Tweet
1. Yêu cầu
Bước 1: Gán địa chỉ IP
R1:
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.1 255.255.255.248
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.13.1 255.255.255.248
no shutdown
!
end
R2:
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.2 255.255.255.248
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.2 255.255.255.248
clock rate 64000
no shutdown
!
end
R3:
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.13.3 255.255.255.248
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.3 255.255.255.248
no shutdown
!
End
Bước 2: Cấu hình EIGRP cơ bản
Trên router R1:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
no auto-summary
Trên router R2:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
no auto-summary
Trên router R3:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.3.0
no auto-summary
Kiểm tra các mối quan hệ láng giềng sử dụng lệnh “show ip eigrp neighbors”:
R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.3 Fa0/0 14 00:00:13 1276 5000 0 15
2 172.16.13.3 Se0/0/1 12 00:00:17 28 2280 0 16
1 172.16.12.2 Se0/0/0 12 00:01:57 19 2280 0 35
0 10.1.1.2 Fa0/0 14 00:02:04 89 534 0 36
R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.3 Fa0/0 11 00:00:35 3 200 0 15
2 172.16.23.3 Se0/0/1 14 00:00:38 42 2280 0 17
1 172.16.12.1 Se0/0/0 14 00:02:18 15 2280 0 36
0 10.1.1.1 Fa0/0 10 00:02:26 1 200 0 34
R3# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.2 Fa0/0 12 00:01:01 1028 5000 0 36
2 10.1.1.1 Fa0/0 12 00:01:01 4 200 0 34
1 172.16.23.2 Se0/0/1 11 00:01:03 834 5000 0 37
0 172.16.13.1 Se0/0/0 13 00:01:04 25 2280 0 35
Bước 3: Cấu hình các key xác thực
Trên router R1:
R1# conf t
R1(config)# key chain EIGRP-KEYS
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string cisco
Trên router R2:
R2# conf t
R2(config)# key chain EIGRP-KEYS
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string cisco
Trên router R3:
R3#conf t
R3(config)# key chain EIGRP-KEYS
R3(config-keychain)# key 1
R3(config-keychain-key)# key-string cisco
Bước 4: Cấu hình xác thực EIGRP trên các cổng của các router
Trên các cổng của router thực hiện cấu hình xác thực EIGRP trên các cổng chạy EIGRP sử dụng các key – chain đã cấu hình ở bước 3.
Trên router R1:
R1#conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface serial 0/0/1
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface fastethernet 0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
Trên router R2:
R2#conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface serial 0/0/1
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface fastethernet 0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
Trên router R3:
R3#conf t
R3(config)# interface serial 0/0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface serial 0/0/1
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface fastethernet 0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
Kiểm tra kết quả xác thực bằng câu lệnh “show ip eigrp interfaces detail”.
R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 3 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/14 Un/reliable ucasts: 26/21
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 3
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 4 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/28
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 5
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/22
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
R2# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/10 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/7 Un/reliable ucasts: 34/15
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/0 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 19/17
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/1 1 0/0 3 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 11/9
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 4
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
R3#show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 2 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/13 Un/reliable ucasts: 22/12
Mcast exceptions: 2 CR packets: 1 ACKs suppressed: 1
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 12/19
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 4 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/15
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 4
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Kiểm tra xác thực bằng cách sử dụng câu lệnh “debug eigrp packets”:
R1#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)
R1#
*Oct 4 16:10:51.090: EIGRP: Sending HELLO on Serial0/0/1
*Oct 4 16:10:51.090: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0
*Oct 4 16:10:51.190: EIGRP: received packet with MD5 authentication,
key id = 1
*Oct 4 16:10:51.190: EIGRP: Received HELLO on Serial0/0/1 nbr
172.16.13.3
*Oct 4 16:10:51.190: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0 peerQ un/rely 0/0
*Oct 4 16:10:51.854: EIGRP: received packet with MD5 authentication,
key id = 1
*Oct 4 16:10:51.854: EIGRP: Received HELLO on FastEthernet0/0 nbr
10.1.1.2
*Oct 4 16:10:51.854: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0 peerQ un/rely 0/0
*Oct 4 16:10:53.046: EIGRP: received packet with MD5 authentication,
key id = 1
Sử dụng lệnh “undebug all” để dừng debug. Bước 5: Thay đổi giá trị các bộ định thời hello timer và hold timer
Để xem các giá trị timer đang sử dụng, dùng lệnh “show ip eigrp interfaces detail”.
R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 1 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/20 Un/reliable ucasts: 41/27
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 3
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 17 10/380 448 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 17/37
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 6
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 11 10/380 416 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 18/31
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Giá trị mặc định của các bộ định thời hello và hold là 5s và 15s.
Thực hiện thay đổi hello timer và hold timer trên cổng S0/0/0 của R1 và R2 bằng cách sử dụng các lệnh “ip hello-interval eigrp 1 2” và “ip hold-time eigrp 1 8”.
R1# conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip hello-interval eigrp 1 2
R1(config-if)# ip hold-time eigrp 1 8
R2# conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip hello-interval eigrp 1 2
R2(config-if)# ip hold-time eigrp 1 8
Để kiểm tra sự thay đổi, sử dụng lệnh “show ip eigrp 1 interfaces detail serial 0/0/0”:
R1# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 17 10/380 448 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 17/37
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 6
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
R2# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 26 10/380 472 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 27/25
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Xem giá trị hold time đã được thay đổi bằng cách sử dụng lệnh “show ip eigrp neighbors”:
R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.13.3 Se0/0/1 11 01:18:21 11 2280 0 85
2 10.1.1.3 Fa0/0 13 01:18:24 1 200 0 84
1 10.1.1.2 Fa0/0 12 01:23:31 1 200 0 74
0 172.16.12.2 Se0/0/0 6 01:23:39 17 2280 0 73
R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.23.3 Se0/0/1 13 01:20:38 16 2280 0 83
2 10.1.1.3 Fa0/0 14 01:20:38 1 200 0 81
1 10.1.1.1 Fa0/0 13 01:25:45 1 200 0 109
0 172.16.12.1 Se0/0/0 6 01:25:53 26 2280 0 110
Cấu hình tương tự trên các cổng serial còn lại:
R1#conf t
R1(config)#interface serial 0/0/1
R1(config-if)#ip hello-interval eigrp 1 2
R1(config-if)#ip hold-time eigrp 1 8
R2#conf t
R2(config)#interface serial 0/0/1
R2(config-if)#ip hello-interval eigrp 1 2
R2(config-if)#ip hold-time eigrp 1 8
R3#conf t
R3(config)#interface serial 0/0/0
R3(config-if)#ip hello-interval eigrp 1 2
R3(config-if)#ip hold-time eigrp 1 8
R3(config-if)#interface serial 0/0/1
R3(config-if)#ip hello-interval eigrp 1 2
R3(config-if)#ip hold-time eigrp 1 8 3. Cấu hình cuối cùng
R1#show run
Building configuration...
hostname R1
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.13.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
no auto-summary
!
end
R2#show run
Building configuration...
!
hostname R2
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
no auto-summary
!
end
R3#show run
Building configuration...
!
hostname R3
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.13.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.3.0
no auto-summary
!
End
- Cấu hình cơ bản EIGRP.
- Cấu hình và kiểm tra các thông số xác thực EIGRP.
- Cấu hình EIGRP hello interval và hold time.
- Kiểm tra hello.
Bước 1: Gán địa chỉ IP
R1:
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.1 255.255.255.248
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.13.1 255.255.255.248
no shutdown
!
end
R2:
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.2 255.255.255.248
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.2 255.255.255.248
clock rate 64000
no shutdown
!
end
R3:
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.13.3 255.255.255.248
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.3 255.255.255.248
no shutdown
!
End
Bước 2: Cấu hình EIGRP cơ bản
Trên router R1:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
no auto-summary
Trên router R2:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
no auto-summary
Trên router R3:
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.3.0
no auto-summary
Kiểm tra các mối quan hệ láng giềng sử dụng lệnh “show ip eigrp neighbors”:
R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.3 Fa0/0 14 00:00:13 1276 5000 0 15
2 172.16.13.3 Se0/0/1 12 00:00:17 28 2280 0 16
1 172.16.12.2 Se0/0/0 12 00:01:57 19 2280 0 35
0 10.1.1.2 Fa0/0 14 00:02:04 89 534 0 36
R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.3 Fa0/0 11 00:00:35 3 200 0 15
2 172.16.23.3 Se0/0/1 14 00:00:38 42 2280 0 17
1 172.16.12.1 Se0/0/0 14 00:02:18 15 2280 0 36
0 10.1.1.1 Fa0/0 10 00:02:26 1 200 0 34
R3# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.2 Fa0/0 12 00:01:01 1028 5000 0 36
2 10.1.1.1 Fa0/0 12 00:01:01 4 200 0 34
1 172.16.23.2 Se0/0/1 11 00:01:03 834 5000 0 37
0 172.16.13.1 Se0/0/0 13 00:01:04 25 2280 0 35
Bước 3: Cấu hình các key xác thực
Trên router R1:
R1# conf t
R1(config)# key chain EIGRP-KEYS
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string cisco
Trên router R2:
R2# conf t
R2(config)# key chain EIGRP-KEYS
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string cisco
Trên router R3:
R3#conf t
R3(config)# key chain EIGRP-KEYS
R3(config-keychain)# key 1
R3(config-keychain-key)# key-string cisco
Bước 4: Cấu hình xác thực EIGRP trên các cổng của các router
Trên các cổng của router thực hiện cấu hình xác thực EIGRP trên các cổng chạy EIGRP sử dụng các key – chain đã cấu hình ở bước 3.
Trên router R1:
R1#conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface serial 0/0/1
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface fastethernet 0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
Trên router R2:
R2#conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface serial 0/0/1
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface fastethernet 0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
Trên router R3:
R3#conf t
R3(config)# interface serial 0/0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface serial 0/0/1
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface fastethernet 0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
Kiểm tra kết quả xác thực bằng câu lệnh “show ip eigrp interfaces detail”.
R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 3 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/14 Un/reliable ucasts: 26/21
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 3
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 4 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/28
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 5
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/22
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
R2# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/10 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/7 Un/reliable ucasts: 34/15
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/0 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 19/17
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/1 1 0/0 3 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 11/9
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 4
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
R3#show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 2 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/13 Un/reliable ucasts: 22/12
Mcast exceptions: 2 CR packets: 1 ACKs suppressed: 1
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 12/19
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 4 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/15
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 4
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Kiểm tra xác thực bằng cách sử dụng câu lệnh “debug eigrp packets”:
R1#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)
R1#
*Oct 4 16:10:51.090: EIGRP: Sending HELLO on Serial0/0/1
*Oct 4 16:10:51.090: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0
*Oct 4 16:10:51.190: EIGRP: received packet with MD5 authentication,
key id = 1
*Oct 4 16:10:51.190: EIGRP: Received HELLO on Serial0/0/1 nbr
172.16.13.3
*Oct 4 16:10:51.190: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0 peerQ un/rely 0/0
*Oct 4 16:10:51.854: EIGRP: received packet with MD5 authentication,
key id = 1
*Oct 4 16:10:51.854: EIGRP: Received HELLO on FastEthernet0/0 nbr
10.1.1.2
*Oct 4 16:10:51.854: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely
0/0 peerQ un/rely 0/0
*Oct 4 16:10:53.046: EIGRP: received packet with MD5 authentication,
key id = 1
Sử dụng lệnh “undebug all” để dừng debug. Bước 5: Thay đổi giá trị các bộ định thời hello timer và hold timer
Để xem các giá trị timer đang sử dụng, dùng lệnh “show ip eigrp interfaces detail”.
R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 1 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/20 Un/reliable ucasts: 41/27
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 3
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 17 10/380 448 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 17/37
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 6
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 11 10/380 416 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 18/31
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Giá trị mặc định của các bộ định thời hello và hold là 5s và 15s.
Thực hiện thay đổi hello timer và hold timer trên cổng S0/0/0 của R1 và R2 bằng cách sử dụng các lệnh “ip hello-interval eigrp 1 2” và “ip hold-time eigrp 1 8”.
R1# conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip hello-interval eigrp 1 2
R1(config-if)# ip hold-time eigrp 1 8
R2# conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip hello-interval eigrp 1 2
R2(config-if)# ip hold-time eigrp 1 8
Để kiểm tra sự thay đổi, sử dụng lệnh “show ip eigrp 1 interfaces detail serial 0/0/0”:
R1# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 17 10/380 448 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 17/37
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 6
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
R2# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 26 10/380 472 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 27/25
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Xem giá trị hold time đã được thay đổi bằng cách sử dụng lệnh “show ip eigrp neighbors”:
R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.13.3 Se0/0/1 11 01:18:21 11 2280 0 85
2 10.1.1.3 Fa0/0 13 01:18:24 1 200 0 84
1 10.1.1.2 Fa0/0 12 01:23:31 1 200 0 74
0 172.16.12.2 Se0/0/0 6 01:23:39 17 2280 0 73
R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.23.3 Se0/0/1 13 01:20:38 16 2280 0 83
2 10.1.1.3 Fa0/0 14 01:20:38 1 200 0 81
1 10.1.1.1 Fa0/0 13 01:25:45 1 200 0 109
0 172.16.12.1 Se0/0/0 6 01:25:53 26 2280 0 110
Cấu hình tương tự trên các cổng serial còn lại:
R1#conf t
R1(config)#interface serial 0/0/1
R1(config-if)#ip hello-interval eigrp 1 2
R1(config-if)#ip hold-time eigrp 1 8
R2#conf t
R2(config)#interface serial 0/0/1
R2(config-if)#ip hello-interval eigrp 1 2
R2(config-if)#ip hold-time eigrp 1 8
R3#conf t
R3(config)#interface serial 0/0/0
R3(config-if)#ip hello-interval eigrp 1 2
R3(config-if)#ip hold-time eigrp 1 8
R3(config-if)#interface serial 0/0/1
R3(config-if)#ip hello-interval eigrp 1 2
R3(config-if)#ip hold-time eigrp 1 8 3. Cấu hình cuối cùng
R1#show run
Building configuration...
hostname R1
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.13.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
no auto-summary
!
end
R2#show run
Building configuration...
!
hostname R2
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
no auto-summary
!
end
R3#show run
Building configuration...
!
hostname R3
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.13.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.3.0
no auto-summary
!
End