Lokve博客 
介绍
RIPv2(Routing Information Protocol version 2)是基于距离向量算法的动态路由协议,采用UDP端口520进行通信,通过组播地址224.0.0.9发送更新报文。该协议以跳数为路径选择指标,最大有效值为15,通过30秒定期更新和180秒失效检测机制维护路由表,240秒后删除无效条目。
实验拓扑
RIPv2基础命令
启用RIP进程
system-view
rip 1 # 创建进程ID=1
version 2 # 指定RIPv2
宣告直连网段
network 192.168.1.0 # 宣告R1的直连网段
network 10.0.0.0 # 宣告R1-R2间网段关闭自动汇总(关键)
undo summary # 避免子网信息丢失
RIPv2高级命令
接口级优化
interface GigabitEthernet0/0/0
rip metricin 2 # 修改入站度量值
rip split-horizon # 启用水平分割路由过滤
acl 2000 # 创建ACL
rule deny source 192.168.2.0 0.0.0.255
rip filter-policy 2000 export # 禁止发布特定网段
实验配置
SW1配置 - VLAN放行
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn
[Huawei]sysname SW1
[SW1]un in en
Info: Information center is disabled.
[SW1]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/1]q
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]q
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 20
[SW1-GigabitEthernet0/0/3]q
AR1配置 - 单臂路由配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]un in en
Info: Information center is disabled.
[AR1]int g0/0/1.10
[AR1-GigabitEthernet0/0/1.10]dot1q termination vid 10 # 配置子接口对VLAN 10的802.1Q标签
[AR1-GigabitEthernet0/0/1.10]ip address 172.16.10.1 24
[AR1-GigabitEthernet0/0/1.10]arp broadcast enable 启用子接口的ARP广播功能
[AR1-GigabitEthernet0/0/1.10]q
[AR1]int g0/0/1.20
[AR1-GigabitEthernet0/0/1.20]dot1q termination vid 20 # 配置子接口对VLAN 20的802.1Q标签
[AR1-GigabitEthernet0/0/1.20]ip address 172.16.20.1 24
[AR1-GigabitEthernet0/0/1.20]arp broadcast enable 启用子接口的ARP广播功能
[AR1-GigabitEthernet0/0/1.20]qAR1配置 - DHCP全局地址池配置
[AR1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR1]ip pool vlan10
Info: It's successful to create an IP address pool.
[AR1-ip-pool-vlan10]network 172.16.10.0 mask 24
[AR1-ip-pool-vlan10]gateway-list 172.16.10.1
[AR1-ip-pool-vlan10]static-bind ip-address 172.16.10.10 mac-address 5489-9897-6424 # 静态绑定
[AR1-ip-pool-vlan10]dis th
[V200R003C00]
#
ip pool vlan10
gateway-list 172.16.10.1
network 172.16.10.0 mask 255.255.255.0
static-bind ip-address 172.16.10.10 mac-address 5489-9854-3df0
#
return
[AR1-ip-pool-vlan10]q
[AR1]ip pool vlan20
Info: It's successful to create an IP address pool.
[AR1-ip-pool-vlan20]network 172.16.20.0 mask 24
[AR1-ip-pool-vlan20]gateway-list 172.16.20.1
[AR1-ip-pool-vlan20]q
[AR1]int g0/0/1.10
[AR1-GigabitEthernet0/0/1.10]dhcp select global 配置子接口10使用全局DHCP地址池
[AR1-GigabitEthernet0/0/1.10]q
[AR1]int g0/0/1.20
[AR1-GigabitEthernet0/0/1.20]dhcp select global 配置子接口20使用全局DHCP地址池
[AR1-GigabitEthernet0/0/1.20]qAR1配置 - RIP配置并查看路由表
[AR1]rip 1
[AR1-rip-1]version 2
[AR1-rip-1]network 172.16.0.0
[AR1-rip-1]netw
[AR1-rip-1]network 192.168.30.0
[AR1-rip-1]
[AR1-rip-1]dis th
[V200R003C00]
#
rip 1
version 2
network 172.16.0.0
network 192.168.30.0
#
return
[AR1-rip-1]q
[AR1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.10.0/24 Direct 0 0 D 172.16.10.1 GigabitEthernet
0/0/1.10
172.16.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.10
172.16.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.10
172.16.20.0/24 Direct 0 0 D 172.16.20.1 GigabitEthernet
0/0/1.20
172.16.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.20
172.16.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.20
192.168.10.0/24 RIP 100 1 D 192.168.30.2 GigabitEthernet
0/0/2
192.168.20.0/24 RIP 100 1 D 192.168.30.2 GigabitEthernet
0/0/2
192.168.30.0/24 Direct 0 0 D 192.168.30.1 GigabitEthernet
0/0/2
192.168.30.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
SW2配置 - 三层IP地址配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname SW2
[SW2]v b 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]int Vlanif 10
[SW2-Vlanif10]ip address 192.168.10.1 24
[SW2-Vlanif10]q
[SW2]int Vlanif 20
[SW2-Vlanif20]ip address 192.168.20.1 24
[SW2-Vlanif20]q
[SW2]int Vlanif 30
[SW2-Vlanif30]ip address 192.168.30.2 24
[SW2-Vlanif30]q
[SW2]ip pool vlan10
Info:It's successful to create an IP address pool.
[SW2-ip-pool-vlan10]network 192.168.10.0 mask 24
[SW2-ip-pool-vlan10]gateway-list 192.168.10.1
[SW2-ip-pool-vlan10]q
[SW2]ip pool vlan20
Info:It's successful to create an IP address pool.
[SW2-ip-pool-vlan20]network 192.168.20.0 mask 24
[SW2-ip-pool-vlan20]gateway-list 192.168.20.1
[SW2-ip-pool-vlan20]static-bind ip-address 192.168.20.20 mac-address 5489-98D7
-559F
[SW2-ip-pool-vlan20]q
SW2配置 - VLAN放行
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 30
[SW2-GigabitEthernet0/0/1]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 10
[SW2-GigabitEthernet0/0/2]q
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 20
[SW2-GigabitEthernet0/0/3]dis th
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
return
[SW2-GigabitEthernet0/0/3]q
SW2配置 - DHCP+RIP配置
[SW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW2]int Vlanif 10
[SW2-Vlanif10]dhcp select global
[SW2-Vlanif10]q
[SW2]int Vlanif 20
[SW2-Vlanif20]dhcp select global
[SW2-Vlanif20]q
[SW2]rip 1
[SW2-rip-1]version 2
[SW2-rip-1]network 192.168.10.0
[SW2-rip-1]network 192.168.20.0
[SW2-rip-1]network 192.168.30.0
[SW2-rip-1]q
[SW2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.10.0/24 RIP 100 1 D 192.168.30.1 Vlanif30
172.16.20.0/24 RIP 100 1 D 192.168.30.1 Vlanif30
192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif10
192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vlanif20
192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.30.0/24 Direct 0 0 D 192.168.30.2 Vlanif30
192.168.30.2/32 Direct 0 0 D 127.0.0.1 Vlanif30
SW2配置 - ACL放行策略
[SW2]acl 3000
[SW2-acl-adv-3000]rule 5 deny ip source 172.16.10.0 0.0.0.255 destination 192.16
8.20.0 0.0.0.255
[SW2-acl-adv-3000]dis th
#
acl number 3000
rule 5 deny ip source 172.16.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
#
return
[SW2-acl-adv-3000]q
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[SW2-GigabitEthernet0/0/1]q
[SW2]dis acl all
Total nonempty ACL number is 1
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 5 deny ip source 172.16.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
实验结果
测试PC1是否获取到静态绑定的IP
测试PC1是否与PC2互通
测试PC4是否获取到静态绑定的IP
测试PC3是否与PC4互通
在配置动态路由协议RIPv2前,测试area1是否可以跨区域与area2互通
在配置动态路由协议RIPv2后,测试area1是否可以跨区域与area2互通
在配置高级ACL访问控制列表后(拒绝网段172.16.10.0/24去访问网址192.168.20.0/24)
ensp RIPv2动态路由实验
