企业配置EIGRP默认路由-wfeng-ChinaUnix博客

在中小型企业中，一般会考虑内网所有的电脑通过一台边界器（即公司与外网相连的那台器）来进行网上冲浪或是其它internet活动。

示例的拓扑图如下：

公司的三个点，内部路由器之间通过EIGRP共享路由信息。同时，R2为公司总部的路由器，所有R1和R3的用户都要通过R1来连接internet。只有R2配有一个公网IP：200.15.8.60.

目的：要使所有内网之间可以互相通讯，并可以通过R2路由器与外部通讯。本例中假如外部IP：100.100.100.100与200.200.200.200.

首先：

我们在公司之间EIGRP，并通告所有的网段。这个没有问题，经过之后，使内部网段之间可以互访。

R1中，我们可以使用EIGRP来通告网段：172.16.1.0/24 192.168.30.4/30 192.168.30.0/30，并将Fa1/0配置为被动接口。

R2中，通告网段172.16.2.0/24 192.168.30.8/24 192.168.30.0/24及网段200.15.8.60。

R3中，通告网段192.168.30.8/30 192.168.30.4/30 172.16.3.0/24,并钭Fa1/0配置为被动接口。

经过以上配置，主机之间互ping应该都可以通，同时，C1、C2、C3都可以ping通200.15.8.60/24这个公网IP。由于R2通告了200.15.8.0、24网段，三台主机也可ping通200.15.8.80/24。

但此时，并不能说明所有的内网主机可以通过R2上网。

于是，我们可以在R2上做个路由。

ip route 0.0.0.0 0.0.0.0.0 s2/0

则此时：C2可以ping通外网了。

VPCS[2]> ping 100.100.100.100
100.100.100.100 icmp_seq=1 ttl=254 time=52.000 ms
100.100.100.100 icmp_seq=2 ttl=254 time=30.000 ms
100.100.100.100 icmp_seq=3 ttl=254 time=10.000 ms
100.100.100.100 icmp_seq=4 ttl=254 time=15.000 ms
100.100.100.100 icmp_seq=5 ttl=254 time=81.000 ms

VPCS[2]> ping 200.200.200.200
200.200.200.200 icmp_seq=1 ttl=254 time=45.000 ms
200.200.200.200 icmp_seq=2 ttl=254 time=19.000 ms
200.200.200.200 icmp_seq=3 ttl=254 time=34.000 ms
200.200.200.200 icmp_seq=4 ttl=254 time=16.000 ms
200.200.200.200 icmp_seq=5 ttl=254 time=21.000 ms

可以查看R2的路由表：

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - , IA - inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     192.168.30.0/30 is subnetted, 3 subnets
D       192.168.30.4 [90/2681856] via 192.168.30.9, 00:41:28, Serial2/1
                     [90/2681856] via 192.168.30.2, 00:41:28, Serial2/0
C       192.168.30.0 is directly connected, Serial2/0
C       192.168.30.8 is directly connected, Serial2/1
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.1.0 [90/2172416] via 192.168.30.2, 00:41:28, Serial2/0
C       172.16.2.0 is directly connected, FastEthernet0/0
D       172.16.3.0 [90/2172416] via 192.168.30.9, 00:22:19, Serial2/1
C    200.15.8.0/24 is directly connected, Serial2/2
S*   0.0.0.0/0 is directly connected, Serial2/2

由于C2与R2直连，经过配置默认路由，则C2网段的电脑可以上外网。

但此时，在C1和C3网段上，试着ping外网。

C1上：

VPCS[1]> ping 200.200.200.200
200.200.200.200 icmp_seq=1 timeout
200.200.200.200 icmp_seq=2 timeout
200.200.200.200 icmp_seq=3 timeout
200.200.200.200 icmp_seq=4 timeout
200.200.200.200 icmp_seq=5 timeout

C3上：

VPCS[3]> ping 200.200.200.200
200.200.200.200 icmp_seq=1 timeout
200.200.200.200 icmp_seq=2 timeout
200.200.200.200 icmp_seq=3 timeout
200.200.200.200 icmp_seq=4 timeout
200.200.200.200 icmp_seq=5 timeout

都不通，我们查看R1与R3的路由表：

R1：

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial0/3
C       192.168.30.0 is directly connected, Serial0/0
D       192.168.30.8 [90/2681856] via 192.168.30.6, 00:44:23, Serial0/3
                     [90/2681856] via 192.168.30.1, 00:44:23, Serial0/0
     172.16.0.0/24 is subnetted, 3 subnets
C       172.16.1.0 is directly connected, FastEthernet1/0
D       172.16.2.0 [90/2172416] via 192.168.30.1, 00:44:21, Serial0/0
D       172.16.3.0 [90/2172416] via 192.168.30.6, 00:25:13, Serial0/3
D    200.15.8.0/24 [90/2681856] via 192.168.30.1, 00:21:32, Serial0/0

R3：

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial3/1
D       192.168.30.0 [90/2681856] via 192.168.30.10, 00:44:46, Serial3/0
                     [90/2681856] via 192.168.30.5, 00:44:46, Serial3/1
C       192.168.30.8 is directly connected, Serial3/0
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.1.0 [90/2172416] via 192.168.30.5, 00:44:46, Serial3/1
D       172.16.2.0 [90/2172416] via 192.168.30.10, 00:44:46, Serial3/0
C       172.16.3.0 is directly connected, FastEthernet1/0
D    200.15.8.0/24 [90/2681856] via 192.168.30.10, 00:21:57, Serial3/0

均没有默认路由，则不在路由表中的目标，数据包则无法到达。

在EIGRP中，通告默认路由的方法有两种：

第一种是：在边界路由器上声明一条默认路由：ip route 0.0.0.0 0.0.0.0 interface。然后在EIGRP中，用命令network 0.0.0.0来通告它。

这样，所有其它邻接路由器将收到默认路由。

R2路由器上的配置：

router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 192.168.30.0 0.0.0.3
network 192.168.30.8 0.0.0.3
network 200.15.8.0
network 0.0.0.0
no auto-summary
!
ip http server
!
ip route 0.0.0.0 0.0.0.0 Serial2/2

此时，通告了0.0.0.0。刚查看R1与R3的路由表。

R1：

Gateway of last resort is 192.168.30.1 to network 0.0.0.0

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial0/3
C       192.168.30.0 is directly connected, Serial0/0
D       192.168.30.8 [90/2681856] via 192.168.30.6, 01:04:45, Serial0/3
                     [90/2681856] via 192.168.30.1, 01:04:45, Serial0/0
     172.16.0.0/24 is subnetted, 3 subnets
C       172.16.1.0 is directly connected, FastEthernet1/0
D       172.16.2.0 [90/2172416] via 192.168.30.1, 01:04:44, Serial0/0
D       172.16.3.0 [90/2172416] via 192.168.30.6, 00:45:36, Serial0/3
D    200.15.8.0/24 [90/2681856] via 192.168.30.1, 00:41:55, Serial0/0
D*   0.0.0.0/0 [90/2681856] via 192.168.30.1, 00:00:11, Serial0/0

R3的路由表：

R3#show run
*Mar 1 01:08:03.791: %SYS-5-CONFIG_I: Configured from console by console
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.30.10 to network 0.0.0.0

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial3/1
D       192.168.30.0 [90/2681856] via 192.168.30.10, 01:07:46, Serial3/0
                     [90/2681856] via 192.168.30.5, 01:07:46, Serial3/1
C       192.168.30.8 is directly connected, Serial3/0
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.1.0 [90/2172416] via 192.168.30.5, 01:07:46, Serial3/1
D       172.16.2.0 [90/2172416] via 192.168.30.10, 01:07:46, Serial3/0
C       172.16.3.0 is directly connected, FastEthernet1/0
D    200.15.8.0/24 [90/2681856] via 192.168.30.10, 00:44:57, Serial3/0
D*   0.0.0.0/0 [90/2681856] via 192.168.30.10, 00:03:13, Serial3/0

从路由表中可以看到，R1、R3都得到了默认路由，并指定出默认路由的出口，这样，

所有不在路由表中的目的地，都将经过这些出口转发到R2中，然后R2将它们由出口接口转发到internet上。

我们再在C1与C3上ping外网：

C1：

VPCS[1]> ping 200.200.200.200
200.200.200.200 icmp_seq=1 ttl=253 time=57.000 ms
200.200.200.200 icmp_seq=2 ttl=253 time=21.000 ms
200.200.200.200 icmp_seq=3 ttl=253 time=30.000 ms
200.200.200.200 icmp_seq=4 ttl=253 time=62.000 ms
200.200.200.200 icmp_seq=5 ttl=253 time=15.000 ms

C3：
VPCS[3]> ping 200.200.200.200
200.200.200.200 icmp_seq=1 ttl=253 time=52.000 ms
200.200.200.200 icmp_seq=2 ttl=253 time=90.000 ms
200.200.200.200 icmp_seq=3 ttl=253 time=25.000 ms
200.200.200.200 icmp_seq=4 ttl=253 time=49.000 ms
200.200.200.200 icmp_seq=5 ttl=253 time=83.000 ms

都可以通，这样就达成目的了，不过这样通告路由，外部的EIGRP路由器将会收到EIGRP包。对安全可能会有影响。

第二种是：在边界路由器上，使用命令ip default-network +出口的那个网段。来通告此网段作为默认出口。

见R2的配置：

router eigrp 100
passive-interface FastEthernet0/0
network 172.16.0.0
network 192.168.30.0 0.0.0.3
network 192.168.30.8 0.0.0.3
network 200.15.8.0
no auto-summary
!
ip http server
!
ip default-network 200.15.8.0
ip route 0.0.0.0 0.0.0.0 Serial2/2

EIGRP一定要通告200.15.8.0，即ip defualt-network通告的这个网段

接着，我们再看R1与R3的路由表：

R1：

Gateway of last resort is 192.168.30.1 to network 200.15.8.0

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial0/3
C       192.168.30.0 is directly connected, Serial0/0
D       192.168.30.8 [90/2681856] via 192.168.30.6, 00:00:49, Serial0/3
                     [90/2681856] via 192.168.30.1, 00:00:49, Serial0/0
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, FastEthernet1/0
D       172.16.2.0 [90/2172416] via 192.168.30.1, 00:00:48, Serial0/0
D*   200.15.8.0/24 [90/2681856] via 192.168.30.1, 00:00:14, Serial0/0

R3：

Gateway of last resort is 192.168.30.10 to network 200.15.8.0

     192.168.30.0/30 is subnetted, 3 subnets
C       192.168.30.4 is directly connected, Serial3/1
D       192.168.30.0 [90/2681856] via 192.168.30.10, 00:03:56, Serial3/0
                     [90/2681856] via 192.168.30.5, 00:03:56, Serial3/1
C       192.168.30.8 is directly connected, Serial3/0
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.1.0 [90/2172416] via 192.168.30.5, 00:03:56, Serial3/1
D       172.16.2.0 [90/2172416] via 192.168.30.10, 00:03:56, Serial3/0
C       172.16.3.0 is directly connected, FastEthernet1/0
D*   200.15.8.0/24 [90/2681856] via 192.168.30.10, 00:03:23, Serial3/0

这样，R1与R3都收到了默认路由。

再在C1与C3上ping外网：

C1：

至此，所有内部网段能互相通讯，并都能通过R2上网。