动态路由协议,除了rip v1不能配置认证之外,其他的路由协议都能配置认证,认证方式有两种,一种是明文方式的认证,一种是MD5认证,
参考链接:http://blog.sina.com.cn/s/blog_3e5d70910100mxzz.html
参考链接:http://blog.sina.com.cn/s/blog_3e5d70910100mxzz.html
二.测试思路和结论:
A.思路:
①配置不同方式的动态路由认证
----包括路由和路由器,路由器和防火墙,明文认证和MD5认证
②通过抓包,确定认证信息是否协议key-ID
B.结论:
三.测试拓扑:
四.基本配置:
A.FW1:
interface Ethernet0
nameif Outside
security-level 0
ip address 202.100.1.1 255.255.255.0
no shut
interface Ethernet1
nameif Inside
security-level 100
ip address 192.168.1.1 255.255.255.0
nameif Outside
security-level 0
ip address 202.100.1.1 255.255.255.0
no shut
interface Ethernet1
nameif Inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shut
B.R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.2 255.255.255.0
ip address 2.2.2.2 255.255.255.0
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0no shut
interface FastEthernet0/1ip address 10.1.1.2 255.255.255.0
no shut
C.R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
no shut
五.RIP明文认证:
A.路由器与路由器:
①R2:
key chain ripkey
key 1
key-string cisco
key 2
key-string CISCO
key 1
key-string cisco
key 2
key-string CISCO
router rip
version 2
network 2.0.0.0
network 10.0.0.0
no auto-summary
version 2
network 2.0.0.0
network 10.0.0.0
no auto-summary
②R3:
key chain ripkey
key 1
key-string CISCO
key 1
key-string CISCO
key 2
key-string cisco
key-string cisco
router rip
version 2
network 3.0.0.0
network 10.0.0.0
version 2
network 3.0.0.0
network 10.0.0.0
no auto-summary
③抓包:
R2:
R3:
本文转自 碧云天 51CTO博客,原文链接:http://blog.51cto.com/333234/1300280,如需转载请自行联系原作者