1、Router#config Router_config#hostname RBRB_config#int gigaEthernet 0/3RB_config_g0/3#ip address 192.168.1.2 255.255.255.0RB_config_g0/3#no shutdown RB_config_g0/3#exitRB_config#int fastEthernet 0/0RB_config_f0/0#ip address 192.168.2.2 255.255.255.0RB_config_f0/0#no shutdown RB_config_f0/0#exit在RSW1上配
2、置基础信息DCRS-5650-28(R4)DCRS-5650-28(R4)#config /进入配置模式DCRS-5650-28(R4)(config)#hostname RSW1 /更改设备名称RSW1(config)#vlan 100 /创建vlan100RSW1(config-vlan100)#exit /退出RSW1(config)#int ethernet 1/0/1 /进入端口RSW1(config-if-ethernet1/0/1)#switchport access vlan 100Set the port Ethernet1/0/1 access vlan 100 succe
3、ssfully【将该端口填加到vlan100】RSW1(config-if-ethernet1/0/1)#exit /退出RSW1(config)#interface vlan 100 /进入vlan100RSW1(config-if-vlan100)#ip address 192.168.0.1 255.255.255.0RSW1(config-if-vlan100)#exit /退出RSW1(config)#exitRSW1#RSW1#ping 192.168.0.2Type c to abort.Sending 5 56-byte ICMP Echos to 192.168.0.2, t
4、imeout is 2 seconds.!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/16 ms这时候测试一下,ping路由器连接交换机的口的IP地址,肯定能ping通,ping不通就代表你配置错了,或者没插线,或者网线坏了enable DCRS-5650-28(R4)#config DCRS-5650-28(R4)(config)#hostname RSW2RSW2(config)#vlan 200RSW2(config-vlan200)#exitRSW2(config)#int ethernet 1/0/1
5、RSW2(config-if-ethernet1/0/1)#switchport access vl 200Set the port Ethernet1/0/1 access vlan 200 successfullyRSW2(config-if-ethernet1/0/1)#exitRSW2(config)#interface vlan 200RSW2(config-if-vlan200)#ip address 192.168.2.1 255.255.255.0RSW2(config-if-vlan200)#exitRSW2(config)#exitRSW2#ping 192.168.2.2
6、Sending 5 56-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds.设置RIP动态路由RSW2(config)#router rip /启用RIP协议 RSW2(config-router)#ver 2 /版本号为ver2RSW2(config-router)#show ip route /查看路由表Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external
7、 type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultC 127.0.0.0/8 is directly connected, Loopback tag:C 192.168.2.0/24 is directly connected, Vlan200 tag:Total route
8、s are : 2 item(s)RSW2(config-router)#network 192.168.2.0/24 /宣告网段RSW2(config-router)#exit /退出在RB上配置RIP动态路由RB_config#router ripRB_config_rip#ver 2RB_config_rip#show ip route C - connected, S - static, R - RIP, B - BGP, BC - BGP connected D - BEIGRP, DEX - external BEIGRP, O - OSPF, OIA - OSPF inter a
9、rea ON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2 OE1 - OSPF external type 1, OE2 - OSPF external type 2 DHCP - DHCP type, L1 - IS-IS level-1, L2 - IS-IS level-2VRF ID: 0C 192.168.1.0/24 is directly connected, GigaEthernet0/3C 192.168.2.0/24 is directly connected, FastEthernet0/0R
10、B_config_rip#network 192.168.1.0 255.255.255.0RB_config_rip#network 192.168.2.0 255.255.255.0RB_config_rip#exit在RA上配置动态路由RA_config#router ripRA_config_rip#ver 2RA_config_rip#show ip routeC 192.168.0.0/24 is directly connected, FastEthernet0/0RA_config_rip#network 192.168.0.0 255.255.255.0RA_config_r
11、ip#network 192.168.1.0 255.255.255.0RA_config_rip#exit在RSW1上配置RIP动态路由RSW1(config)#router ripRSW1(config-router)#ver 2RSW1(config-router)#show ip routeC 192.168.0.0/24 is directly connected, Vlan100 tag:RSW1(config-router)#network 192.168.0.0/24RSW1(config-router)#exit下面测试,由RSW1pingRSW2,能ping通代表路由成功了
12、RSW1#ping 192.168.2.1Sending 5 56-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds.Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms下面先来做RIP的文明,本端打上认证而对端没打上,路由过不来,ping不通,就代表认证生效了,ping通就代表失败之后把对端认证也打上,能ping通就代表做成了RSW1(config)#interface vlan 100 /先进入需要认证的vlan里面RSW1(config-if-vla
13、n100)#ip rip authentication mode text 【敲上明文认证】RSW1(config-if-vlan100)#ip rip authentication string luyou【设置秘钥,对端要和这个一样】.Success rate is 0 percent (0/5), round-trip min/avg/max = 0/0/0 ms一开始ping是通的,是因为还没有生效,大家多等会就可以,等个一两分钟足够了,也可以一直尝试,也可以把接口给shutdown再no shutdown下面做RA,RB,RSW2的明文认证RA_config#interface gi
14、gaEthernet 0/3RA_config_g0/3#ip rip authentication simple /选择明文认证RA_config_g0/3#ip rip password luyou /秘钥要一致RA_config#int fastEthernet 0/0RA_config_f0/0#ip rip authentication simpleRA_config_f0/0#ip rip password luyouRA_config_f0/0#exitRB_config_g0/3#ip rip authentication simple RB_config_g0/3#ip ri
15、p password luyouRB_config#interface fastEthernet 0/0RB_config_f0/0#ip rip authentication simpleRB_config_f0/0#ip rip password luyouRSW2(config-if-vlan200)#ip rip authentication mode text RSW2(config-if-vlan200)#ip rip authentication string luyou下面ping RSW1应该是通的,然后RSW1再ping RSW2RSW2#ping 192.168.0.1S
16、ending 5 56-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds.证明明文认证成功了,下面做MD5认证,大家做的时候要删档,或者把明文认证NO掉,这里我就不写上了.下面做RSW1的MD5认证RSW1(config)#key chain 1 /建立钥匙环RSW1(config-keychain)#key 1 /创建一把钥匙RSW1(config-keychain-key)#key-string luyou /创建秘钥RSW1(config-keychain-key)#end /退出RSW1(config)#interface vla
17、n 100 /进入vlanRSW1(config-if-vlan100)#ip rip authentication mode md5 【设置MD5认证】RSW1(config-if-vlan100)#ip rip authentication key-chain 1 【把配置模式下创建的钥匙环匹配到这里】 RSW1(config-if-vlan100)#exit之后ping RSW2应该是不通的,因为路由器和RSW2都没有做MD5认证下面做RA,RB,RSW2的MD5认证RA_config_g0/3#ip rip authentication md5 /开启MD5认证RA_config_g0
18、/3#ip rip md5-key 1 md5 luyou【跟交换机相对应的钥匙环【1】和秘钥RA_config#interface fastEthernet 0/0RA_config_f0/0#ip rip authentication md5 RA_config_f0/0#ip rip md5-key 1 md5 luyouRB_config#interface gigaEthernet 0/3RB_config_g0/3#ip rip authentication md5 RB_config_g0/3#ip rip md5-key 1 md5 luyouRB_config_f0/0#ip
19、 rip authentication md5 RB_config_f0/0#ip rip md5-key 1 md5 luyouRSW2(config)#key chain 1RSW2(config-keychain)#key 1RSW2(config-keychain-key)#key-string luyouRSW2(config-keychain-key)#endRSW2(config-if-vlan200)#ip rip authentication mode md5 RSW2(config-if-vlan200)#ip rip authentication key-chain 1 下面ping RSW1应该是通的之后从RSW1 ping RSW2以上就是路由器和交换机的RIP动态路由的MD5认证和明文认证 逍遙提供【仅供参考】
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1