比较RIP,EIGRP,OSPF的认证
2010-04-17 09:02
411 查看
实验目的:
比较RIP,EIGRP,OSPF的认证
实验拓扑:
实验步骤:
RIP的认证:
Step1:在全局模式,配置KEY-CHAIN:
key chain ccnp//定义钥匙链
key 1
key-string cisco //钥匙链上的钥匙,也即是密码。
step2:在接口中,调用key chain:
R1(config-if)#ip rip authentication key-chain CCNP //调用钥匙链
Step3:在接口中,选择认证类型:(明文/密文)
R1 (config-if)#ip rip authentication mode text (明文)(默认的,可以不打这条命令)
R1 (config-if)#ip rip authentication mode md5 (密文)
明文认证方式:
R1:配置
key chain ccie
key 1
key-string cisco
interface Serial1/1
ip address 192.168.12.1 255.255.255.0
ip rip authentication key-chain ccie
ip rip authentication mode text //系统默认
serial restart-delay 0
只配置一方时,会提示一下错误:
*Jun 4 10:16:39.031: RIP: ignored v2 packet from 192.168.12.2 (invalid authentication)
MD5认证方式:
R2:配置
key chain ccie
key 1
key-string cisco
interface Serial1/1
ip address 192.168.12.2 255.255.255.0
ip rip authentication key-chain ccie
ip rip authentication mode md5
serial restart-delay 0
R2#show ip route rip
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/1] via 192.168.12.1, 00:00:03, Serial1/0
不知道为什么在debug信息中看不出来认证信息。
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 8 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 ccie
Loopback0 2 2
Loopback2 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
2.0.0.0
22.0.0.0
192.168.12.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.1 120 00:00:17
Distance: (default is 120)
EIGRP 的认证方式:(只支持MD5认证)
R1#show run int s1/1
Building configuration...
Current configuration : 168 bytes
!
interface Serial1/1
ip address 192.168.12.1 255.255.255.0
ip authentication mode eigrp 1 md5 //注意与RIP的命令不一样
ip authentication key-chain eigrp 1 ccie
serial restart-delay 0
end
debug ip eigrp notifications
R2(config-router)#
*Jun 4 10:29:43.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency
R2(config-router)#
*Jun 4 10:31:07.435: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Interface Goodbye received
R2(config-router)#
*Jun 4 10:31:11.991: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency
R2(config-router)#
*Jun 4 10:31:33.775: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Auth failure
R2配置完毕后,R1的调试信息:
R1#debug ip eigrp notifications
IP-EIGRP Event notification debugging is on
R1#
*Jun 4 10:36:43.663: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (Serial1/1) is up: new adjacency
OSPF认证方式:
共有3中认证方式:
1.无认证(默认)
2.明文认证
3.MD5认证
R2:明文认证:
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
ip ospf authentication-key ccie
serial restart-delay 0
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication
配置完后就会提示如下信息:
2#
*Jun 4 10:43:32.083: %SYS-5-CONFIG_I: Configured from console by console
R2#
*Jun 4 10:43:32.391: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1
R2#
*Jun 4 10:43:38.903: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.2
R2#
*Jun 4 10:43:42.359: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1
密文认证:
只改了R2的配置
R2(config-if)#
*Jun 4 10:49:12.331: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication message-digest
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
比较RIP,EIGRP,OSPF的认证
实验拓扑:
实验步骤:
RIP的认证:
Step1:在全局模式,配置KEY-CHAIN:
key chain ccnp//定义钥匙链
key 1
key-string cisco //钥匙链上的钥匙,也即是密码。
step2:在接口中,调用key chain:
R1(config-if)#ip rip authentication key-chain CCNP //调用钥匙链
Step3:在接口中,选择认证类型:(明文/密文)
R1 (config-if)#ip rip authentication mode text (明文)(默认的,可以不打这条命令)
R1 (config-if)#ip rip authentication mode md5 (密文)
明文认证方式:
R1:配置
key chain ccie
key 1
key-string cisco
interface Serial1/1
ip address 192.168.12.1 255.255.255.0
ip rip authentication key-chain ccie
ip rip authentication mode text //系统默认
serial restart-delay 0
只配置一方时,会提示一下错误:
*Jun 4 10:16:39.031: RIP: ignored v2 packet from 192.168.12.2 (invalid authentication)
MD5认证方式:
R2:配置
key chain ccie
key 1
key-string cisco
interface Serial1/1
ip address 192.168.12.2 255.255.255.0
ip rip authentication key-chain ccie
ip rip authentication mode md5
serial restart-delay 0
R2#show ip route rip
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/1] via 192.168.12.1, 00:00:03, Serial1/0
不知道为什么在debug信息中看不出来认证信息。
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 8 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 ccie
Loopback0 2 2
Loopback2 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
2.0.0.0
22.0.0.0
192.168.12.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.1 120 00:00:17
Distance: (default is 120)
EIGRP 的认证方式:(只支持MD5认证)
R1#show run int s1/1
Building configuration...
Current configuration : 168 bytes
!
interface Serial1/1
ip address 192.168.12.1 255.255.255.0
ip authentication mode eigrp 1 md5 //注意与RIP的命令不一样
ip authentication key-chain eigrp 1 ccie
serial restart-delay 0
end
debug ip eigrp notifications
R2(config-router)#
*Jun 4 10:29:43.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency
R2(config-router)#
*Jun 4 10:31:07.435: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Interface Goodbye received
R2(config-router)#
*Jun 4 10:31:11.991: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency
R2(config-router)#
*Jun 4 10:31:33.775: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Auth failure
R2配置完毕后,R1的调试信息:
R1#debug ip eigrp notifications
IP-EIGRP Event notification debugging is on
R1#
*Jun 4 10:36:43.663: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (Serial1/1) is up: new adjacency
OSPF认证方式:
共有3中认证方式:
1.无认证(默认)
2.明文认证
3.MD5认证
R2:明文认证:
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
ip ospf authentication-key ccie
serial restart-delay 0
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication
配置完后就会提示如下信息:
2#
*Jun 4 10:43:32.083: %SYS-5-CONFIG_I: Configured from console by console
R2#
*Jun 4 10:43:32.391: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1
R2#
*Jun 4 10:43:38.903: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.2
R2#
*Jun 4 10:43:42.359: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1
密文认证:
只改了R2的配置
R2(config-if)#
*Jun 4 10:49:12.331: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication message-digest
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
相关文章推荐
- rip、eigrp、ospf应用比较
- ospf与eigrp和rip的比较
- OSPF与EIGRP的比较
- OSPF与EIGRP的比较
- RIP、 OSPF、 EIGRP的区别
- EIGRP-RIP-OSPF重分布实验
- RIP, OSPF, EIGRP在网络中的再分发 推荐
- OSPF, EIGRP, 和RIP 在帧中继上邻居经常抖动的问题
- 静态、rip、eigrp与ospf路由重发布
- 路由协议 RIP、IGRP、OSPF和EIGRP 的对比
- 被动接口在rip,eigrp,ospf中的应用
- RIP,OSPF,EIGRP
- rip eigrp ospf
- 动态路由协议OSPF,RIP,EIGRP对比
- 路由协议RIP、EIGRP、OSPF
- RIP-OSPF-EIGRP 相互再发布
- CCNA第四天实验(rip,eigrp,ospf)
- 明明白白 OSPF与EIGRP的比较
- RIP,EIGRP,OSPF融合网络互通实验(原创)
- rip,ospf,eigrp内部网关协议的区别与用法