CISCO EIGRP協定可以采用路由彙總來簡化配置,下發預設路由,可以通過認證來提高安全性。
實驗拓撲說明 R1的環回口配置4個位址段,所有接口宣告進eigrp 10,
在R1的e0/0口上做彙總和認證,R2的e0/0對應做認證配置。
配置清單
R1配置
hostname R1
key chain AUTH
key 1
key-string cisco
//配置key chain
interface Loopback0
ip address 10.1.1.1 255.255.255.0 secondary
ip address 10.1.2.1 255.255.255.0 secondary
ip address 10.1.3.1 255.255.255.0 secondary
ip address 10.1.0.1 255.255.255.0
interface Ethernet0/0
ip address 12.0.0.1 255.255.255.0
ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 AUTH
ip summary-address eigrp 10 10.1.0.0 255.255.252.0
No shut
//接口啟用彙總和認證,注意下發彙總路由有方向性
router eigrp 10
network 10.1.0.0 0.0.3.255
network 12.0.0.1 0.0.0.0
neighbor 12.0.0.2 Ethernet0/0
eigrp router-id 1.1.1.1
R2配置
hostname R2
key chain AUTH
key 1
key-string cisco
interface Ethernet0/0
No shut
ip address 12.0.0.2 255.255.255.0
ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 AUTH
//對應R1的e0/0認證配置
router eigrp 10
network 12.0.0.2 0.0.0.0
network 23.0.0.2 0.0.0.0
neighbor 12.0.0.1 Ethernet0/0
eigrp router-id 2.2.2.2
R3配置
hostname R3
interface Ethernet0/0
ip address 23.0.0.3 255.255.255.0
No shut
router eigrp 10
network 23.0.0.3 0.0.0.0
eigrp router-id 3.3.3.3
配置完成後檢查
也可以在R1的e0/0彙總成0.0.0.0 ,注意會在R1生成指向Null0的管理距離為5 的預設路由,如果R1是出口路由器,需要另外手工寫一條預設路由。
interface Ethernet0/0
ip summary-address eigrp 10 0.0.0.0 0.0.0.0