实验目的：

1 掌握静态路由的基本配置，要注意写下一跳和出接口的区别

2 掌握默认路由，浮动路由的配置

3 掌握路由是最长掩码匹配原则

4 掌握什么是ICMP的重定向

实验拓扑：

R1的配置：

ip route 0.0.0.0 0.0.0.0 10.0.0.2

要想清楚什么情况下设置默认路由比较合适？（末端网络-------出口唯一）想一想什么是末端网络？

R1#show ip route static

S* 0.0.0.0/0 [1/0] via 10.0.0.2

R2的配置：

ip route 172.16.0.0 255.255.0.0 11.0.0.2

ip route 172.16.0.0 255.255.0.0 12.0.0.2 50

ip route 192.168.1.0 255.255.255.0 10.0.0.1

想一想为什么要设置2条到172.16.0.0的路由？同时172.16.0.0又是什么路由？

答案：浮动静态路由 汇总路由

R2#sh ip route static

S 172.16.0.0/16 [1/0] via 11.0.0.2

S 192.168.1.0/24 [1/0] via 10.0.0.1

R3的配置：

ip route 10.0.0.0 255.0.0.0 11.0.0.1

ip route 10.0.0.0 255.0.0.0 12.0.0.1 50

ip route 192.168.1.0 255.255.255.0 12.0.0.1

ip route 192.168.1.64 255.255.255.224 11.0.0.1

ip route 192.168.1.96 255.255.255.224 11.0.0.1

ip route 192.168.1.100 255.255.255.255 12.0.0.1

R3#sh ip route static

S 10.0.0.0/8 [1/0] via 11.0.0.1

192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks

S 192.168.1.96/27 [1/0] via 11.0.0.1

S 192.168.1.100/32 [1/0] via 12.0.0.1

S 192.168.1.64/27 [1/0] via 11.0.0.1

S 192.168.1.0/24 [1/0] via 12.0.0.1

如果C4 ping C1---192.168.1.100 数据包应该匹配那一条路由？

如果C4 ping C1---192.168.1.99 数据包应该匹配那一条路由？

如果C4 ping C2---192.168.1.68 数据包应该匹配那一条路由？

删除2条静态路由:

No ip route 192.168.1.64 255.255.255.224 11.0.0.1

No ip route 192.168.1.96 255.255.255.224 11.0.0.1

如果C4 ping C1---192.168.1.100 数据包应该匹配那一条路由？

如果C4 ping C1---192.168.1.99 数据包应该匹配那一条路由？

如果C4 ping C2---192.168.1.68 数据包应该匹配那一条路由？

C5----10.0.0.5 ping C1/C2，C5的网关是10.0.0.2，会发生什么情况？

R2#

*Mar 1 00:23:47.799: ICMP: redirect sent to 10.0.0.5 for dest 192.168.1.65, use gw 10.0.0.1

R2#

*Mar 1 00:23:48.851: ICMP: redirect sent to 10.0.0.5 for dest 192.168.1.65, use gw 10.0.0.1

*Mar 1 00:23:49.851: ICMP: redirect sent to 10.0.0.5 for dest 192.168.1.65, use gw 10.0.0.1

R2#

*Mar 1 00:23:50.891: ICMP: redirect sent to 10.0.0.5 for dest 192.168.1.65, use gw 10.0.0.1

R2#

*Mar 1 00:23:51.927: ICMP: redirect sent to 10.0.0.5 for dest 192.168.1.65, use gw 10.0.0.1

以上为路由器提示的ICMP重定向信息

VPCS[5]> tracert 192.168.1.65

traceroute to 192.168.1.65, 64 hops max, press Ctrl+C to stop

1 10.0.0.2 62.000 ms 7.000 ms 41.000 ms

2 10.0.0.2 12.000 ms *

通过VPC是看不到效果的，需要把C5桥接到物理机才会有效果

静态路由：

IP Route 目标网段 目标网段的子网掩码 相邻的下一跳路由器的接口地址/或者是本地路由器的出口 （可选的管理距离 1--255）

S* 0.0.0.0/0 is directly connected, Ethernet0/2

S* 0.0.0.0/0 [1/0] via 10.0.0.2

（注意：在写静态路由的时候，建议写下一跳路由器的接口地址，不建议写本地路由器的出口，只有在点到点链路上才适合写本地出口）

如上拓扑图：

R1的配置：

R1(config)#int e0/0

R1(config-if)#ip add 10.0.0.1 255.0.0.0

R1(config-if)#no sh

R1(config)#ip route 0.0.0.0 0.0.0.0 e0/0

R1#ping 11.0.0.1 source e0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:

Packet sent with a source address of 10.0.0.1

.!!!!

R1#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 11.0.0.1 0 cc02.0c2c.0000 ARPA Ethernet0/0

Internet 10.0.0.1 - cc00.0c2c.0000 ARPA Ethernet0/0

把R1的E0/0接口down掉，再启用是下面的结果

R1#ping 11.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 20/40/80 ms

R1#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 11.0.0.1 0 cc01.0c2c.0000 ARPA Ethernet0/0

Internet 10.0.0.1 - cc00.0c2c.0000 ARPA Ethernet0/0

R2(config)#int e0/0

R2(config-if)#ip add 10.0.0.2 255.0.0.0

R2(config-if)#no shut

R2(config-if)#int e0/1

R2(config-if)#ip add 11.0.0.1 255.0.0.0

R2(config-if)#no shut

R2#sh int e0/0

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is cc01.0c2c.0000 (bia cc01.0c2c.0000)

Internet address is 10.0.0.2/8

R3#sh ip int brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 10.0.0.3 YES manual up up

Ethernet0/1 11.0.0.2 YES manual up up

R3#sh int e0/0

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is cc02.0c2c.0000 (bia cc02.0c2c.0000)

Internet address is 10.0.0.3/8

把R1的E0/0接口down掉，再启用

R1#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.1 - cc00.0c2c.0000 ARPA Ethernet0/0

R1#debug arp

ARP packet debugging is on

R1#ping 11.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:

*Mar 1 00:27:32.979: IP ARP: creating incomplete entry for IP address: 11.0.0.1 interface Ethernet0/0

*Mar 1 00:27:32.979: IP ARP: sent req src 10.0.0.1 cc00.0c2c.0000,

dst 11.0.0.1 0000.0000.0000 Ethernet0/0

*Mar 1 00:27:33.079: IP ARP: rcvd rep src 11.0.0.1 cc01.0c2c.0000, dst 10.0.0.1 Ethernet0/0

*Mar 1 00:27:33.083: IP ARP: rcvd rep src 11.0.0.1 cc02.0c2c.0000, dst 10.0.0.1 Ethernet0/0.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 32/46/64 ms

从上面的配置和测试不难看出从R1到11.0.0.0/8的网段走的可能是R3也可能是R2，可是我们希望走的是R2，没有达到我们的要求，因为我们写静态路由写的出接口，并且是在广播型的链路上写的出接口，这就是问题所在，你只是告诉R1到11.0.0.0/8走E0/0接口，于是R1就会在E0/0接口发出关于目的地11.0.0.1的ARP查询，R2和R3都会应答这个查询，实际上就是PARP，如果把R2和R3接口上的PARP关闭--------no ip proxy-arp，R2和R3都不会响应ARP的查询，如果是点到点链路就不存在ARP的查询，这就是为什么在写静态路由的时候，建议写下一跳路由器的接口地址，不建议写本地路由器的出口，只有在点到点链路上才适合写本地出口的原因。

Icmp的请求消息

Icmp的应答消息