cisco路由器RIP协议安全配置(下)
2009-08-05 15:01
531 查看
配置实例:
1.将R1和R2的相应端口设置为被动端口。
R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# passive-interface FastEthernet 1/0
R1(config-router)# passive-interface FastEthernet 0/0
R1(config-router)# passive-interface FastEthernet 0/1
R2(config)# router rip
R2(config-router)# version 2
R2(config-router)# passive-interface FastEthernet 1/0
R2(config-router)# passive-interface FastEthernet 0/0
R2(config-router)# passive-interface FastEthernet 0/1
2.将路由器1和路由器2设置为邻居关系。
R1(config-router)# neighbor 172.17.1.1 //R2 Fa0/0接口的Ip地址
R2(config-router)# neighbor 172.17.1.2 //R1 Fa0/0接口的Ip地址
3.根据时间配置密钥链
R1(config)# key chain R1
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string nike
R1(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain)# key 2
R1(config-keychain-key)# key-string love
R1(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain)# key 3
R1(config-keychain-key)# key-string baby
R1(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R1(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
R2(config)# key chain R2
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string nike
R2(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain)# key 2
R2(config-keychain-key)# key-string love
R2(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain)# key 3
R2(config-keychain-key)# key-string baby
R2(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R2(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
4.将密钥链应用到需要认证的网络接口上。
R1(config)# int FastEthernet 0/0
R1(config-if)# ip rip authentication key-chain R1
R1(config)# int FastEthernet 0/1
R1(config-if)# ip rip authentication key-chain R1
R2(config)# int FastEthernet 0/0
R2(config-if)# ip rip authentication key-chain R2
R2(config)# int FastEthernet 0/1
R2(config-if)# ip rip authentication key-chain R2
5.定义加密方式为明文或者MD5加密,这里使用MD5加密。
R1(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication mode md5
1.将R1和R2的相应端口设置为被动端口。
R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# passive-interface FastEthernet 1/0
R1(config-router)# passive-interface FastEthernet 0/0
R1(config-router)# passive-interface FastEthernet 0/1
R2(config)# router rip
R2(config-router)# version 2
R2(config-router)# passive-interface FastEthernet 1/0
R2(config-router)# passive-interface FastEthernet 0/0
R2(config-router)# passive-interface FastEthernet 0/1
2.将路由器1和路由器2设置为邻居关系。
R1(config-router)# neighbor 172.17.1.1 //R2 Fa0/0接口的Ip地址
R2(config-router)# neighbor 172.17.1.2 //R1 Fa0/0接口的Ip地址
3.根据时间配置密钥链
R1(config)# key chain R1
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string nike
R1(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain)# key 2
R1(config-keychain-key)# key-string love
R1(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain)# key 3
R1(config-keychain-key)# key-string baby
R1(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R1(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
R2(config)# key chain R2
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string nike
R2(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain)# key 2
R2(config-keychain-key)# key-string love
R2(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain)# key 3
R2(config-keychain-key)# key-string baby
R2(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R2(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
4.将密钥链应用到需要认证的网络接口上。
R1(config)# int FastEthernet 0/0
R1(config-if)# ip rip authentication key-chain R1
R1(config)# int FastEthernet 0/1
R1(config-if)# ip rip authentication key-chain R1
R2(config)# int FastEthernet 0/0
R2(config-if)# ip rip authentication key-chain R2
R2(config)# int FastEthernet 0/1
R2(config-if)# ip rip authentication key-chain R2
5.定义加密方式为明文或者MD5加密,这里使用MD5加密。
R1(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication mode md5
相关文章推荐
- cisco路由器RIP协议安全配置(上)
- cisco路由器基本实验之三 动态路由之RIP协议的配置(Boson NetSim)
- cisco路由器基本实验之三 动态路由之RIP协议的配置(Boson NetSim)
- cisco路由器基本实验之三 动态路由之RIP协议的配置(Boson NetSim)
- cisco路由器基本实验之三 动态路由之RIP协议的配置(Boson NetSim)
- Cisco路由器安全配置必用10条命令
- Cisco路由器安全配置必用10条
- Cisco 路由器 OSPF 协议配置
- Cisco路由器安全配置
- Cisco 路由器上的RIP偏移列表配置
- Cisco路由器安全配置必用10条命令
- Cisco路由器的安全配置简易方案
- Cisco路由器安全配置简易方案
- Cisco路由器安全配置必用10条命令
- Cisco路由器安全配置必用10条命令
- Cisco路由器访问控制的安全配置
- Cisco路由器安全配置必用的10条命令
- Cisco路由器的安全配置
- Cisco路由器安全配置必用10条命令
- CISCO路由器安全配置