实验目的：

1、理解EIGRP的认证过程。

2、掌握EIGRP的认证的配置。

实验拓扑：

 

实验步骤：

1、  配置各路由器的名称、相连接口IP地址，并且使用Ping命令确认各路由器的直连口的互通性。

R1配置：

R1(config)#int s1/1

R1(config-if)#ip add 172.16.1.1 255.255.255.252

R1(config-if)#no shut

R1(config-if)#exit

R1(config)#int loop 1

R1(config-if)#ip add 10.1.1.1 255.255.255.0

   R2类似。

2、  配置EIGRP协议，自治系统号为80。

R1(config)#router eigrp 80

R1(config-router)#network 172.16.0.0      

R1(config-router)#network 10.1.0.0

R1(config-router)#exi

R2同样地配置好。然后从R1去ping R2下带的网络110.10.1.1。

3、  查看R1、R2路由表，验证EIGRP邻居是否顺利建立。

R1路由表：

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:56, Null0

C       172.16.1.0/30 is directly connected, Serial1/1

D    110.0.0.0/8 [90/2297856] via 172.16.1.2, 00:00:21, Serial1/1

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       10.1.1.0/24 is directly connected, Loopback1

D       10.0.0.0/8 is a summary, 00:00:56, Null0

R2路由表：

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:09, Null0

C       172.16.1.0/30 is directly connected, Serial1/0

     110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       110.10.1.0/24 is directly connected, Loopback1

D       110.0.0.0/8 is a summary, 00:00:09, Null0

D    10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:00:17, Serial1/0

阴影的部分都是从对方路由器学习到的路由。

4、  下面进行EIGRP的验证配置了。

R1上配置如下：

R1#conf  t

R1(config)#key chain test  //创建名称为test的密钥钥匙链

R1(config-keychain)#key 1 //创建密钥钥匙1

R1(config-keychain-key)#key-string cisco  //配置密文为cisco

R1(config-keychain-key)#exit

R1(config-keychain)#exit

R1(config)#int s1/1

R1(config-if)#ip authentication key-chain eigrp 80 test  //在s1/1接口下为EIGRP 50启用路由认证。使用edurainbow钥匙链。

R1(config-if)#ip authentication mode eigrp 80 md5  //设置认证模式为md5加密方式。即密码在传输过程被加密。如果不使用此命令，则密码会以明文方式进行传输。

完成R1的配置后可以先使用命令clear ip route *清理一下路由，再查看R1的路由表。

R1#clear ip route *

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:02, Null0

C       172.16.1.0/30 is directly connected, Serial1/1

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       10.1.1.0/24 is directly connected, Loopback1

D       10.0.0.0/8 is a summary, 00:00:02, Null0

可以看到，已经找不到通往110.10.0.0网段的路由了。而R2的路由表的显示也一样，两个路由器都学习不到对方的路由了。

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:25, Null0

C       172.16.1.0/30 is directly connected, Serial1/0

     110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       110.10.1.0/24 is directly connected, Loopback1

D       110.0.0.0/8 is a summary, 00:00:25, Null0

其实在配置过程当中两个R1、R2路由器已经提示邻居关系发生的变化。

*Oct 15 21:40:29.975: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.2 (Serial1/1) is down: keychain changed

*Oct 15 21:43:00.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.2 (Serial1/1) is down: authentication mode changedit  //提示邻居路由认证失败

或者直接查看邻居路由表

R2的邻居路由表：

R2#sh ip eigrp 80 nei

IP-EIGRP neighbors for process 80

5、  要让R1、R2重新建立邻居关系，就必须让R1、R2建立共同的认证密钥。下面对R2进行认证配置

 R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#key chain test

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string cisco

R2(config-keychain-key)#exit

R2(config-keychain)#exit

R2(config)#int s1/0

R2(config-if)#ip authentication key-chain eigrp 80 test

R2(config-if)#ip authentication mode eigrp 80 md5

R2(config-if)#exit

当配置完R2的认证后，注意出现了邻居建立的提示信息：

*Oct 15 21:48:26.063: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 80: Neighbor 172.16.1.1 (Serial1/0) is up: new adjacency   //提示新的邻居关系已经建立

再查看下R1的邻居表

R2#sh ip eigrp 80 nei

IP-EIGRP neighbors for process 80

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

0   172.16.1.1              Se1/0             12 00:01:05   60   360  0  6

可以看到，R1、R2已经建立了邻居关系。

用clear ip route *命令同样地刷新路由表，观察R1、R2的路由表

R1：

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:03, Null0

C       172.16.1.0/30 is directly connected, Serial1/1

D    110.0.0.0/8 [90/2297856] via 172.16.1.2, 00:00:03, Serial1/1

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       10.1.1.0/24 is directly connected, Loopback1

D       10.0.0.0/8 is a summary, 00:00:03, Null0

 

R2：

R2#clear ip route *

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D       172.16.0.0/16 is a summary, 00:00:01, Null0

C       172.16.1.0/30 is directly connected, Serial1/0

     110.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       110.10.1.0/24 is directly connected, Loopback1

D       110.0.0.0/8 is a summary, 00:00:01, Null0

D    10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:00:01, Serial1/0

R1、R2已经互相之间学习到了对方的路由了。

 

本文转自 独钩寒江雪 51CTO博客，原文链接：http://blog.51cto.com/bennie/406677，如需转载请自行联系原作者