您的位置:首页 > 职场人生

cisco路由器RIP协议安全配置(下)

2009-08-05 15:01 531 查看
配置实例:

1.将R1和R2的相应端口设置为被动端口。

R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# passive-interface FastEthernet 1/0
R1(config-router)# passive-interface FastEthernet 0/0
R1(config-router)# passive-interface FastEthernet 0/1

R2(config)# router rip
R2(config-router)# version 2
R2(config-router)# passive-interface FastEthernet 1/0
R2(config-router)# passive-interface FastEthernet 0/0
R2(config-router)# passive-interface FastEthernet 0/1

2.将路由器1和路由器2设置为邻居关系。
R1(config-router)# neighbor 172.17.1.1 //R2 Fa0/0接口的Ip地址
R2(config-router)# neighbor 172.17.1.2 //R1 Fa0/0接口的Ip地址

3.根据时间配置密钥链

R1(config)# key chain R1
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string nike
R1(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200

R1(config-keychain)# key 2
R1(config-keychain-key)# key-string love
R1(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009

R1(config-keychain)# key 3
R1(config-keychain-key)# key-string baby
R1(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R1(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite

R2(config)# key chain R2
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string nike
R2(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200

R2(config-keychain)# key 2
R2(config-keychain-key)# key-string love
R2(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009

R2(config-keychain)# key 3
R2(config-keychain-key)# key-string baby
R2(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R2(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite

4.将密钥链应用到需要认证的网络接口上。
R1(config)# int FastEthernet 0/0
R1(config-if)# ip rip authentication key-chain R1
R1(config)# int FastEthernet 0/1
R1(config-if)# ip rip authentication key-chain R1

R2(config)# int FastEthernet 0/0
R2(config-if)# ip rip authentication key-chain R2
R2(config)# int FastEthernet 0/1
R2(config-if)# ip rip authentication key-chain R2

5.定义加密方式为明文或者MD5加密,这里使用MD5加密。

R1(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication mode md5
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息