实验目的:
1、理解EIGRP的认证过程。
2、掌握EIGRP的认证的配置。
实验拓扑:
1、 配置各路由器的名称、相连接口IP地址,并且使用Ping命令确认各路由器的直连口的互通性。
R1配置:
R1(config)#int s1/1
R1(config-if)#ip add 172.16.1.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#int loop 1
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R2类似。
2、 配置EIGRP协议,自治系统号为80。
R1(config)#router eigrp 80
R1(config-router)#network 172.16.0.0
R1(config-router)#network 10.1.0.0
R1(config-router)#exi
R2同样地配置好。然后从R1去ping R2下带的网络110.10.1.1。
3、 查看R1、R2路由表,验证EIGRP邻居是否顺利建立。
R1路由表:
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:56, Null0
C 172.16.1.0/30 is directly connected, Serial1/1
D 110.0.0.0/8 [90/2297856] via 172.16.1.2, 00:00:21, Serial1/1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Loopback1
D 10.0.0.0/8 is a summary, 00:00:56, Null0
R2路由表:
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:09, Null0
C 172.16.1.0/30 is directly connected, Serial1/0
110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 110.10.1.0/24 is directly connected, Loopback1
D 110.0.0.0/8 is a summary, 00:00:09, Null0
D 10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:00:17, Serial1/0
阴影的部分都是从对方路由器学习到的路由。
4、 下面进行EIGRP的验证配置了。
R1上配置如下:
R1#conf t
R1(config)#key chain test //创建名称为test的密钥钥匙链
R1(config-keychain)#key 1 //创建密钥钥匙1
R1(config-keychain-key)#key-string cisco //配置密文为cisco
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s1/1
R1(config-if)#ip authentication key-chain eigrp 80 test //在s1/1接口下为EIGRP 50启用路由认证。使用edurainbow钥匙链。
R1(config-if)#ip authentication mode eigrp 80 md5 //设置认证模式为md5加密方式。即密码在传输过程被加密。如果不使用此命令,则密码会以明文方式进行传输。
完成R1的配置后可以先使用命令clear ip route *清理一下路由,再查看R1的路由表。
R1#clear ip route *
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:02, Null0
C 172.16.1.0/30 is directly connected, Serial1/1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Loopback1
D 10.0.0.0/8 is a summary, 00:00:02, Null0
可以看到,已经找不到通往110.10.0.0网段的路由了。而R2的路由表的显示也一样,两个路由器都学习不到对方的路由了。
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:25, Null0
C 172.16.1.0/30 is directly connected, Serial1/0
110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 110.10.1.0/24 is directly connected, Loopback1
D 110.0.0.0/8 is a summary, 00:00:25, Null0
其实在配置过程当中两个R1、R2路由器已经提示邻居关系发生的变化。
*Oct 15 21:40:29.975: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.2 (Serial1/1) is down: keychain changed
*Oct 15 21:43:00.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.2 (Serial1/1) is down: authentication mode changedit //提示邻居路由认证失败
或者直接查看邻居路由表
R2的邻居路由表:
R2#sh ip eigrp 80 nei
IP-EIGRP neighbors for process 80
5、 要让R1、R2重新建立邻居关系,就必须让R1、R2建立共同的认证密钥。下面对R2进行认证配置
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int s1/0
R2(config-if)#ip authentication key-chain eigrp 80 test
R2(config-if)#ip authentication mode eigrp 80 md5
R2(config-if)#exit
当配置完R2的认证后,注意出现了邻居建立的提示信息:
*Oct 15 21:48:26.063: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.1 (Serial1/0) is up: new adjacency //提示新的邻居关系已经建立
再查看下R1的邻居表
R2#sh ip eigrp 80 nei
IP-EIGRP neighbors for process 80
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.1.1 Se1/0 12 00:01:05 60 360 0 6
可以看到,R1、R2已经建立了邻居关系。
用clear ip route *命令同样地刷新路由表,观察R1、R2的路由表
R1:
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:03, Null0
C 172.16.1.0/30 is directly connected, Serial1/1
D 110.0.0.0/8 [90/2297856] via 172.16.1.2, 00:00:03, Serial1/1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Loopback1
D 10.0.0.0/8 is a summary, 00:00:03, Null0
R2:
R2#clear ip route *
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:01, Null0
C 172.16.1.0/30 is directly connected, Serial1/0
110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 110.10.1.0/24 is directly connected, Loopback1
D 110.0.0.0/8 is a summary, 00:00:01, Null0
D 10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:00:01, Serial1/0
R1、R2已经互相之间学习到了对方的路由了。
本文转自 独钩寒江雪 51CTO博客,原文链接:http://blog.51cto.com/bennie/406677,如需转载请自行联系原作者
