RIP协议MD5认证
原创
©著作权归作者所有:来自51CTO博客作者chenbin1987的原创作品,请联系作者获取转载授权,否则将追究法律责任
拓扑如上
在R1上起环回口loopback 1,IP为1.1.1.1
在R2上起环回口loopback 2,IP为2.2.2.2
RI通过F0/0与R2的F0/0口相连。IP分别为10.10.10.1 10.10.10.2
基本配置配置如下:
Router>
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface f0/0
R1(config-if)#ip address 10.10.10.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#ver 2
R1(config-router)#network 1.1.1.1
R1(config-router)#network 10.10.10.1
R1(config-router)#^Z
R1#
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback1
R 2.0.0.0/8 [120/1] via 10.10.10.2, 00:00:01, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/144/216 ms
R1#
Router>
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#no ip domain-lookup
R2(config)#interface loopback 2
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config)#interface f0/0
R2(config-if)#ip address 10.10.10.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#network 2.2.2.2
R2(config-router)#network 10.10.10.2
R2(config-router)#^Z
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.10.10.1, 00:00:14, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback2
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/96/192 ms
R2#
没有启用认证之前路由链路能正常通信。
下面先在R1启用MD5认证。
R1(config)#interface f0/0
R1(config-if)#ip rip authentication mode md5 -----------启用MD5认证
R1(config-if)#ip rip authentication key-chain ccna -----------配置要说链ccna
R1(config)#key chain ccna
R1(config-keychain)#key 1 --------配置钥匙链ccna的一把钥匙
R1(config-keychain-key)#key-string chenbin ---------配置keyID=1的密钥
R1(config-keychain)#^Z
R1#clear ip route * 清楚路由缓存中的路由条目
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
R1#
可以发现,在R1中已经没有了通过F0/0口所获得的RIP路由条目。
下面在R2中也启用MD5认证
R2(config)#interface f0/0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication key-chain ccna
R2(config-if)#exit
R2(config)#key chain ccna
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string chenbin
R2(config-keychain-key)#^Z
R2#
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 10.10.10.1, 00:00:03, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback2
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
R2#
R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/90/156 ms
R2#
当R2在F0/0口也启用了MD5认证且密钥相同后,路由恢复正常通信。
值得注意的RIP只有V2(版本2)才支持MD5认证机制。
到此,实验完成。上一篇:2010下半年学习计划
下一篇:在深圳。。
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
Linux 文件管理命令 md5sum awk
Linux 文件管理命令md5sum:MD5 函数值计算和检查 awk:模式匹配语言
Linux命令 md5sum awk -
RIP MD5认证配置及出错点总结
RIP配置,RIP认证,RIP MD5 认证,Cisco RIP
RIP认证 RIP配置 Cisco RIP