rip ospf 加密 路由圖 綜合實驗
青青版本需求
1.使用圖中的DICL號,不允許使用靜態路由,不允許有32位主機路由出現。全網全通.
2.R1的環回口一訪問R3的 Loopback 1 時,使用幀中繼線路,R1的環回口二訪問R3的 Loopback 1 時,使用以太網線路.
3.R3的以太接口通過DHCP的地址。DHCP服務器爲R2,每次獲得的地址爲相同。
4.R1、R2的串口爲PPP封裝的安全驗證,密碼爲小寫surpasslab。
5.OSPF採用安全的區域驗證,密碼爲小寫surpasslab。
6.R2、R3使用的幀中繼使用RIP的安全驗證,密碼爲大寫的SURPASSLAB。
環境:
配置如下:
在R1上
hostname R1
!
ip cef
no ip domain lookup
username R2 password 0 surpasslab
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback2
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-point
!
interface Serial0/0
ip address 170.1.12.1 255.255.255.0
encapsulation ppp
ip ospf message-digest-key 1 md5 surpasslab
clock rate 64000
ppp authentication chap
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 0 authentication message-digest
network 1.1.1.1 0.0.0.0 area 0
network 2.2.2.2 0.0.0.0 area 0
network 170.1.12.1 0.0.0.0 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
在R2上:
hostname R2
ip cef
no ip domain lookup
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 170.1.32.1
!
ip dhcp pool cisco
network 170.1.32.0 255.255.255.0
default-router 170.1.32.1
dns-server 1.1.1.1
domain-name pzh
key chain cisco
key 1
key-string SURPASSLAB
username R1 password 0 surpasslab
interface Loopback1
ip address 22.22.22.22 255.255.255.0
ip ospf network point-to-point
!
interface Serial0/0
ip address 170.1.12.2 255.255.255.0
encapsulation ppp
ip ospf message-digest-key 1 md5 surpasslab
ip policy route-map pzh
clock rate 64000
ppp authentication chap
!
interface Serial0/2
ip address 170.1.23.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain cisco
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay map ip 170.1.23.2 203 broadcast
no frame-relay inverse-arp
!
interface FastEthernet1/0
no switchport
ip address 170.1.32.1 255.255.255.0
router ospf 1
router-id 22.22.22.22
log-adjacency-changes
area 0 authentication message-digest
redistribute rip subnets
network 22.22.22.22 0.0.0.0 area 0
network 170.1.12.2 0.0.0.0 area 0
!
router rip
version 2
redistribute ospf 1 metric 1 route-map pzh
network 170.1.0.0
no auto-summary
!
access-list 1 permit 1.1.1.1
access-list 2 permit 2.2.2.2
!
route-map pzh permit 10
match ip address 1
set ip next-hop 172.1.23.2
!
route-map pzh permit 20
match ip address 2
set ip next-hop 170.1.32.2
!
line con 0
exec-timeout 0 0
logging synchronous
在R3上:
!
hostname R3
ip cef
no ip domain lookup
key chain cisco
key 1
key-string SURPASSLAB
interface Loopback1
ip address 3.3.3.3 255.255.255.0
!
interface Serial0/2
ip address 170.1.23.2 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain cisco
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay map ip 170.1.23.1 302 broadcast
no frame-relay inverse-arp
!
interface FastEthernet1/0
no switchport
ip address 170.1.32.2 255.255.255.0
router rip
version 2
network 3.0.0.0
network 170.1.0.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
實驗效果:
R1#traceroute 3.3.3.3 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 170.1.12.2 72 msec 96 msec 96 msec
2 170.1.23.2 312 msec * 264 msec
R1#traceroute 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 170.1.12.2 148 msec 96 msec 96 msec
2 170.1.32.2 168 msec * 144 msec
達到上面的要求。
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.