一.概述: 动态路由协议,除了rip v1不能配置认证之外,其他的路由协议都能配置认证,认证方式有两种,一种是明文方式的认证,一种是MD5认证,
参考链接:http://blog.sina.com.cn/s/blog_3e5d70910100mxzz.html
二.测试思路和结论:
A.思路:
①配置不同方式的动态路由认证
----包括路由和路由器,路由器和防火墙,明文认证和MD5认证
②通过抓包,确定认证信息是否协议key-ID
B.结论:
三.测试拓扑:
四.基本配置:
A.FW1:
interface Ethernet0
nameif Outside security-level 0 ip address 202.100.1.1 255.255.255.0 no shut interface Ethernet1 nameif Inside security-level 100 ip address 192.168.1.1 255.255.255.0 no shut
B.R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0 interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0no shut
interface FastEthernet0/1 ip address 10.1.1.2 255.255.255.0 no shut
C.R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.0 interface FastEthernet0/0 ip address 10.1.1.3 255.255.255.0 no shut
五.RIP明文认证:
A.路由器与路由器:
①R2:
key chain ripkey
key 1 key-string cisco key 2 key-string CISCO router rip
version 2 network 2.0.0.0 network 10.0.0.0 no auto-summary ②R3:
key chain ripkey
key 1 key-string CISCO key 2
key-string cisco router rip
version 2 network 3.0.0.0 network 10.0.0.0 no auto-summary ③抓包: R2:
R3:
|
不良信息举报Q:2000617|Archiver|ROS软路由论坛 ROSABC.com 网络方案网络工程交流
GMT+8, 2024-5-6 17:20 , Processed in 0.148223 second(s), 15 queries .
Powered by Discuz! X3.4
Copyright © 2001-2021, Tencent Cloud.
