取消
显示结果 
搜索替代 
您的意思是: 
cancel
548
查看次数
0
有帮助
0
评论
碧云天
Spotlight
Spotlight
一.测试拓扑

214653hmjfm88osuajziwv.png

测试总结:

1.明文认证
  • 明文认证不会比较钥匙链中的Key-ID,报文中也没有Key-ID
  • 发送的时候,只会以钥匙链中编号最小的key-string发送
  • 接收的时候,会从钥匙链中逐个比对,有相同的key-string认证通过
2.密文认证
  • 密文认证报文中会有Key-ID
  • 双方发送的时候都是以钥匙链中最小的Key ID发送的
  • 接收的时候如果双方的最小Key-ID相同,并且Key-String也相同,认证通过
  • 接收的时候,如果对方的Key-ID小于自身钥匙链中最小Key-ID,但是他们的Key-String是相同的,认证通过,
  • 接收的时候,如果对方的Key-ID大于自身钥匙链中最小Key-ID,那就需要自身钥匙链中有与对方key-ID和key-string相同的钥匙,否则认证失败。
二.基本配置
1.R1路由器

hostname R1
interface Loopback0
    ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
    ip address 12.1.1.1 255.255.255.0
    no shutdown
router rip
    version 2
    network 1.0.0.0
    network 12.0.0.0
    no auto-summary
2.R2路由器
hostname R2
interface Loopback0
    ip address 2.2.2.2 255.255.255.0
interface FastEthernet0/0
    ip address 12.1.1.2 255.255.255.0
    no shutdown
router rip
    version 2
    network 2.0.0.0
    network 12.0.0.0
    no auto-summary
三.测试明文认证
1.双方钥匙链最小Key-ID不同,但最小Key-ID的Key-String相同
①R1路由器

key chain R1
    key 1
      key-string Cisc0123
    key 2
      key-string 123
interface FastEthernet0/0
     ip rip authentication key-chain R1
    ip rip authentication mode text
②R2路由器
key chain R2
    key 10
      key-string Cisc0123
    key 11
      key-string 345
interface FastEthernet0/0
     ip rip authentication key-chain R2
    ip rip authentication mode text
③R1路由器debug可以看到对方的明文密码,并且没有拒绝
R1#debug ip rip
RIP protocol debugging is on
R1#
*Feb  3 12:56:59.171: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.1.1.1)
*Feb  3 12:56:59.171: RIP: build update entries
*Feb  3 12:56:59.171:   1.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 12:57:08.919: RIP: received packet with text authentication Cisc0123
*Feb  3 12:57:08.919: RIP: received v2 update from 12.1.1.2 on FastEthernet0/0
*Feb  3 12:57:08.923:      2.2.2.0/24 via 0.0.0.0 in 1 hops
*Feb  3 12:57:18.379: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Feb  3 12:57:18.379: RIP: build update entries
*Feb  3 12:57:18.379:   2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Feb  3 12:57:18.379:   12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 12:57:18.379: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses)
④R1路由器清除路由表,依然能够通过RIP获取到R2上的路由
R1#clear ip route *
R1#show ip route rip | begin Gate
Gateway of last resort is not set

      2.0.0.0/24 is subnetted, 1 subnets
R        2.2.2.0 [120/1] via 12.1.1.2, 00:00:17, FastEthernet0/0
R1#
2.双方钥匙链最小Key-ID不同,并且最小Key-ID的Key-String也不同,但是后续Key-ID有与对方最小Key-ID的Key-String相同的
①R1路由器
key chain R1
    key 1
      key-string 123
    key 2
      key-string Cisc0123
interface FastEthernet0/0
     ip rip authentication key-chain R1
    ip rip authentication mode text
②R2路由器
key chain R2
    key 10
      key-string Cisc0123
    key 11
      key-string 123
interface FastEthernet0/0
     ip rip authentication key-chain R2
    ip rip authentication mode text
③R1路由器debug可以看到对方的明文密码,并且没有拒绝
R1#debug ip rip
RIP protocol debugging is on
*Feb  3 13:03:55.955: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.1.1.1)
*Feb  3 13:03:55.955: RIP: build update entries
*Feb  3 13:03:55.955:   1.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:03:56.839: RIP: received packet with text authentication Cisc0123
*Feb  3 13:03:56.839: RIP: received v2 update from 12.1.1.2 on FastEthernet0/0
*Feb  3 13:03:56.839:      2.2.2.0/24 via 0.0.0.0 in 1 hops
*Feb  3 13:04:07.931: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Feb  3 13:04:07.931: RIP: build update entries
*Feb  3 13:04:07.931:   2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Feb  3 13:04:07.931:   12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 12:57:18.379: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses)
④R2路由器debug可以看到对方的明文密码是不一样的,并且没有拒绝
R2#debug ip rip
RIP protocol debugging is on
R2#
*Feb  3 13:05:47.711: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.1.1.2)
*Feb  3 13:05:47.711: RIP: build update entries
*Feb  3 13:05:47.711:   2.2.2.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:05:49.635: RIP: received packet with text authentication 123
*Feb  3 13:05:49.639: RIP: received v2 update from 12.1.1.1 on FastEthernet0/0
*Feb  3 13:05:49.639:      1.1.1.0/24 via 0.0.0.0 in 1 hops
⑤R1路由器清除路由表,依然能够通过RIP获取到R2上的路由
R1#clear ip route *
R1#show ip route rip | begin Gate
Gateway of last resort is not set

      2.0.0.0/24 is subnetted, 1 subnets
R        2.2.2.0 [120/1] via 12.1.1.2, 00:00:06, FastEthernet0/0
R1#
四.测试密文认证
1.双方钥匙链最小Key-ID不同,但最小Key-ID的Key-String相同
①R1路由器

key chain R1
    key 1
      key-string Cisc0123
    key 2
      key-string 123
interface FastEthernet0/0
     ip rip authentication key-chain R1
    ip rip authentication mode md5
②R2路由器
key chain R2
    key 10
      key-string Cisc0123
    key 11
      key-string 345
interface FastEthernet0/0
     ip rip authentication key-chain R2
    ip rip authentication mode md5
③R1路由器debug可以看到对方采用MD5认证,但是拒绝了
R1(config-if)#
R1(config-if)#
*Feb  3 13:29:45.195: RIP: sending v2 update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Feb  3 13:29:45.195: RIP: build update entries
*Feb  3 13:29:45.195:   2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Feb  3 13:29:45.195:   12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:29:45.195: RIP: ignored v2 packet from 1.1.1.1 (sourced from one of our addresses)
*Feb  3 13:29:50.267: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.1.1.1)
*Feb  3 13:29:50.267: RIP: build update entries
*Feb  3 13:29:50.267:   1.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:30:01.391: RIP: received packet with MD5 authentication
*Feb  3 13:30:01.391: RIP: ignored v2 packet from 12.1.1.2 (invalid authentication)
④但是从R1路由器debug可以看到并且没有拒绝
R2#debug ip rip
RIP protocol debugging is on
*Feb  3 13:29:08.803: RIP: received packet with MD5 authentication
*Feb  3 13:29:08.803: RIP: received v2 update from 12.1.1.1 on FastEthernet0/0
*Feb  3 13:29:08.803:      1.1.1.0/24 via 0.0.0.0 in 1 hops
*Feb  3 13:29:20.031: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Feb  3 13:29:20.031: RIP: build update entries
*Feb  3 13:29:20.031:   1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
*Feb  3 13:29:20.031:   12.1.1.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:29:20.031: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
*Feb  3 13:29:21.043: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.1.1.2)
*Feb  3 13:29:21.043: RIP: build update entries
*Feb  3 13:29:21.043:   2.2.2.0/24 via 0.0.0.0, metric 1, tag 0
*Feb  3 13:29:35.119: RIP: received packet with MD5 authentication
*Feb  3 13:29:35.119: RIP: received v2 update from 12.1.1.1 on FastEthernet0/0
*Feb  3 13:29:35.119:      1.1.1.0/24 via 0.0.0.0 in 1 hops
⑤R2路由器可以通过rip学习到路由
R2#clear ip route *
R2#show ip route
R2#show ip route rip | begin Gate
Gateway of last resort is not set

      1.0.0.0/24 is subnetted, 1 subnets
R        1.1.1.0 [120/1] via 12.1.1.1, 00:00:03, FastEthernet0/0
R2#

2.R1添加对方最小key-id相同的密钥
①R1路由器
key chain R1
    key 1
      key-string Cisc0123
    key 2
      key-string 123
    key 10
      key-string Cisc0123
②通过debug日志可以看到R1现在能正常接收RIP报文
R1#debug ip rip
RIP protocol debugging is on
*Feb  3 13:40:14.171: RIP: received packet with MD5 authentication
*Feb  3 13:40:14.171: RIP: received v2 update from 12.1.1.2 on FastEthernet0/0
*Feb  3 13:40:14.171:      2.2.2.0/24 via 0.0.0.0 in 1 hops
*Feb  3 13:40:16.175: RIP: sending v2 flash update to 224.0.0.9 via Loopback0 (1.1.1.1)
*Feb  3 13:40:16.175: RIP: build flash update entries
*Feb  3 13:40:16.175:   2.2.2.0/24 via 0.0.0.0, metric 2, tag 0
③R1路由器清除路由表,依然能够通过RIP获取到R2上的路由
R1#clear ip route *
R1#show ip route rip | begin Gate
Gateway of last resort is not set

      2.0.0.0/24 is subnetted, 1 subnets
R        2.2.2.0 [120/1] via 12.1.1.2, 00:00:10, FastEthernet0/0

R1#show ip route rip | begin Gate
Gateway of last resort is not set

      2.0.0.0/24 is subnetted, 1 subnets
R        2.2.2.0 [120/1] via 12.1.1.2, 00:00:10, FastEthernet0/0
R1#
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区: