TTEP.CN > 手机 >
IGP-LAB-EIGRP_and_RIP认证
IGP-LAB-EIGRP_and_RIP认证
1.实验目的
通过本实验可以掌握EIGRP,RIPv2路由协议认证的配置和调试。
2.实验拓扑
R0:
R0(config)#int s0/0
R0(config-if)#ip add 12.1.1.1 255.255.255.0
R0(config-if)#clo r 64000
R0(config-if)#no sh
R0(config)#int lo0
R0(config-if)#ip add 1.1.1.1 255.255.255.0
R0(config-if)#no sh
R0(config)#exit
R0(config)#router rip
R0(config-router)#v 2
R0(config-router)#no auto-summary
R0(config-router)#network 1.0.0.0
R0(config-router)#network 12.0.0.0
R1:
R1(config)#int s0/1
R1(config-if)#ip add 12.1.1.2 255.255.255.0
R1(config-if)#no sh
R1(config)#int lo0
R1(config-if)#ip add 2.2.2.2 255.255.255.0
R0(config)#exit
R1(config)#router rip
R1(config-router)#v 2
R1(config-router)#network 12.0.0.0
R1(config-router)#network 2.0.0.0
R1(config-router)#no auto-summary
3. RIPv2明文认证的配置和匹配原则
RIPv2 MD5认证的配置和匹配原则
(1)第一步:
R0(config)#key chain cisco //配置钥匙链
R0(config-keychain)#key 1 //配置KEY ID
R0(config-keychain-key)#key-string ccnp //配置KEY ID 内容
R1同上步骤。
(2)第二步:
R0(config-if)#ip rip authentication ?
key-chain Authentication key-chain //在接口上调用钥匙链
mode Authentication mode //启用认证模式
R0(config-if)#ip rip authentication mode ?
md5 Keyed message digest //密文模式
text Clear text authentication //明文模式
(3)R0与R1的明文认证
R0(config-if)#ip rip authentication mode text //明文模式
//启用认证,认证模式为明文,默认认证模式就是明文,所以也可以不用指定
R0(config-if)#ip rip authentication key-chain cisco //在接口上调用钥匙链
R1在s0/1接口上同上步骤。
R0与R1的密文认证:
R0(config-if)#ip rip authentication mode md5 //密文md5模式
R0(config-if)#ip rip authentication key-chain cisco //在接口上调用钥匙链
R1 步骤同上。
思考:
问题一:
RO配置一个KEY ID ,KEY 1=cisco;
R1配置一个KEY ID, KEY1=ccna;
是否能双向认证成功呢?
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:55:34.915: RIP: received packet with text authentication ccna
*Mar 1 00:55:34.915: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0 //认证无效;
R1同上也是认证无效;
密文MD5模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 01:00:41.543: RIP: received packet with MD5 authentication
*Mar 1 01:00:41.547: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0 //认证无效
同样R1//认证无效
两端KEY ID一样,密码不一样,不管明文还是md5,认证无效
问题二:
R0配置一个KEY ID ,KEY 1=cisco
R1配置一个KEY ID,KEY2=cisco
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 01:16:58.803: RIP: received packet with text authentication cisco
*Mar 1 01:16:58.803: RIP: received v2 update from 12.1.1.2 on Serial0/0
*Mar 1 01:16:58.803: 2.2.2.0/24 via 0.0.0.0 in 1 hops
*Mar 1 01:16:59.407: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Mar 1 01:16:59.407: RIP: build update entries
*Mar 1 01:16:59.407: 2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Mar 1 01:16:59.407: 12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
R0//认证成功
R1://认证成功。
密文MD5模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:10:41.407: RIP: received packet with MD5 authentication
*Mar 1 00:10:41.407: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0#
*Mar 1 00:11:04.159: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Mar 1 00:11:04.159: RIP: build update entries
*Mar 1 00:11:04.159: 12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 00:11:04.163: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses) //R0认证无效
R1debug ip rip
RIP protocol debugging is on
R1#
*Mar 1 00:10:38.847: RIP: received packet with MD5 authentication
*Mar 1 00:10:38.847: RIP: received v2 update from 12.1.1.1 on Serial0/1
*Mar 1 00:10:38.847: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Mar 1 00:10:40.851: RIP: sending v2 flash update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar 1 00:10:40.851: RIP: build flash update entries
*Mar 1 00:10:40.851: 1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
*Mar 1 00:10:40.855: RIP: sending v2 flash update to 224.0.0.9 via Serial0/1 (12.1.1.2)
*Mar 1 00:10:40.855: RIP: build flash update entries - suppressing null update
*Mar 1 00:10:40.863: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
//在R1上认证成功。
单向认证成功
问题三:
如果R0配置一个key id,key1=cisco;
R1配置两个KEY ID, KEY1=ccie,KEY2=cisco;
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:25:02.195: RIP: received packet with text authentication ccie
*Mar 1 00:25:02.195: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0#
*Mar 1 00:25:13.195: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
1.实验目的
通过本实验可以掌握EIGRP,RIPv2路由协议认证的配置和调试。
2.实验拓扑
R0:
R0(config)#int s0/0
R0(config-if)#ip add 12.1.1.1 255.255.255.0
R0(config-if)#clo r 64000
R0(config-if)#no sh
R0(config)#int lo0
R0(config-if)#ip add 1.1.1.1 255.255.255.0
R0(config-if)#no sh
R0(config)#exit
R0(config)#router rip
R0(config-router)#v 2
R0(config-router)#no auto-summary
R0(config-router)#network 1.0.0.0
R0(config-router)#network 12.0.0.0
R1:
R1(config)#int s0/1
R1(config-if)#ip add 12.1.1.2 255.255.255.0
R1(config-if)#no sh
R1(config)#int lo0
R1(config-if)#ip add 2.2.2.2 255.255.255.0
R0(config)#exit
R1(config)#router rip
R1(config-router)#v 2
R1(config-router)#network 12.0.0.0
R1(config-router)#network 2.0.0.0
R1(config-router)#no auto-summary
3. RIPv2明文认证的配置和匹配原则
RIPv2 MD5认证的配置和匹配原则
(1)第一步:
R0(config)#key chain cisco //配置钥匙链
R0(config-keychain)#key 1 //配置KEY ID
R0(config-keychain-key)#key-string ccnp //配置KEY ID 内容
R1同上步骤。
(2)第二步:
R0(config-if)#ip rip authentication ?
key-chain Authentication key-chain //在接口上调用钥匙链
mode Authentication mode //启用认证模式
R0(config-if)#ip rip authentication mode ?
md5 Keyed message digest //密文模式
text Clear text authentication //明文模式
(3)R0与R1的明文认证
R0(config-if)#ip rip authentication mode text //明文模式
//启用认证,认证模式为明文,默认认证模式就是明文,所以也可以不用指定
R0(config-if)#ip rip authentication key-chain cisco //在接口上调用钥匙链
R1在s0/1接口上同上步骤。
R0与R1的密文认证:
R0(config-if)#ip rip authentication mode md5 //密文md5模式
R0(config-if)#ip rip authentication key-chain cisco //在接口上调用钥匙链
R1 步骤同上。
思考:
问题一:
RO配置一个KEY ID ,KEY 1=cisco;
R1配置一个KEY ID, KEY1=ccna;
是否能双向认证成功呢?
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:55:34.915: RIP: received packet with text authentication ccna
*Mar 1 00:55:34.915: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0 //认证无效;
R1同上也是认证无效;
密文MD5模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 01:00:41.543: RIP: received packet with MD5 authentication
*Mar 1 01:00:41.547: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0 //认证无效
同样R1//认证无效
两端KEY ID一样,密码不一样,不管明文还是md5,认证无效
问题二:
R0配置一个KEY ID ,KEY 1=cisco
R1配置一个KEY ID,KEY2=cisco
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 01:16:58.803: RIP: received packet with text authentication cisco
*Mar 1 01:16:58.803: RIP: received v2 update from 12.1.1.2 on Serial0/0
*Mar 1 01:16:58.803: 2.2.2.0/24 via 0.0.0.0 in 1 hops
*Mar 1 01:16:59.407: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Mar 1 01:16:59.407: RIP: build update entries
*Mar 1 01:16:59.407: 2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Mar 1 01:16:59.407: 12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
R0//认证成功
R1://认证成功。
密文MD5模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:10:41.407: RIP: received packet with MD5 authentication
*Mar 1 00:10:41.407: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0#
*Mar 1 00:11:04.159: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Mar 1 00:11:04.159: RIP: build update entries
*Mar 1 00:11:04.159: 12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 00:11:04.163: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses) //R0认证无效
R1debug ip rip
RIP protocol debugging is on
R1#
*Mar 1 00:10:38.847: RIP: received packet with MD5 authentication
*Mar 1 00:10:38.847: RIP: received v2 update from 12.1.1.1 on Serial0/1
*Mar 1 00:10:38.847: 1.1.1.0/24 via 0.0.0.0 in 1 hops
*Mar 1 00:10:40.851: RIP: sending v2 flash update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar 1 00:10:40.851: RIP: build flash update entries
*Mar 1 00:10:40.851: 1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
*Mar 1 00:10:40.855: RIP: sending v2 flash update to 224.0.0.9 via Serial0/1 (12.1.1.2)
*Mar 1 00:10:40.855: RIP: build flash update entries - suppressing null update
*Mar 1 00:10:40.863: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
//在R1上认证成功。
单向认证成功
问题三:
如果R0配置一个key id,key1=cisco;
R1配置两个KEY ID, KEY1=ccie,KEY2=cisco;
明文模式:
R0#debug ip rip
RIP protocol debugging is on
R0#
*Mar 1 00:25:02.195: RIP: received packet with text authentication ccie
*Mar 1 00:25:02.195: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
R0#
*Mar 1 00:25:13.195: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
- 最近发表
- 赞助商链接