EIGRP认证
目的:掌握EIGRP的MD5认证
拓扑:
这里IP配置我就不写出来了,应该对大家来说是非常简单的事了,就要细心一点就可以了。
首先我们在R1上启用MD5认证
R1(config)#key chain R1 #R1 这个值可以去路由器2 路由器3的不同
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s0/0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 R1
R1(config)#int s0/1
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 R1
R2:
R2(config)#key chain R2 #R2 这个值可以去路由器1 路由器3的不同
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int s0/0
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 R2
R2(config)#int s0/1
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 R2
R3:
R3(config)#key chain R3 #R3 这个值可以去路由器2 路由器1的不同
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R3(config-keychain-key)#exit
R3(config-keychain)#exit
R3(config)#int s0/0
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100 R3
R3(config)#int s0/1
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100 R3
这样就配置好了,看一下R1的路由表:
D 172.17.0.0/16 [90/2297856] via 10.0.0.10, 00:00:12, Serial0/1
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:00:11, Null0
C 172.16.0.0/24 is directly connected, Loopback0
C 172.16.1.0/24 is directly connected, Loopback1
C 172.16.2.0/24 is directly connected, Loopback2
C 172.16.3.0/24 is directly connected, Loopback3
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.8/30 is directly connected, Serial0/1
D 10.0.0.0/8 is a summary, 01:10:17, Null0
C 10.0.0.0/30 is directly connected, Serial0/0
D 10.0.0.4/30 [90/2681856] via 10.0.0.10, 00:00:12, Serial0/1
[90/2681856] via 10.0.0.1, 00:00:12, Serial0/0
R2:
172.17.0.0/16 is variably subnetted, 5 subnets, 2 masks
C 172.17.1.0/24 is directly connected, Loopback1
D 172.17.0.0/16 is a summary, 01:11:47, Null0
C 172.17.0.0/24 is directly connected, Loopback0
C 172.17.3.0/24 is directly connected, Loopback3
C 172.17.2.0/24 is directly connected, Loopback2
D 172.16.0.0/16 [90/2297856] via 10.0.0.9, 00:02:43, Serial0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.8/30 is directly connected, Serial0/1
D 10.0.0.0/30 [90/2681856] via 10.0.0.5, 00:45:19, Serial0/0
[90/2681856] via 10.0.0.9, 00:45:19, Serial0/1
D 10.0.0.0/8 is a summary, 01:11:47, Null0
C 10.0.0.4/30 is directly connected, Serial0/0
R3:
D 172.17.0.0/16 [90/2297856] via 10.0.0.6, 00:03:28, Serial0/1
D 172.16.0.0/16 [90/2297856] via 10.0.0.2, 00:03:28, Serial0/0
10.0.0.0/30 is subnetted, 3 subnets
D 10.0.0.8 [90/2681856] via 10.0.0.6, 00:03:28, Serial0/1
[90/2681856] via 10.0.0.2, 00:03:28, Serial0/0
C 10.0.0.0 is directly connected, Serial0/0
C 10.0.0.4 is directly connected, Serial0/1
这里路由表自动汇总了……
认证主要注意两点:
1 key chain XXX 这个各个路由器可以不相同
2 key-string XXXX 这个一定要相同
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Jan 1 1993 00:15:00 Jan 1 2020
send-lifetime 00:00:00 Jan 1 1993 00:00:00 Jan 1 2020
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2019 infinite
send-lifetime 00:00:00 Jan 1 2020 infinite
!
int s0/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP