比较RIP,EIGRP,OSPF的认证

实验目的：

比较RIP,EIGRP,OSPF的认证

实验拓扑：

实验步骤：

RIP的认证：

Step1:在全局模式,配置KEY-CHAIN:

key chain ccnp//定义钥匙链

key 1

key-string cisco //钥匙链上的钥匙，也即是密码。

step2:在接口中,调用key chain:

R1(config-if)#ip rip authentication key-chain CCNP //调用钥匙链

Step3:在接口中,选择认证类型:(明文/密文)

R1 (config-if)#ip rip authentication mode text (明文)(默认的,可以不打这条命令)

R1 (config-if)#ip rip authentication mode md5 (密文)

明文认证方式：

R1：配置

key chain ccie

key 1

key-string cisco

interface Serial1/1

ip address 192.168.12.1 255.255.255.0

ip rip authentication key-chain ccie

ip rip authentication mode text //系统默认

serial restart-delay 0

只配置一方时，会提示一下错误：

*Jun 4 10:16:39.031: RIP: ignored v2 packet from 192.168.12.2 (invalid authentication)

MD5认证方式：

R2：配置

key chain ccie

key 1

key-string cisco

interface Serial1/1

ip address 192.168.12.2 255.255.255.0

ip rip authentication key-chain ccie

ip rip authentication mode md5

serial restart-delay 0

R2#show ip route rip

1.0.0.0/32 is subnetted, 1 subnets

R 1.1.1.1 [120/1] via 192.168.12.1, 00:00:03, Serial1/0

不知道为什么在debug信息中看不出来认证信息。

R2#show ip protocols

Routing Protocol is "rip"

Sending updates every 30 seconds, next due in 8 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Redistributing: rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

Serial1/0 2 2 ccie

Loopback0 2 2

Loopback2 2 2

Automatic network summarization is not in effect

Maximum path: 4

Routing for Networks:

2.0.0.0

22.0.0.0

192.168.12.0

Routing Information Sources:

Gateway Distance Last Update

192.168.12.1 120 00:00:17

Distance: (default is 120)

EIGRP 的认证方式：（只支持MD5认证）

R1#show run int s1/1

Building configuration...

Current configuration : 168 bytes

!

interface Serial1/1

ip address 192.168.12.1 255.255.255.0

ip authentication mode eigrp 1 md5 //注意与RIP的命令不一样

ip authentication key-chain eigrp 1 ccie

serial restart-delay 0

end

debug ip eigrp notifications

R2(config-router)#

*Jun 4 10:29:43.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency

R2(config-router)#

*Jun 4 10:31:07.435: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Interface Goodbye received

R2(config-router)#

*Jun 4 10:31:11.991: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is up: new adjacency

R2(config-router)#

*Jun 4 10:31:33.775: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (Serial1/0) is down: Auth failure

R2配置完毕后，R1的调试信息：

R1#debug ip eigrp notifications

IP-EIGRP Event notification debugging is on

R1#

*Jun 4 10:36:43.663: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (Serial1/1) is up: new adjacency

OSPF认证方式：

共有3中认证方式：

1.无认证（默认）

2.明文认证

3.MD5认证

R2:明文认证：

interface Serial1/0

ip address 192.168.12.2 255.255.255.0

ip ospf authentication-key ccie

serial restart-delay 0

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

area 0 authentication

配置完后就会提示如下信息：

2#

*Jun 4 10:43:32.083: %SYS-5-CONFIG_I: Configured from console by console

R2#

*Jun 4 10:43:32.391: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1

R2#

*Jun 4 10:43:38.903: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.2

R2#

*Jun 4 10:43:42.359: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1

密文认证：

只改了R2的配置

R2(config-if)#

*Jun 4 10:49:12.331: OSPF: Rcv pkt from 192.168.12.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

area 0 authentication message-digest

interface Serial1/0

ip address 192.168.12.2 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco

serial restart-delay 0

本文转自 gehailong 51CTO博客，原文链接：http://blog.51cto.com/gehailong/297363，如需转载请自行联系原作者