RIPV2的认证分为明文(text)和MD5两种,当然一种是不加密,一种是加密的,RIPV2默认是明文,不加密的。
实验目的:掌握RIPV2明文和MD5的配置规则
RIPV2的触发更新
拓扑:
拓扑和前面的几个实验是一样的,这其中各个路由的基本配置,ip ,和RIPV2 配置都在实验3中具体配置过,故不在重复配置!好,下面我们开始实验:
R1:
1#co
*Nov 8 19:54:36.310: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#key chain test \\配置钥匙链
R1(config-keychain)#key 1 \\配置 KEY ID
R1(config-keychain-key)#key-string ccna \\配置KEY 的密匙
R1(config-keychain-key)#^Z
R1#
*Nov 8 19:55:06.678: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#ip rip auth mode text \\启动明文认证(默认)可以不配置
R1(config-if)#ip rip auth key-chain test \\在接口上调用钥匙链
*Nov 8 19:54:36.310: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#key chain test \\配置钥匙链
R1(config-keychain)#key 1 \\配置 KEY ID
R1(config-keychain-key)#key-string ccna \\配置KEY 的密匙
R1(config-keychain-key)#^Z
R1#
*Nov 8 19:55:06.678: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#ip rip auth mode text \\启动明文认证(默认)可以不配置
R1(config-if)#ip rip auth key-chain test \\在接口上调用钥匙链
R1(config-if)#ip rip trig \\在接口上启用触发更新
R1(config-if)#^Z
R1#
*Nov 8 19:55:50.998: %SYS-5-CONFIG_I: Configured from console by console
R1#
R1(config-if)#^Z
R1#
*Nov 8 19:55:50.998: %SYS-5-CONFIG_I: Configured from console by console
R1#
配置R2之前我们看下R2现在的路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:42, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:42, Serial1/1
看到R2现在的路由表中没有R1的信息,知道什么原因吗?ok !原因就是R1上采用了明文认证,而R2上没有启用,(说明下有的人问为什么看不到R3 和R4 在这里为了给大家看清楚我把R3 R4 先停下等会开启,但对实验是没有影响的)下面我们在R2上用认证:
R2:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string ccna
R2(config-keychain-key)#^Z
R2#
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#key chain test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string ccna
R2(config-keychain-key)#^Z
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s1/0
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#ip rip auth key-chain test
R2(config-if)#ip rip trig
R2(config-if)#ip rip trig
这时我们查看下R2的路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.0.1, 00:00:08, Serial1/0
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:01:47, Serial1/1
R 1.1.1.0 [120/1] via 192.168.0.1, 00:00:08, Serial1/0
C 192.168.0.0/24 is directly connected, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:01:47, Serial1/1
输出结果我们可以看到R2上的认证和R1是匹配的,因此R2路由中学习到了R1的路由信息。
分别配置R3 R4:
R3:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#key chain test
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ccna
R3(config-keychain-key)#^Z
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#key chain test
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ccna
R3(config-keychain-key)#^Z
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int s1/1
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int s1/1
R3(config-if)#ip rip auth key-chain test
R3(config-if)#ip rip trig
R3(config-if)#ip rip trig
R3(config)#int s1/0
R3(config-if)#ip rip auth key-chain test
R3(config-if)#ip rip trig
R3(config-if)#ip rip trig
R3(config-if)#
=========================
R4:
R4#conf t
R4(config)#key chain
R4(config)#key chain test
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string ccna
R4(config-keychain-key)#^Z
R4#conf t
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string ccna
R4(config-keychain-key)#^Z
R4#conf t
R4(config)#int s1/0
R4(config-if)#ip rip auth key-chain test
R4(config-if)#^Z
R4(config-if)#^Z
ok!四个路由都配置好了!下面我们来调试!
查看R3的路由表:
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.1.1, 01:09:15, Serial1/0
2.0.0.0/21 is subnetted, 1 subnets
R 2.2.0.0 [120/1] via 192.168.2.2, 00:00:13, Serial1/1
R 192.168.0.0/24 [120/1] via 192.168.1.1, 01:09:15, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, Serial1/1
R3#
R 1.1.1.0 [120/2] via 192.168.1.1, 01:09:15, Serial1/0
2.0.0.0/21 is subnetted, 1 subnets
R 2.2.0.0 [120/1] via 192.168.2.2, 00:00:13, Serial1/1
R 192.168.0.0/24 [120/1] via 192.168.1.1, 01:09:15, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, Serial1/1
R3#
查看R3上的ip路由协议配置和统计信息:
R3#show protocols
Global values:
Internet Protocol routing is enabled
FastEthernet0/0 is administratively down, line protocol is down
Serial1/0 is up, line protocol is up
Internet address is 192.168.1.2/24
Serial1/1 is up, line protocol is up
Internet address is 192.168.2.1/24
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
R3#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 0, flushed after 240 \\触发更新hold down 自动为0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 Yes test
Serial1/1 2 2 Yes test //说明启用了s1/0 s1/1启用了认证和触发更新
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:06
192.168.1.1 120 01:11:29
Distance: (default is 120)
Global values:
Internet Protocol routing is enabled
FastEthernet0/0 is administratively down, line protocol is down
Serial1/0 is up, line protocol is up
Internet address is 192.168.1.2/24
Serial1/1 is up, line protocol is up
Internet address is 192.168.2.1/24
Serial1/2 is administratively down, line protocol is down
Serial1/3 is administratively down, line protocol is down
R3#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 0, flushed after 240 \\触发更新hold down 自动为0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2 Yes test
Serial1/1 2 2 Yes test //说明启用了s1/0 s1/1启用了认证和触发更新
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:06
192.168.1.1 120 01:11:29
Distance: (default is 120)
R3#
使用‘debug ip rip“ 命令查看路由更新过程:
R3:
R3#debug ip rip
R3#clear ip route *
R3#
*Nov 8 22:46:35.641: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.645: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.657: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.661: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.665: RIP: send v2 triggered flush update to 192.168.1.1 on Serial1/0 with no route
*Nov 8 22:46:35.665: RIP: start retransmit timer of 192.168.1.1
*Nov 8 22:46:35.669: RIP: send v2 triggered flush update to 192.168.2.2 on Serial1/1 with no route
*Nov 8 22:46:35.673: RIP: start retransmit timer of 192.168.2.2
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.673:
R3#RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 4
*Nov 8 22:46:35.673: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.673: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.673: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 3
*Nov 8 22:46:35.677: 2.2.0.0/21 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 5
*Nov 8 22:46:35.681: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.681: RIP: received packet with text authenticati
R3#on ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 4
*Nov 8 22:46:35.641: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.645: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.649: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.657: RIP: sending triggered request on Serial1/0 to 224.0.0.9
*Nov 8 22:46:35.661: RIP: sending triggered request on Serial1/1 to 224.0.0.9
*Nov 8 22:46:35.665: RIP: send v2 triggered flush update to 192.168.1.1 on Serial1/0 with no route
*Nov 8 22:46:35.665: RIP: start retransmit timer of 192.168.1.1
*Nov 8 22:46:35.669: RIP: send v2 triggered flush update to 192.168.2.2 on Serial1/1 with no route
*Nov 8 22:46:35.673: RIP: start retransmit timer of 192.168.2.2
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.673:
R3#RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 4
*Nov 8 22:46:35.673: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.673: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.673: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.673: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.673: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 3
*Nov 8 22:46:35.677: 2.2.0.0/21 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: RIP: received packet with text authentication ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.1.1 on Serial1/0
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.1.1 via Serial1/0 (192.168.1.2),
flush, seq# 5
*Nov 8 22:46:35.681: 192.168.0.0/24 via 0.0.0.0 in 1 hops
*Nov 8 22:46:35.681: 1.1.1.0/24 via 0.0.0.0 in 2 hops
*Nov 8 22:46:35.681: RIP: received packet with text authenticati
R3#on ccna
*Nov 8 22:46:35.681: RIP: received v2 triggered update from 192.168.2.2 on Serial1/1
*Nov 8 22:46:35.681: RIP: sending v2 ack to 192.168.2.2 via Serial1/1 (192.168.2.1),
flush, seq# 4
呵呵!看到没我们"debug ip rip“,后面加了个命令“clear ip route *”清除路由表.注意这是一个事件,按道理路由会每30秒更新一次,但我们这里采用了触发更新,并有个清除路由表事件,因此当“clear ip route *”命令执行后路由马上更新,不信可以试下哦!速度还很快的!同时在看路由更新过程中带有“triggered” “text authentication” 字样,证明接口s1/0 s1/1 启用了触发更新和明文认证。
我们再来查看下RIP的数据库:
R3#show ip rip database
1.0.0.0/8 auto-summary
1.1.1.0/24
[2] via 192.168.1.1, 00:12:41 (permanent), Serial1/0
* Triggered Routes:
- [2] via 192.168.1.1, Serial1/0
2.0.0.0/8 auto-summary
2.2.0.0/21
[1] via 192.168.2.2, 00:12:41 (permanent), Serial1/1
* Triggered Routes:
- [1] via 192.168.2.2, Serial1/1
192.168.0.0/24 auto-summary
192.168.0.0/24
[1] via 192.168.1.1, 00:12:41 (permanent), Serial1/0
* Triggered Routes:
- [1] via 192.168.1.1, Serial1/0
192.168.1.0/24 auto-summary
192.168.1.0/24 directly connected, Serial1/0
192.168.2.0/24 auto-summary
192.168.2.0/24 directly connected, Serial1/1
R3#
怎么样看到没!再次验证了s1/1 s1/0 启用了触发更新.
这时我们来看下他的hold down 时间:
R3#show run | begin router rip
router rip
version 2
timers basic 30 180 0 240 \\由于是触发更新,因此在配置中自动加入了这行,且定义"hold down " 时间我0.
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
no ip http server
router rip
version 2
timers basic 30 180 0 240 \\由于是触发更新,因此在配置中自动加入了这行,且定义"hold down " 时间我0.
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip classless
no ip http server
===================================
关于md5 认证试验这里我就不做了,因为只需要在接口认证模式下定义为MD5(将text改为MD5)就ok 了!其他的都是一样的!大家可以自己去试验下哦!
好了试验到这结束!欢迎大家指出不足处!谢谢!
