CCNP-24 被动接口（BSCI）

CCNP-24 被动接口

实验拓扑：

实验要求：R1 R2 R3之间起RIPv2路由协议，把R2的S1/1接口配置为passive-interface，观察配置前后路由表的变化。

试验目的：掌握被动接口基本的配置方法和配置被动接口的目的。

试验配置：

R1：

R1(config)#int s1/0

R1(config-if)#ip add 199.99.1.1 255.255.255.0

R1(config-if)#no shu

R1(config-if)#exit

R1(config)#int loop0

R1(config-if)#ip add 172.16.0.1 255.255.255.0

R1(config-if)#exit

R1(config)#int loop1

R1(config-if)#ip add 172.16.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#int loop2

R1(config-if)#ip add 172.16.2.1 255.255.255.0

R1(config-if)#exit

R1(config)#int loop3

R1(config-if)#ip add 172.16.3.1 255.255.255.0

R1(config-if)#exit

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 199.99.1.0

R1(config-router)#network 172.16.0.0

R1(config-router)#network 172.16.1.0

R1(config-router)#network 172.16.2.0

R1(config-router)#network 172.16.3.0

R1(config-router)#no auto-summary

R1(config-router)#end

 

R2：

R2(config)#int s1/0

R2(config-if)#ip add 199.99.1.2 255.255.255.0

R2(config-if)#clock rate 64000

R2(config-if)#no shu

R2(config-if)#exit

R2(config)#int s1/1

R2(config-if)#ip add 199.99.2.1 255.255.255.0

R2(config-if)#clock rate 64000

R2(config-if)#no shu

R2(config-if)#exit

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#network 199.99.1.0

R2(config-router)#network 199.99.2.0

R2(config-router)#no auto-summary

R2(config-router)#exit

 

R3：

R3(config)#int s1/0

R3(config-if)#ip add 199.99.2.2 255.255.255.0

R3(config-if)#no shu

R3(config-if)#exit

R3(config)#int loop0

R3(config-if)#ip add 172.17.0.1 255.255.255.0

R3(config-if)#exit

R3(config)#int loop1

R3(config-if)#ip add 172.17.1.1 255.255.255.0

R3(config-if)#exit

R3(config)#int loop2

R3(config-if)#ip add 172.17.2.1 255.255.255.0

R3(config-if)#exit

R3(config)#int loop3

R3(config-if)#ip add 172.17.3.1 255.255.255.0

R3(config-if)#exit

R3(config)#router rip

R3(config-router)#version 2

R3(config-router)#network 199.99.2.0

R3(config-router)#network 172.17.0.0

R3(config-router)#network 172.17.1.0

R3(config-router)#network 172.17.2.0

R3(config-router)#network 172.17.3.0

R3(config-router)#no auto-summary

R3(config-router)#exit

基本配置完成，在R1与R3起loopback接口的目的是为了后面测试用。然后我们观察R1与R3的路由表：

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.17.0.0/24 is subnetted, 4 subnets

R       172.17.1.0 [120/2] via 199.99.1.2, 00:00:06, Serial1/0

R       172.17.0.0 [120/2] via 199.99.1.2, 00:00:06, Serial1/0

R       172.17.3.0 [120/2] via 199.99.1.2, 00:00:06, Serial1/0

R       172.17.2.0 [120/2] via 199.99.1.2, 00:00:06, Serial1/0

     172.16.0.0/24 is subnetted, 4 subnets

C       172.16.0.0 is directly connected, Loopback0

C       172.16.1.0 is directly connected, Loopback1

C       172.16.2.0 is directly connected, Loopback2

C       172.16.3.0 is directly connected, Loopback3

R    199.99.2.0/24 [120/1] via 199.99.1.2, 00:00:14, Serial1/0

C    199.99.1.0/24 is directly connected, Serial1/0

上面用红颜色标记的是R3上的路由。

R3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.17.0.0/24 is subnetted, 4 subnets

C       172.17.1.0 is directly connected, Loopback1

C       172.17.0.0 is directly connected, Loopback0

C       172.17.3.0 is directly connected, Loopback3

C       172.17.2.0 is directly connected, Loopback2

     172.16.0.0/24 is subnetted, 4 subnets

R       172.16.0.0 [120/2] via 199.99.2.1, 00:00:03, Serial1/0

R       172.16.1.0 [120/2] via 199.99.2.1, 00:00:03, Serial1/0

R       172.16.2.0 [120/2] via 199.99.2.1, 00:00:03, Serial1/0

R       172.16.3.0 [120/2] via 199.99.2.1, 00:00:03, Serial1/0

C    199.99.2.0/24 is directly connected, Serial1/0

R    199.99.1.0/24 [120/1] via 199.99.2.1, 00:00:04, Serial1/0

上面用红颜色标记的是R1上的路由。

然后我们在R2上配置，将S1/1配置为被动接口：

R2(config)#router rip

R2(config-router)#passive-interface s1/1

R2(config-router)#end

（注：配置被动接口passive-interface default命令会将所有接口都配置为被动接口，这条命令是用在路由器接口非常多的情况下，然后用no passive-interface命令设置必须接收路由更新的接口，我这里不再做演示。）

这样就把S1/1配置为被动接口了，然后我们再看看R1与R3的路由表有什么变化？

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.17.0.0/24 is subnetted, 4 subnets

R       172.17.1.0 [120/2] via 199.99.1.2, 00:00:04, Serial1/0

R       172.17.0.0 [120/2] via 199.99.1.2, 00:00:04, Serial1/0

R       172.17.3.0 [120/2] via 199.99.1.2, 00:00:04, Serial1/0

R       172.17.2.0 [120/2] via 199.99.1.2, 00:00:04, Serial1/0

     172.16.0.0/24 is subnetted, 4 subnets

C       172.16.0.0 is directly connected, Loopback0

C       172.16.1.0 is directly connected, Loopback1

C       172.16.2.0 is directly connected, Loopback2

C       172.16.3.0 is directly connected, Loopback3

R    199.99.2.0/24 [120/1] via 199.99.1.2, 00:00:04, Serial1/0

C    199.99.1.0/24 is directly connected, Serial1/0

R1的路由表和刚才的一样，没有什么变化！

R3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     172.17.0.0/24 is subnetted, 4 subnets

C       172.17.1.0 is directly connected, Loopback1

C       172.17.0.0 is directly connected, Loopback0

C       172.17.3.0 is directly connected, Loopback3

C       172.17.2.0 is directly connected, Loopback2

C    199.99.2.0/24 is directly connected, Serial1/0

R3的路由表发生了变化，没有R路由了。也就是说，R3上的路由可以通过被动接口发送出去，但是外面的路有无法通过被动接口发送进来！

被动接口的作用就是能够防止不必要的路由更新进入某个网络，并且还能阻止EIGRP,OSPF,ISIS的HELLO包的通过。

实验总结：掌握基本的被动接口的配置方法，并且能够了解被动接口的作用是为了防止不必要的路由更新进入某个网络，并且还能阻止EIGRP,OSPF,ISIS的HELLO包的通过。

转载于:https://blog.51cto.com/loveme23/49743