.0
R2(config-if)#tunnel source loopback 0
R2(config-if)#tunnel destination 1.1.1.1
R2(config-if)#ex
R2(config)#router os 100
R2(config-router)#netw 21.1.1.0 0.0.0.255 a 0

R1(config)#int tun 12
R1(config-if)#ip add 21.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#tunnel source loopback 0
R1(config-if)#tunnel des 2.2.2.2
R1(config-if)#end
R1(config)#router os 100
R1(config-router)#netw 21.1.1.0 0.0.0.255 a 0

验证:

R3#sh ip ro os 
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/2] via 13.1.1.1, 00:18:58, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/3] via 13.1.1.1, 00:18:58, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/11114] via 13.1.1.1, 00:18:49, FastEthernet0/0
     21.0.0.0/24 is subnetted, 1 subnets
O IA    21.1.1.0 [110/11112] via 13.1.1.1, 00:18:58, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
O IA    24.1.1.0 [110/11113] via 13.1.1.1, 00:18:49, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
O IA    12.1.1.0 [110/2] via 13.1.1.1, 00:18:58, FastEthernet0/0

3.虚链路

R1(config)#router os 100
R1(config-router)#area 1 virtual-link 2.2.2.2 

R2(config)#router os 100 
R2(config-router)#area 1 virtual-link 1.1.1.1

验证:

R3#sh ip ro os 
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/2] via 13.1.1.1, 00:00:24, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/3] via 13.1.1.1, 00:00:24, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 13.1.1.1, 00:00:05, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
O IA    24.1.1.0 [110/3] via 13.1.1.1, 00:00:04, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
O IA    12.1.1.0 [110/2] via 13.1.1.1, 00:00:24, FastEthernet0/0

ACL.png

ACL应用 2019/1/3 19:02

时间列表

1.先统一时间,设置R2为ntp服务器,并把每个路由器的时区改为东八区

R1(config)#clock timezone GMT + 8
R2(config)#clock timezone GMT + 8
R3(config)#clock timezone GMT + 8

R2(config)#ntp master
R1(config)#ntp server
R3(config)#ntp server

验证:
R2#sh clock
19:06:53.383 GMT Thu Jan 3 2019

2.在R1上做时间控制列表,用R3的回环口去pingR2的回环口
R1(config)#time-range xgl
R1(config-time-range)#absolute start 18:38 3 jan 2019 end 18:40 3 jan 2019 
R1(config)#access-list 100 deny icmp host 3.3.3.3 host 2.2.2.2 echo time-range xgl
R1(config)#int f1/0
R1(config-if)#ip access-group 100 in 

验证:
R3#ping 2.2.2.2 source 3.3.3.3 repeat 1000000000    //Ctrl + Shift + 6 终止
Type escape sequence to abort.
Sending 1000000000, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!UUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Tags: CCNP
最后编辑于: January 3, 2019 19:14
Archives Tip
QR Code for this page
Tipping QR Code
Leave a Comment

已有 1 条评论
  1. 一个人的战场.@(真棒)