RIP版本1不支持认证。如果接收和发送的是版本2包,接口能进行RIP认证。密钥链路决定了能用于接口的一连串密钥。如果不配设置密钥链路,接口就不能进行认证,甚至不能进行缺省认证。下面就让我们看一下配置RIP认证的步骤:
一、实验拓扑如图:
二、明文验证
1、明文认证时,被认证方发送key chian时,发送最低ID值的key,并且不携带ID;认证方接收到key后,和自己key chain的全部key进行比较,只要有一个key匹配就通过对被认证方的认证。
2、验证
R1上配置为:
- key chain rip-key
- key 1
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.1 255.255.255.0
- ip rip authentication key-chain rip-key
R2上配置为:
- key chain rip-key
- key 1
- key-string ccxx01
- key 2
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip rip authentication key-chain rip-key
3、路由器的路由表结果
- R1#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- C 192.168.1.0/24 is directly connected, Loopback0
- R2#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- R 192.168.1.0/24 [120/1] via 192.168.12.1, 00:00:15, FastEthernet0/0
- C 192.168.2.0/24 is directly connected, Loopback0
4、结论
三、密文认证
1、被认证方发送key时,发送最低ID值的key,并且携带了ID;认证方接收到key后,首先在自己key chain中查找是否具有相同ID的key,如果有相同ID的key并且key相同就通过认证,key值不同就不通过认证。如果没有相同ID的key,就查找该ID往后的最近ID的key;如果没有往后的ID,认证失败。
2、验证
R1上配置为:
- key chain rip-key
- key 1
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.1 255.255.255.0
- ip rip authentication mode md5
- ip rip authentication key-chain rip-key
R2上配置为:
- key chain rip-key
- key 1
- key-string ccxx01
- key 2
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip rip authentication mode md5
- ip rip authentication key-chain rip-key
3、路由表的输出结果为:
- R1#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- C 192.168.1.0/24 is directly connected, Loopback0
- R2#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
- Gateway of last resort is not set
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- R 192.168.1.0/24 [120/1] via 192.168.12.1, 00:00:15, FastEthernet0/0
- C 192.168.2.0/24 is directly connected, Loopback0
4、结论
RIP认证的实验就为大家介绍完了,希望大家已经掌握!
【编辑推荐】
