CCNP-EIGRP&帧中继、负载均衡、认证、stub区域
来源:互联网 发布:网络拓扑图和系统架构 编辑:程序博客网 时间:2024/04/30 22:18
by小世界
http://redcisco.blog.163.com/
实验需求:
1.保证全网互通,考察EIGRP&帧中继
Unequal-Cost Load-Balancing
2.实现负载均衡,考察EIGRP&负载均衡,理解FD、AD
Adjacency Authentication
3.R1和R2启用EIGRP-md5认证,考察EIGRP&认证
实验拓扑图:
实验步骤:
1.拓扑图基本配置
R1参考配置
interface Loopback0ip address 1.1.1.1 255.255.255.0
interface Serial0/0ip address 124.1.1.1 255.255.255.0
encapsulation frame-relay
interface Serial0/1ip address 12.1.1.1 255.255.255.0
router eigrp 100
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 124.1.1.1 0.0.0.0
no auto-summary
R2参考配置
interface Loopback0ip address 2.2.2.2 255.255.255.0
interface Serial0/0ip address 124.1.1.2 255.255.255.0
encapsulation frame-relay
interface Serial0/1ip address 12.1.1.2 255.255.255.0
router eigrp 100
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 124.1.1.2 0.0.0.0
no auto-summary
R4参考配置(路由器模拟FR交换机)
interface Serial0/0---no sh
no ip address
encapsulation frame-relay
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 102 interface Serial0/1 201
!
interface Serial0/1---no sh
no ip address
encapsulation frame-relay
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 201 interface Serial0/0 102
帧中继状态测试:
R4#show frame-relay route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 201 active
Serial0/1 201 Serial0/0 102 active
2.实现负载均衡基础测试
R1(config-if)#do show inter s0/1
Serial0/1 is up, line protocol is up
Hardware is M4T
Internet address is 12.1.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec
R1(config-if)#inter s0/1
R1(config-if)#bandwidth 64
R1(config-if)#inter s0/0
R1(config-if)#bandwidth 256
R1#show ip rou
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/10639872] via 124.1.1.2, 00:00:19, Serial0/0
124.0.0.0/24 is subnetted, 1 subnets
C 124.1.1.0 is directly connected, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/1
R2#show ip rou
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/2297856] via 124.1.1.1, 00:00:02, Serial0/0
[90/2297856] via 12.1.1.1, 00:00:02, Serial0/1
此时,(未修改R2的两个接口带宽)metric计算演示:
在R2看来,路由是有左到右的,对于路由的入方向,这样R1的两个接口没有参与metric计算
带宽是取最小值1.544M,延迟取5000+20000usec
(10000000/1544+25000/10)*256=2298031.0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
124.0.0.0/24 is subnetted, 1 subnets
C 124.1.1.0 is directly connected, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/1
//理解完FD、AD,测试完,再修改R2的两个接口的带宽
R2(config)#inter s0/0
R2(config-if)#bandwidth 256
R2(config-if)#inter s0/1
R2(config-if)#bandwidth 64
//在进行等价均衡之前的路由表和拓扑表信息:
R2#show ip ei top
P 1.1.1.0/24, 1 successors, FD is 10639872
via 124.1.1.1 (10639872/128256), Serial0/0
via 12.1.1.1 (40640000/128256), Serial0/1
R2#show ip rou
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/10639872] via 124.1.1.1, 00:03:06, Serial0/0
//等价均衡处理:
R2#conf t
R2(config)#router ei 100
R2(config-router)#variance 4
//在进行等价均衡之后的路由表
R2#show ip rou
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/10639872] via 124.1.1.1, 00:00:04, Serial0/0
[90/40640000] via 12.1.1.1, 00:00:04, Serial0/1
3.EIGRP认证实验
首先R1和R2保证key chain x 一致。
R1 key chain r1tor2-----R2 key chain r2tor1
key 1
key-string cisco123
accept-lifetime 02:30:00 May 1 2002 02:35:00 May 1 2002
send-lifetime 02:34:00 May 1 2002 02:40:00 May 1 2002
key 2
key-string cisco456
//修改时钟:
R1#clock set 02:28:00 1 May 2002
R1#
May 1 02:28:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 02:39:12 UTC Wed May 1 2002 to 02:28:00 UTC Wed May 1 2002, configured from console by console.
R1#show clock
02:29:04.987 UTC Wed May 1 2002
R1#show ip eigrp nei
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 124.1.1.2 Se0/0 141 00:03:26 102 612 0 67
0 12.1.1.2 Se0/1 13 00:04:14 87 2280 0 66
//此时邻居关系正常。
R1#clear ip eig nei
May 1 02:32:24.223: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.2 (Serial0/1) is down: manually cleared
May 1 02:32:24.231: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.2 (Serial0/0) is down: manually cleared
R1#
May 1 02:32:28.623: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.2 (Serial0/1) is up: new adjacency
R1#
May 1 02:32:36.959: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.2 (Serial0/0) is up: new adjacency
R1#
R1#show key chain
Key-chain r1tor2:
key 1 -- text "cisco123"
accept lifetime (02:30:00 UTC May 1 2002) - (02:35:00 UTC May 1 2002) [valid now]
send lifetime (02:34:00 UTC May 1 2002) - (02:40:00 UTC May 1 2002)
key 2 -- text "cisco456"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
[valid now]现在是有效的。
R1#show clock
02:34:16.019 UTC Wed May 1 2002
R1#
May 1 02:35:02.375: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.2 (Serial0/1) is down: Auth failure
R1#
May 1 02:35:18.463: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.2 (Serial0/0) is down: Auth failure
R1#
May 1 02:40:01.959: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.2 (Serial0/1) is up: new adjacency
R1#
May 1 02:40:47.431: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.2 (Serial0/0) is up: new adjacency
R1#
//再观察key chain的作用
R1#show clock
02:45:28.819 UTC Wed May 1 2002
R1#show key chain
Key-chain r1tor2:
key 1 -- text "cisco123"
accept lifetime (02:30:00 UTC May 1 2002) - (02:35:00 UTC May 1 2002)
send lifetime (02:34:00 UTC May 1 2002) - (02:40:00 UTC May 1 2002)
key 2 -- text "cisco456"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]----只有key 2 生效。
//R2同理测试
R2#
R2#clock set 02:28:00 1 May 2002
R2#
May 1 02:28:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 02:39:08 UTC Wed May 1 2002 to 02:28:00 UTC Wed May 1 2002, configured from console by console.
R2#
May 1 02:28:00.539: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is up: new adjacency
R2#show
May 1 02:28:48.035: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is up: new adjacency
R2#show ip eig nei
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 124.1.1.1 Se0/0 176 00:00:05 145 870 0 62
0 12.1.1.1 Se0/1 11 00:00:53 90 2280 0 63
R2#
May 1 02:32:22.719: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is down: Interface Goodbye received
May 1 02:32:22.731: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is down: Interface Goodbye received
R2#
May 1 02:32:27.135: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is up: new adjacency
R2#
May 1 02:32:35.555: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is up: new adjacency
R2#show key chain
Key-chain r2tor1:
key 1 -- text "cisco123"
accept lifetime (02:30:00 UTC May 1 2002) - (02:35:00 UTC May 1 2002) [valid now]
send lifetime (02:34:00 UTC May 1 2002) - (02:40:00 UTC May 1 2002)
key 2 -- text "cisco456"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
R2#show clo
R2#show clock
02:34:07.079 UTC Wed May 1 2002
R2#
May 1 02:35:00.935: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is down: Auth failure
R2#
May 1 02:35:17.039: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is down: Auth failure
R2#
May 1 02:40:00.403: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is up: new adjacency
R2#
May 1 02:40:45.847: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is up: new adjacency
R2#show clock
02:45:07.883 UTC Wed May 1 2002
R2#show key chain
Key-chain r2tor1:
key 1 -- text "cisco123"
accept lifetime (02:30:00 UTC May 1 2002) - (02:35:00 UTC May 1 2002)
send lifetime (02:34:00 UTC May 1 2002) - (02:40:00 UTC May 1 2002)
key 2 -- text "cisco456"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
4.EIGRP-stub 实验
//当R1不是eigrp stub区域时,关闭R2的环回口,测试
R2(config)#inter lo 0
R2(config-if)#sh
R2(config-if)#
May 1 03:20:02.827: EIGRP: Enqueueing QUERY on Serial0/1 iidbQ un/rely 0/1 serno 52-52
May 1 03:20:02.827: EIGRP: Enqueueing QUERY on Serial0/0 iidbQ un/rely 0/1 serno 52-52
May 1 03:20:02.831: EIGRP: Enqueueing QUERY on Serial0/1 nbr 12.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 52-52
May 1 03:20:02.831: EIGRP: Enqueueing QUERY on Serial0/0 nbr 124.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 52-52
May 1 03:20:02.835: EIGRP: Sending QUERY on Serial0/1 nbr 12.1.1.1
May 1 03:20:02.839: AS 100, Flags 0x0, Seq 145/130 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 52-52
May 1 03:20:02.839: EIGRP: Sending QUERY on Serial0/0 nbr 124.1.1.1
May 1 03:20:02.843: AS 100, Flags 0x0, Seq 146/131 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 52-52
May 1 03:20:02.963: EIGRP: received packet with MD5 authentication, key id = 2//认证内容
May 1 03:20:03.003: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:20:03.003: EIGRP: Received QUERY on Serial0/0 nbr 124.1.1.1
May 1 03:20:03.007: AS 100, Flags 0x0, Seq 133/146 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
May 1 03:20:03.067: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:20:03.067: EIGRP: Received QUERY on Serial0/1 nbr 12.1.1.1
May 1 03:20:03.067: AS 100, Flags 0x0, Seq 134/145 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
R2(config-if)#
May 1 03:20:04.807: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
May 1 03:20:05.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down
R2(config-if)#
//当R1不是eigrp stub区域时,再次开启R2的环回口,测试
R2(config-if)#no sh
R2(config-if)#
May 1 03:20:11.827: EIGRP: Enqueueing UPDATE on Serial0/1 iidbQ un/rely 0/1 serno 54-54
May 1 03:20:11.827: EIGRP: Enqueueing UPDATE on Serial0/0 iidbQ un/rely 0/1 serno 54-54
May 1 03:20:11.831: EIGRP: Enqueueing UPDATE on Serial0/1 nbr 12.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 54-54
May 1 03:20:11.831: EIGRP: Enqueueing UPDATE on Serial0/0 nbr 124.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 54-54
May 1 03:20:11.835: EIGRP: Sending UPDATE on Serial0/1 nbr 12.1.1.1
May 1 03:20:11.839: AS 100, Flags 0x0, Seq 148/134 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 54-54
May 1 03:20:11.839: EIGRP: Sending UPDATE on Serial0/0 nbr 124.1.1.1
May 1 03:20:11.843: AS 100, Flags 0x0, Seq 149/135 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 54-54
May 1 03:20:11.995: EIGRP: Received UPDATE on Serial0/1 nbr 12.1.1.1
May 1 03:20:11.995: AS 100, Flags 0x0, Seq 137/148 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
May 1 03:20:12.003: EIGRP: Received UPDATE on Serial0/0 nbr 124.1.1.1
May 1 03:20:12.003: AS 100, Flags 0x0, Seq 136/149 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
R2(config-if)#
May 1 03:20:13.795: %LINK-3-UPDOWN: Interface Loopback0, changed state to up
May 1 03:20:14.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R2(config-if)#
//现在关闭debug
R2(config-if)#
R2(config-if)#do un all
All possible debugging has been turned off
R2(config-if)#
//将R1配置为eigrp stub区域
命令配置:
R1(config)#router ei 100
R1(config-router)#eigrp stub
//当邻居关系稳定之后,继续在R2上测试
R2#
May 1 03:22:32.071: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 12.1.1.1 (Serial0/1) is up: new adjacency
May 1 03:23:13.379: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 124.1.1.1 (Serial0/0) is up: new adjacency
R2#
R2#
R2#debug eigrp packets query update
EIGRP Packets debugging is on
(UPDATE, QUERY)
R2#
R2(config)#inter lo 0
R2(config-if)#do show ip inter bri
Interface IP-Address OK? Method Status Protocol
Serial0/0 124.1.1.2 YES manual up up
Serial0/1 12.1.1.2 YES manual up up
Loopback0 2.2.2.2 YES manual up up
R2(config-if)#sh
R2(config-if)#
May 1 03:23:37.539: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:23:37.907: EIGRP: Enqueueing UPDATE on Serial0/1 iidbQ un/rely 0/1 serno 58-58
May 1 03:23:37.907: EIGRP: Enqueueing UPDATE on Serial0/0 iidbQ un/rely 0/1 serno 58-58
May 1 03:23:37.911: EIGRP: Enqueueing UPDATE on Serial0/1 nbr 12.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 58-58
May 1 03:23:37.911: EIGRP: Enqueueing UPDATE on Serial0/0 nbr 124.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 58-58
May 1 03:23:37.915: EIGRP: Sending UPDATE on Serial0/1 nbr 12.1.1.1//不再是查询包
May 1 03:23:37.919: AS 100, Flags 0x0, Seq 159/145 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 58-58
R2(config-if)#
May 1 03:23:37.919: EIGRP: Sending UPDATE on Serial0/0 nbr 124.1.1.1//不再是查询包
May 1 03:23:37.923: AS 100, Flags 0x0, Seq 160/146 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 58-58
May 1 03:23:38.127: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:23:38.131: EIGRP: Received QUERY on Serial0/1 nbr 12.1.1.1
May 1 03:23:38.131: AS 100, Flags 0x0, Seq 148/159 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
May 1 03:23:38.143: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:23:38.143: EIGRP: Received QUERY on Serial0/0 nbr 124.1.1.1
May 1 03:23:38.143: AS 100, Flags 0x0, Seq 147/160 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
//再次开启R2的环回口,测试
R2(config-if)#no sh
R2(config-if)#
May 1 03:23:46.515: EIGRP: received packet with MD5 authentication, key id = 2
May 1 03:23:46.819: EIGRP: Enqueueing UPDATE on Serial0/1 iidbQ un/rely 0/1 serno 61-61
May 1 03:23:46.819: EIGRP: Enqueueing UPDATE on Serial0/0 iidbQ un/rely 0/1 serno 61-61
May 1 03:23:46.823: EIGRP: Enqueueing UPDATE on Serial0/1 nbr 12.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 61-61
May 1 03:23:46.823: EIGRP: Enqueueing UPDATE on Serial0/0 nbr 124.1.1.1 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 61-61
May 1 03:23:46.827: EIGRP: Sending UPDATE on Serial0/1 nbr 12.1.1.1
May 1 03:23:46.827: AS 100, Flags 0x0, Seq 163/148 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 61-61
May 1 03:23:46.831: EIGRP: Sending UPDATE on Serial0/0 nbr 124.1.1.1
May 1 03:23:46.835: AS 100, Flags 0x0, Seq 164/147 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 61-61
May 1 03:23:46.979: EIGRP: Received UPDATE on Serial0/1 nbr 12.1.1.1
May 1 03:23:46.979: AS 100, Flags 0x0, Seq 149/163 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
May 1 03:23:47.043: EIGRP: Received UPDATE on Serial0/0 nbr 124.1.1.1
May 1 03:23:47.043: AS 100, Flags 0x0, Seq 150/164 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
R2(config-if)#end
R2#un all
All possible debugging has been turned off
需要参考的请仔细阅读,感谢Node实验室,感谢王老师,感谢午餐
ps:推荐阅读EIGRP
http://blog.sina.com.cn/s/blog_63efc8d70100gi7w.html
0 0
- CCNP-EIGRP&帧中继、负载均衡、认证、stub区域
- CCNP---OSPF多区域+帧中继配置
- 等价eigrp负载均衡
- EIGRP负载均衡
- EIGRP-如何验证EIGRP负载均衡?
- eigrp不等价负载均衡
- 帧中继上运行EIGRP
- CCNP-帧中继在ospf中的应用-P2P-P2MP-Virlink虚链路解决不连续区域
- EIGRP的负载均衡完全总结
- ospf eigrp重分布和负载均衡
- 基于EIGRP的不等价负载均衡
- eigrp的不等价负载均衡
- 帧中继环境下EIGRP的配置
- ccnp 路由 EIGRP
- EIGRP认证
- EIGRP认证
- 配置EIGRP等价负载均衡和非等价负…
- [Cisco-CCNP]学习EIGRP的几个概念
- 2013年下半年软考网络工程师考试下午科目第一大题分析
- CCNA(新版)-ipv6网络中启用-ospfv3路由协议配置实验
- markdown&grunt
- 什么是T1链路、E1链路?为什么T1链路是1.544M?T1&E1技术详解
- 查看 SELinux状态及关闭SELinux
- CCNP-EIGRP&帧中继、负载均衡、认证、stub区域
- CCNP-OSPF over NBMA详解图
- implicitlyWait和explicitlyWait的秘密
- CCNP-BGP选路实验,考察BGP属性:Local-prf和MED
- CCNP-EBGP环回口建立邻居之间启用IGP的效果
- CCNP-BGP选路实验,考察BGP属性:公认必选之AS-path
- java中的集合存储结构
- CCNP-BGP选路,BGP属性:公认必选之Origin、Next-hop
- CCNP-ipv6下启用ospfv3,tunnle隧道技术实现v6到v4转换