RIP协议MD5认证_职场
 
拓扑如上
R1上起环回口loopback 1,IP1.1.1.1
R2上起环回口loopback 2,IP2.2.2.2
RI通过F0/0R2F0/0口相连。IP分别为10.10.10.1   10.10.10.2
基本配置配置如下:
Router>
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface f0/0
R1(config-if)#ip address 10.10.10.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#ver 2
R1(config-router)#network 1.1.1.1
R1(config-router)#network 10.10.10.1
R1(config-router)#^Z
R1#
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback1
R    2.0.0.0/8 [120/1] via 10.10.10.2, 00:00:01, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
R1#ping 2.2.2.2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/144/216 ms
R1#
 
 
 
 
 
 
 
 
Router>
Router>en
Router#conf t
Router(config)#hostname R2
R2(config)#no ip domain-lookup
R2(config)#interface loopback 2
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config)#interface f0/0
R2(config-if)#ip address 10.10.10.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#network 2.2.2.2
R2(config-router)#network 10.10.10.2
R2(config-router)#^Z
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
R    1.0.0.0/8 [120/1] via 10.10.10.1, 00:00:14, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
R2#ping 1.1.1.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/96/192 ms
R2#
 
 
 
没有启用认证之前路由链路能正常通信。
下面先在R1启用MD5认证。
R1(config)#interface f0/0
R1(config-if)#ip rip authentication mode md5          -----------启用MD5认证
R1(config-if)#ip rip authentication key-chain ccna       -----------配置要说链ccna
R1(config)#key chain ccna
R1(config-keychain)#key 1                         --------配置钥匙链ccna的一把钥匙
R1(config-keychain-key)#key-string chenbin           ---------配置keyID=1的密钥
R1(config-keychain)#^Z
R1#clear ip route *                               清楚路由缓存中的路由条目
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
R1#
可以发现,在R1中已经没有了通过F0/0口所获得的RIP路由条目。
 
下面在R2中也启用MD5认证
R2(config)#interface f0/0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication key-chain ccna
R2(config-if)#exit
R2(config)#key chain ccna
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string chenbin
R2(config-keychain-key)#^Z
R2#
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
R    1.0.0.0/8 [120/1] via 10.10.10.1, 00:00:03, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
R2#
R2#ping 1.1.1.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/90/156 ms
R2#
R2F0/0口也启用了MD5认证且密钥相同后,路由恢复正常通信。
值得注意的RIP只有V2(版本2)才支持MD5认证机制。
到此,实验完成。