RIPV2的認證分為明文(text)和MD5兩種,當然一種是不加密,一種是加密的,RIPV2默認是明文,不加密的。
實驗目的:掌握RIPV2明文和MD5的配置規(guī)則
RIPV2的觸發(fā)更新
拓撲:
拓撲和前面的幾個實驗是一樣的,這其中各個路由的基本配置,ip ,和RIPV2 配置都在實驗3中具體配置過,故不在重復配置!好,下面我們開始實驗:
R1:
1#co
*Nov 8 19:54:36.310: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#key chain test \\配置鑰匙鏈
R1(config-keychain)#key 1 \\配置 KEY ID
R1(config-keychain-key)#key-string ccna \\配置KEY 的密匙
R1(config-keychain-key)#^Z
R1#
*Nov 8 19:55:06.678: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#ip rip auth mode text \\啟動明文認證(默認)可以不配置
R1(config-if)#ip rip auth key-chain test \\在接口上調(diào)用鑰匙鏈
*Nov 8 19:54:36.310: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#key chain test \\配置鑰匙鏈
R1(config-keychain)#key 1 \\配置 KEY ID
R1(config-keychain-key)#key-string ccna \\配置KEY 的密匙
R1(config-keychain-key)#^Z
R1#
*Nov 8 19:55:06.678: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#ip rip auth mode text \\啟動明文認證(默認)可以不配置
R1(config-if)#ip rip auth key-chain test \\在接口上調(diào)用鑰匙鏈
R1(config-if)#ip rip trig \\在接口上啟用觸發(fā)更新
R1(config-if)#^Z
R1#
*Nov 8 19:55:50.998: %SYS-5-CONFIG_I: Configured from console by console
R1#
R1(config-if)#^Z
R1#
*Nov 8 19:55:50.998: %SYS-5-CONFIG_I: Configured from console by console
R1#
配置R2之前我們看下R2現(xiàn)在的路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:42, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:42, Serial1/1
看到R2現(xiàn)在的路由表中沒有R1的信息,知道什么原因嗎?ok !原因就是R1上采用了明文認證,而R2上沒有啟用,(說明下有的人問為什么看不到R3 和R4 在這里為了給大家看清楚我把R3 R4 先停下等會開啟,但對實驗是沒有影響的)下面我們在R2上用認證:
R2:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string ccna
R2(config-keychain-key)#^Z
R2#
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string ccna
R2(config-keychain-key)#^Z
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s1/0
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#ip rip auth key-chain test
R2(config-if)#ip rip trig
R2(config-if)#ip rip trig
這時我們查看下R2的路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.0.1, 00:00:08, Serial1/0
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:01:47, Serial1/1
R 1.1.1.0 [120/1] via 192.168.0.1, 00:00:08, Serial1/0
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:01:47, Serial1/1
輸出結(jié)果我們可以看到R2上的認證和R1是匹配的,因此R2路由中學習到了R1的路由信息。
分別配置R3 R4:
R3:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#key chain test
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ccna
R3(config-keychain-key)#^Z
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#key chain test
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ccna
R3(config-keychain-key)#^Z
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int s1/1
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int s1/1
R3(config-if)#ip rip auth key-chain test
R3(config-if)#ip rip trig
R3(config-if)#ip rip trig
R3(config)#int s1/0
R3(config-if)#ip rip auth key-chain test
R3(config-if)#ip rip trig
R3(config-if)#ip rip trig
R3(config-if)#
=========================
R4:
R4#conf t
R4(config)#key chain
R4(config)#key chain test
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string ccna
R4(config-keychain-key)#^Z
R4#conf t
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string ccna
R4(config-keychain-key)#^Z
R4#conf t
R4(config)#int s1/0
R4(config-if)#ip rip auth key-chain test
R4(config-if)#^Z
R4(config-if)#^Z
ok!四個路由都配置好了!下面我們來調(diào)試!
查看R3的路由表:
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.1.1, 01:09:15, Serial1/0
2.0.0.0/21 is subnetted, 1 subnets
R 2.2.0.0 [120/1] via 192.168.2.2, 00:00:13, Serial1/1
R 192.168.0.0/24 [120/1] via 192.168.1.1, 01:09:15, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, Serial1/1
R3#
R 1.1.1.0 [120/2] via 192.168.1.1, 01:09:15, Serial1/0
2.0.0.0/21 is subnetted, 1 subnets
R 2.2.0.0 [120/1] via 192.168.2.2, 00:00:13, Serial1/1
R 192.168.0.0/24 [120/1] via 192.168.1.1, 01:09:15, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, Serial1/1
R3#
查看R3上的ip路由協(xié)議配置和統(tǒng)計信息:
R3#show protocols
Global values:
Internet Protocol routing is enabled
FastEthernet0/0 is administratively down, line protocol is down
Serial1/0 is up, line protocol is up
Internet address is 192.168.1.2/24
Serial1/1 is up, line protocol is up
Internet address is 192.168.2.1/24
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
R3#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 0, flushed after 240 \\觸發(fā)更新hold down 自動為0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 Yes test
Serial1/1 2 2 Yes test //說明啟用了s1/0 s1/1啟用了認證和觸發(fā)更新
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:06
192.168.1.1 120 01:11:29
Distance: (default is 120)
Global values:
Internet Protocol routing is enabled
FastEthernet0/0 is administratively down, line protocol is down
Serial1/0 is up, line protocol is up
Internet address is 192.168.1.2/24
Serial1/1 is up, line protocol is up
Internet address is 192.168.2.1/24
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
R3#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 0, flushed after 240 \\觸發(fā)更新hold down 自動為0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 Yes test
Serial1/1 2 2 Yes test //說明啟用了s1/0 s1/1啟用了認證和觸發(fā)更新
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:06
192.168.1.1 120 01:11:29
Distance: (default is 120)
R3#
使用‘debug ip rip“ 命令查看路由更新過程:
R3:
R3#debug ip rip
R3#clear ip route *
R3#
*Nov 8 22:46:35.641: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.645: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.657: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.661: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.665: RIP: send v2 triggered flush update to 192.168.1.1 on Serial1/0 with no route
*Nov 8 22:46:35.665: RIP: start retransmit timer of 192.168.1.1
*Nov 8 22:46:35.669: RIP: send v2 triggered flush update to 192.168.2.2 on Serial1/1 with no route
*Nov 8 22:46:35.673: RIP: start retransmit timer of 192.168.2.2
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.673:
R3#RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 4
*Nov 8 22:46:35.673: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.673: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.673: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 3
*Nov 8 22:46:35.677: 2.2.0.0/21 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 5
*Nov 8 22:46:35.681: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.681: RIP: received packet with text authenticati
R3#on ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 4
*Nov 8 22:46:35.641: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.645: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.657: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.661: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.665: RIP: send v2 triggered flush update to 192.168.1.1 on Serial1/0 with no route
*Nov 8 22:46:35.665: RIP: start retransmit timer of 192.168.1.1
*Nov 8 22:46:35.669: RIP: send v2 triggered flush update to 192.168.2.2 on Serial1/1 with no route
*Nov 8 22:46:35.673: RIP: start retransmit timer of 192.168.2.2
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.673:
R3#RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 4
*Nov 8 22:46:35.673: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.673: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.673: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 3
*Nov 8 22:46:35.677: 2.2.0.0/21 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 5
*Nov 8 22:46:35.681: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.681: RIP: received packet with text authenticati
R3#on ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 4
呵呵!看到?jīng)]我們"debug ip rip“,后面加了個命令“clear ip route *”清除路由表.注意這是一個事件,按道理路由會每30秒更新一次,但我們這里采用了觸發(fā)更新,并有個清除路由表事件,因此當“clear ip route *”命令執(zhí)行后路由馬上更新,不信可以試下哦!速度還很快的!同時在看路由更新過程中帶有“triggered” “text authentication” 字樣,證明接口s1/0 s1/1 啟用了觸發(fā)更新和明文認證。
我們再來查看下RIP的數(shù)據(jù)庫:
R3#show ip rip database
1.0.0.0/8 auto-summary
1.1.1.0/24
[2] via 192.168.1.1, 00:12:41 (permanent), Serial1/0
* Triggered Routes:
- [2] via 192.168.1.1, Serial1/0
2.0.0.0/8 auto-summary
2.2.0.0/21
[1] via 192.168.2.2, 00:12:41 (permanent), Serial1/1
* Triggered Routes:
- [1] via 192.168.2.2, Serial1/1
192.168.0.0/24 auto-summary
192.168.0.0/24
[1] via 192.168.1.1, 00:12:41 (permanent), Serial1/0
* Triggered Routes:
- [1] via 192.168.1.1, Serial1/0
192.168.1.0/24 auto-summary
192.168.1.0/24 directly connected, Serial1/0
192.168.2.0/24 auto-summary
192.168.2.0/24 directly connected, Serial1/1
R3#
怎么樣看到?jīng)]!再次驗證了s1/1 s1/0 啟用了觸發(fā)更新.
這時我們來看下他的hold down 時間:
R3#show run | begin router rip
router rip
version 2
timers basic 30 180 0 240 \\由于是觸發(fā)更新,因此在配置中自動加入了這行,且定義"hold down " 時間我0.
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
no ip http server
router rip
version 2
timers basic 30 180 0 240 \\由于是觸發(fā)更新,因此在配置中自動加入了這行,且定義"hold down " 時間我0.
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
no ip http server
===================================
關于md5 認證試驗這里我就不做了,因為只需要在接口認證模式下定義為MD5(將text改為MD5)就ok 了!其他的都是一樣的!大家可以自己去試驗下哦!
好了試驗到這結(jié)束!歡迎大家指出不足處!謝謝!
