实验8-1:EIGRP 基本配置

实验目的
通过本实验可以掌握:
(1)在路由器上启动EIGRP 路由进程
(2)启用参与路由协议的接口,并且通告网络
(3)EIGRP 度量值的计算方法
(4)可行距离(FD)、通告距离(RD)以及可行性条件(FC)
(5)邻居表、拓扑表以及路由表的含义
(6)查看和调试EIGRP 路由协议相关信息

实验拓扑

实验11:EIGRP-LMLPHP

实验步骤
n    步骤1:配置路由器R1,R2,R3保证链路的连通
n    步骤2:配置路由器R1
R1(config)#router eigrp 90
R1(config-router)#no auto-summary
R1(config-router)#net 1.1.1.0
R1(config-router)#net 192.168.12.0
R1(config-router)#net 192.168.13.0
n    步骤3:配置路由器R2
R2(config)#router eigrp 90
R2(config-router)#no auto-summary
R1(config-router)#net 2.2.2.0
R2(config-router)#network 192.168.12.0
n    步骤4:配置路由器R3
R3(config)#router eigrp 90
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.13.0
R3(config-router)#network 3.3.3.0

// EIGRP 协议在通告网段时,如果是主类网络(即标准A、B、C 类的网络),只需输入此网络地址;如果是VLSM,则最好在网络号后面写反掩码或通配符,这样可以避免将所有的子网都加入EIGRP 进程中。反掩码是用广播地址(255.255.255.255) 减去子网掩码所得到。如掩码地址是255.255.248.0,则反掩码地址是0.0.7.255

实验调试

n    show ip route
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial1/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
C    192.168.13.0/24 is directly connected, Serial1/1
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/2297856] via 192.168.12.2, 00:00:02, Serial1/0
     3.0.0.0/24 is subnetted, 1 subnets
D       3.3.3.0 [90/2297856] via 192.168.13.3, 00:00:02, Serial1/1

以上输出表明路由器R1 通过EIGRP 学到了2 条EIGRP 路由条目,管理距离是90,注意EIGRP 协议代码用字母“D”表示,如果通过重分布方式进入EIGRP 网络的路由条目,默认管理距离为170,路由代码用“D EX”表示,也说明EIGRP 路由协议能够区分内部路由和外部路由。
对于EIGRP 度量值的计算,不妨以“D  2.2.2.0 [90/2297856] via 192.168.12.2, 00:00:02, Serial1/0”路由条目为例来说明。
Metric=[10*7/BW(min)+delay(sum)/10]*256
BW(min):所经由链路中入口带宽(单位为Kbps)的最小值
delay(sum):所经由链路中入口的延迟之和(单位为μs)
接下来看一下在路由器R1 中的“2.2.2.0”路由条目的度量值是如何计算的?
首先看带宽应该是从R2 的 Loopback0 到R1 最小的,BW(min)应该是R1 的s1/0 接口的带宽为1544kbit,而延迟是路由器R2的 Loopback0 和路由器R1的s1/0接口的延迟之和,所以最后的度量值应该是:
[[10*7/1544]+(5000+20000)/10]*256=2297856,和路由器计算的结果一致
【提示】接口的带宽和延迟可以通过“show interface ”查看

n    show ip protocols
Routing Protocol is "eigrp 90"
//AS 号码为90
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  // 显示计算度量值所用的K 值
  EIGRP maximum hopcount 100
  //EIGRP 支持的最大跳数
  EIGRP maximum metric variance 1
  // variance 值默认为1,即默认时只支持等价路径的负载均衡
  Redistributing: eigrp 90
  EIGRP NSF-aware route hold timer is 240s
  //不间断转发的持续时间
  Automatic network summarization is not in effect
  //显示自动汇总已经关闭,默认自动汇总是开启的
  Maximum path: 4
  Routing for Networks:
   1.0.0.0
    192.168.12.0
    192.168.13.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    192.168.13.3          90      00:30:55
    192.168.12.2          90      00:30:55
  Distance: internal 90 external 170

n    show ip eigrp neighbors
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 90
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   192.168.13.3            Se1/1             14 00:44:30   63     378   0   6
0   192.168.12.2            Se1/0             12 00:45:43   72      432  0  7
以上输出各字段的含义如下:
① H: 表示与邻居建立会话的顺序;
② Address: 邻居路由器的接口地址;
③ Interface: 本地到邻居路由器的接口;
④ Hold: 认为邻居关系不存在所能等待的最大时间;
⑤ Uptime: 从邻居关系建立到目前的时间;
⑥ SRTT: 是向邻居路由器发送一个数据包以及本路由器收到确认包的时间;
⑦ RTO: 路由器在重新传输包之前等待ACK 的时间;
⑧ Q Cnt: 等待发送的队列;
⑨ Seq Num: 从邻居收到的发送数据包的序列号。

n    show ip eigrp topology
R1#show ip eig topo

IP-EIGRP Topology Table for AS(90)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.0/24, 1 successors, FD is 128256
        via Connected, Loopback0
P 2.2.2.0/24, 1 successors, FD is 2297856
        via 192.168.12.2 (2297856/128256), Serial1/0
P 3.3.3.0/24, 1 successors, FD is 2297856
        via 192.168.13.3 (2297856/128256), Serial1/1
P 192.168.12.0/24, 1 successors, FD is 2169856
        via Connected, Serial1/0
P 192.168.13.0/24, 1 successors, FD is 2169856
        via Connected, Serial1/1

以上输出可以清楚地看到每条路由条目的FD 和AD 的值。而拓扑结构数据库中状态代码最常见的是“P”,“A”和“s”,含义如下:
① P: 代表passive,表示网络处于收敛的稳定状态;
② A: 代表active,当前网络不可用,正处于发送查询状态;
③ s:在3分钟内,如果被查询的路由没有收到回应,查询的路由就被置为“stuck inactive”状态。

n    show ip eigrp interfaces
R1#show ip eig interfaces
IP-EIGRP interfaces for process 90

Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Lo0                0        0/0         0       0/1            0           0
Se1/0              1        0/0        72       0/15         295           0
Se1/1              1        0/0        63       0/15         271           0
以上输出各字段的含义如下:
① Interface:运行EIGRP 协议的接口;
② Peers:该接口的邻居的个数;
③ Xmit Queue Un/Reliable:在不可靠/可靠队列中存留的数据包的数量;
④ Mean SRTT:平均的往返时间,单位是秒;
⑤ Pacing Time Un/Reliable:用来确定不可靠/可靠队列中数据包被送出接口的时间间隔;
⑥ Multicast Flow Timer:组播数据包被发送前最长的等待时间;
⑦ Pending Routes:在传送队列中等待被发送的数据包携带的路由条目。

n    show ip eigrp traffic
R1#show ip eigrp traffic
 
IP-EIGRP Traffic Statistics for AS 90
  Hellos sent/received: 2266/2229
  Updates sent/received: 12/8
  Queries sent/received: 1/1
  Replies sent/received: 1/1
  Acks sent/received: 4/7
  Input queue high water mark 2, 0 drops
  SIA-Queries sent/received: 0/0
  SIA-Replies sent/received: 0/0
  Hello Process ID: 113
  PDM Process ID: 112
//以上输出显示了EIGRP 发送和接收到的数据包的统计情况。
n    debug eigrp neighbors
//该命令可以动态查看EIGRP 邻居关系的情况。在路由器R2 先将s1/0接口shutdown掉,然后再no shutdown,可以看到EIGRP 邻居建立的过程。
R2#debug eigrp neighbors
EIGRP Neighbors debugging is on
*Feb 10 02:59:31.199: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
*Feb 10 02:59:31.199: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (Serial1/0) is down: interface down
*Feb 10 02:59:31.199: Going down: Peer 192.168.12.2 total=1 stub 0 template=1, iidb-stub=0  iid-all=0
*Feb 10 02:59:31.199: EIGRP: Neighbor 192.168.12.2 went down on Serial1/0
*Feb 10 02:59:32.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed  state to down
*Feb 10 02:59:48.199: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
*Feb 10 02:59:49.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
*Feb 10 02:59:49.687: EIGRP: New peer 192.168.12.2 total=2 stub 0 template=1 idbstub=0
iidball=1
*Feb 10 02:59:49.687: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (Serial1/0) is up: new adjacency

n     debug eigrp packets      //该命令显示EIGRP 发送和接收的数据包。
R1#debug eigrp packets
EIGRP Packets debugging is on
    (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
*Mar  1 01:11:04.251: EIGRP: Sending HELLO on Loopback0
*Mar  1 01:11:04.255:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar  1 01:11:04.259: EIGRP: Received HELLO on Loopback0 nbr 1.1.1.1
*Mar  1 01:11:04.263:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0
*Mar  1 01:11:04.263: EIGRP: Packet from ourselves ignored
*Mar  1 01:11:05.295: EIGRP: Received HELLO on Serial1/0 nbr 192.168.12.2
*Mar  1 01:11:05.299:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
*Mar  1 01:11:06.079: EIGRP: Sending HELLO on Serial1/1
*Mar  1 01:11:06.079:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar  1 01:11:07.127: EIGRP: Sending HELLO on Serial1/0
*Mar  1 01:11:07.127:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar  1 01:11:08.143: EIGRP: Received HELLO on Serial1/1 nbr 192.168.13.3
*Mar  1 01:11:08.147:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
以上输出显示R1发送和接收的EIGRP 数据包,由于当前网络是收敛的,所以只有HELLO数据包发送和接收的报告。

实验8-3: EIGRP 负载均衡

实验目的
通过本实验可以掌握:

(1)EIGRP 等价负载均衡的实现方法
(2)EIGRP 非等价负载均衡的实现方法
(3)修改EIGRP 度量值的方法
(4)可行距离(FD)、通告距离(RD)以及可行性条件(FC)的深层含义

实验拓扑

实验11:EIGRP-LMLPHP

实验步骤
n    步骤1:配置路由器R1
R1(config)#router eigrp 90
R1(config-router)#no auto-summary
R1(config-router)#network 12.1.1.1 0.0.0.0
R1(config-router)#network 13.1.1.1 0.0.0.0
R1(config-router)#network 1.1.1.1 0.0.0.0

n    步骤2:配置路由器R2
R2(config)#router eigrp 90
R2(config-router)#no auto-summary
R2(config-router)#network 12.1.1.2 0.0.0.0
R2(config-router)#network 2.2.2.2 0.0.0.0
n    步骤3:配置路由器R3
R3(config)#router eigrp 90
R3(config-router)#no auto-summary
R3(config-router)#network 13.1.1.3 0.0.0.0
R3(config-router)#network 3.3.3.3 0.0.0.0

实验调试
(1)按照上面的配置,在R2的topology
n    R2#show ip eigrp topo
IP-EIGRP Topology Table for AS(90)/ID(2.2.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.0/24, 1 successors, FD is 2297856
        via 12.1.1.1 (2297856/128256), Serial1/0
P 2.2.2.0/24, 1 successors, FD is 128256
        via Connected, Loopback0
P 3.3.3.0/24, 1 successors, FD is 156160
        via 23.1.1.3 (156160/128256), FastEthernet0/0
P 12.1.1.0/24, 1 successors, FD is 2169856
        via Connected, Serial1/0
P 13.1.1.0/24, 1 successors, FD is 2172416
        via 23.1.1.3 (2172416/2169856), FastEthernet0/0
        via 12.1.1.1 (2681856/2169856), Serial1/0
P 23.1.1.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0

n    R2#show ip eigrp topology all-links
IP-EIGRP Topology Table for AS(90)/ID(2.2.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.0/24, 1 successors, FD is 2297856, serno 9
        via 12.1.1.1 (2297856/128256), Serial1/0
        via 23.1.1.3 (2300416/2297856), FastEthernet0/0
P 2.2.2.0/24, 1 successors, FD is 128256, serno 2
        via Connected, Loopback0
P 3.3.3.0/24, 1 successors, FD is 156160, serno 13
        via 23.1.1.3 (156160/128256), FastEthernet0/0
        via 12.1.1.1 (2809856/2297856), Serial1/0
P 12.1.1.0/24, 1 successors, FD is 2169856, serno 3
        via Connected, Serial1/0
P 13.1.1.0/24, 1 successors, FD is 2172416, serno 14
        via 23.1.1.3 (2172416/2169856), FastEthernet0/0
        via 12.1.1.1 (2681856/2169856), Serial1/0
P 23.1.1.0/24, 1 successors, FD is 28160, serno 12
        via Connected, FastEthernet0/0
对比上面的输出中可以看到, 通常情况下拓补表里只能看到S路由和FS路由(满足FC条件),而要查看所有路径信息,需要使用all-link

【术语】
后继:是一个直接连接的邻居路由器,通过它到达目的网络的路由最优;
可行后继:是一个邻居路由器,但是通过它到达目的地的度量值比其它路由器高,但它的通告距离小于通过后继路由器到达目的网络的可行距离,因而被保存在拓扑表中,用做备份路由。

( 2 )  通过适当的配置,使得在路由器R2上看13.1.1.0路由条目为等价路由,从而实现等价负载均衡。根据前面讲的EIGRP 度量值的计算公式,这两条路径的最小带宽是相同的,只要它们的延迟之和相同,就是等价路由,为此,在路由器R4 上做如下的配置:
R2(config)#interface f 0/0
R2(config-if)#delay 2000    //单位是10us

n    R2#sh ip eig topo
IP-EIGRP Topology Table for AS(90)/ID(4.4.4.4)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 13.1.1.0/24, 2 successors, FD is 2172416
        via 12.1.1.1 (2681856/2169856), Serial1/0
        via 23.1.1.3 (2681856/2169856), FastEthernet0/0
以上输出表明路由条目“13.1.1.0”确实有两条等价路径,表明EIGRP 是支持等价负载均衡的。

(3) 使用offset-list调整相关路由的Metric值,实现等价路由
R2(config)#access-list 1 permit 13.1.1.0
R2(config)#router eigrp 90
R2(config-router)#offset-list 1 in 509440 f0/0

n    R2#sh ip eig topo detail-links
IP-EIGRP Topology Table for AS(90)/ID(4.4.4.4)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 13.1.1.0/24, 2 successors, FD is 2681856
        via 12.1.1.1 (2681856/2169856), Serial1/0
        via 23.1.1.3 (2681856/2679296), FastEthernet0/0

( 4 )  通过 “variance”命令来研究EIGRP 的非等价负载均衡。对于“13.1.1.0”路由条目,在路由器R4的拓扑结构数据库中存在如下的记录:
D       13.1.1.0 [90/2172416] via 23.1.1.3, 00:00:06, FastEthernet0/0
                 [90/2681856] via 12.1.1.1, 00:00:06, Serial1/0
现在只需要在R2 的路由器上调整variance 的值,使得这两条路径在路由表中都可见和可用,R2 上的配置如下:
R2(config)#router eigrp 90
R2(config-router)#variance 2
在R2 上查看路由表:
R2#show ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
D       1.1.1.0 [90/2297856] via 12.1.1.1, 00:00:06, Serial1/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     3.0.0.0/24 is subnetted, 1 subnets
D       3.3.3.0 [90/156160] via 23.1.1.3, 00:00:06, FastEthernet0/0
     23.0.0.0/24 is subnetted, 1 subnets
C       23.1.1.0 is directly connected, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial1/0
     13.0.0.0/24 is subnetted, 1 subnets
D       13.1.1.0 [90/2172416] via 23.1.1.3, 00:00:06, FastEthernet0/0
                 [90/2681856] via 12.1.1.1, 00:00:06, Serial1/0
以上输出表明路由条目“13.1.1.0”有两条路径可达,但是它们的度量值不同,这就是所说的非等价路由,从而证明EIGRP 是支持非等价负载均衡的。

【技术要点】
EIGRP 非等价负载均衡是通过“variance”命令实现的, “variance”默认是1(即代表等价路径的负载均衡), variance 值的范围是1-128.这个参数代表了可以接受的不等价路径的度量值的倍数,在这个范围内的链路都将被接受,并且被放入路由表中

实验8-4: EIGRP 认证

实验目的

通过本实验可以掌握EIGRP 路由协议认证的配置和调试

实验拓扑

实验11:EIGRP-LMLPHP

实验步骤
n    步骤1:配置路由器R1,R2,R3保证链路的连通
n    步骤2:配置路由器R1
R1(config)#router eigrp 90
R1(config-router)#no auto-summary
R1(config-router)#net 1.1.1.0
R1(config-router)#net 192.168.12.0
R1(config-router)#net 192.168.13.0
R1(config)#key chain liming
R1(config-keychain)# key 1
R1(config-keychain-key)#key-string cisco
R1(config)#interface 1/0
R1(config-if)#ip authentication mode eigrp 90 md5 //认证模式为MD5
R1(config-if)#ip authentication key-chain eigrp 90 liming
//在接口上调用钥匙链
R1(config)#interface 1/1
R1(config-if)#ip authentication mode eigrp 90 md5 //认证模式为MD5
R1(config-if)#ip authentication key-chain eigrp 90 liming
 //在接口上调用钥匙链

n    步骤3:配置路由器R2
R2(config)#router eigrp 90
R2(config-router)#no auto-summary
R2(config-router)#net 2.2.2.0
R2(config-router)#network 192.168.12.0
R2(config)#key chain liming
R2(config-keychain)# key 1
R2(config-keychain-key)#key-string cisco
R2(config)#interface 1/0
R2(config-if)#ip authentication mode eigrp 90 md5 //认证模式为MD5
R2(config-if)#ip authentication key-chain eigrp 90 liming
 //在接口上调用钥匙链

n    步骤4:配置路由器R3
R3(config)#router eigrp 90
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.13.0
R3(config-router)#network 3.3.3.0
R3(config)#key chain liming
R3(config-keychain)# key 1
R3(config-keychain-key)#key-string cisco
R3(config)#interface 1/0
R3(config-if)#ip authentication mode eigrp 90 md5 //认证模式为MD5
R3(config-if)#ip authentication key-chain eigrp 90 liming
//在接口上调用钥匙链

实验调试
1)    如果链路的一端启用了认证,另外一端没有起用认证,则出现下面的提示信息
*Feb 10 05:46:11.119: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2
(Serial1/0) is down: authentication mode changed

2)    如果钥匙链的密匙不正确,则出现下面的提示信息:
*Feb 10 05:47:08.122: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1
(Serial1/0) is down: Auth failure

05-26 20:15