路由器和交换机的RIPMD5明文认证.docx
《路由器和交换机的RIPMD5明文认证.docx》由会员分享,可在线阅读,更多相关《路由器和交换机的RIPMD5明文认证.docx(9页珍藏版)》请在冰豆网上搜索。
路由器和交换机的RIPMD5明文认证
现在RA上配置基础信息
Router>enable/进入特权模式
Router#config/进入配置模式
Router_config#hostnameRA/更改设备名称
RA_config#intfastEthernet0/0/进入端口
RA_config_f0/0#ipaddress192.168.0.2255.255.255.0
【设置IP地址和掩码】
RA_config_f0/0#noshutdown/开启端口
RA_config_f0/0#exit/退出
RA_config#intgigaEthernet0/3
RA_config_g0/3#ipaddress192.168.1.1255.255.255.0
RA_config_g0/3#noshutdown
RA_config_g0/3#exit
在RB上配置基础信息
Router>enable
Router#config
Router_config#hostnameRB
RB_config#intgigaEthernet0/3
RB_config_g0/3#ipaddress192.168.1.2255.255.255.0
RB_config_g0/3#noshutdown
RB_config_g0/3#exit
RB_config#intfastEthernet0/0
RB_config_f0/0#ipaddress192.168.2.2255.255.255.0
RB_config_f0/0#noshutdown
RB_config_f0/0#exit
在RSW1上配置基础信息
DCRS-5650-28(R4)>enable/进入特权模式
DCRS-5650-28(R4)#config/进入配置模式
DCRS-5650-28(R4)(config)#hostnameRSW1/更改设备名称
RSW1(config)#vlan100/创建vlan100
RSW1(config-vlan100)#exit/退出
RSW1(config)#intethernet1/0/1/进入端口
RSW1(config-if-ethernet1/0/1)#switchportaccessvlan100
SettheportEthernet1/0/1accessvlan100successfully
【将该端口填加到vlan100】
RSW1(config-if-ethernet1/0/1)#exit/退出
RSW1(config)#interfacevlan100/进入vlan100
RSW1(config-if-vlan100)#ipaddress192.168.0.1255.255.255.0
【设置IP地址和掩码】
RSW1(config-if-vlan100)#exit/退出
RSW1(config)#exit
RSW1#
RSW1#ping192.168.0.2
Type^ctoabort.
Sending556-byteICMPEchosto192.168.0.2,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/3/16ms
这时候测试一下,ping路由器连接交换机的口的IP地址,肯定能ping通,ping不通就代表你配置错了,或者没插线,或者网线坏了
DCRS-5650-28(R4)>enable
DCRS-5650-28(R4)#config
DCRS-5650-28(R4)(config)#hostnameRSW2
RSW2(config)#vlan200
RSW2(config-vlan200)#exit
RSW2(config)#intethernet1/0/1
RSW2(config-if-ethernet1/0/1)#switchportaccessvl200
SettheportEthernet1/0/1accessvlan200successfully
RSW2(config-if-ethernet1/0/1)#exit
RSW2(config)#interfacevlan200
RSW2(config-if-vlan200)#ipaddress192.168.2.1255.255.255.0
RSW2(config-if-vlan200)#exit
RSW2(config)#exit
RSW2#ping192.168.2.2
Type^ctoabort.
Sending556-byteICMPEchosto192.168.2.2,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/3/16ms
设置RIP动态路由
RSW2(config)#routerrip/启用RIP协议
RSW2(config-router)#ver2/版本号为ver2
RSW2(config-router)#showiproute/查看路由表
Codes:
K-kernel,C-connected,S-static,R-RIP,B-BGP
O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault
C127.0.0.0/8isdirectlyconnected,Loopbacktag:
0
C192.168.2.0/24isdirectlyconnected,Vlan200tag:
0
Totalroutesare:
2item(s)
RSW2(config-router)#network192.168.2.0/24/宣告网段
RSW2(config-router)#exit/退出
在RB上配置RIP动态路由
RB_config#routerrip
RB_config_rip#ver2
RB_config_rip#showiproute
Codes:
C-connected,S-static,R-RIP,B-BGP,BC-BGPconnected
D-BEIGRP,DEX-externalBEIGRP,O-OSPF,OIA-OSPFinterarea
ON1-OSPFNSSAexternaltype1,ON2-OSPFNSSAexternaltype2
OE1-OSPFexternaltype1,OE2-OSPFexternaltype2
DHCP-DHCPtype,L1-IS-ISlevel-1,L2-IS-ISlevel-2
VRFID:
0
C192.168.1.0/24isdirectlyconnected,GigaEthernet0/3
C192.168.2.0/24isdirectlyconnected,FastEthernet0/0
RB_config_rip#network192.168.1.0255.255.255.0
RB_config_rip#network192.168.2.0255.255.255.0
RB_config_rip#exit
在RA上配置动态路由
RA_config#routerrip
RA_config_rip#ver2
RA_config_rip#showiproute
Codes:
C-connected,S-static,R-RIP,B-BGP,BC-BGPconnected
D-BEIGRP,DEX-externalBEIGRP,O-OSPF,OIA-OSPFinterarea
ON1-OSPFNSSAexternaltype1,ON2-OSPFNSSAexternaltype2
OE1-OSPFexternaltype1,OE2-OSPFexternaltype2
DHCP-DHCPtype,L1-IS-ISlevel-1,L2-IS-ISlevel-2
VRFID:
0
C192.168.0.0/24isdirectlyconnected,FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,GigaEthernet0/3
RA_config_rip#network192.168.0.0255.255.255.0
RA_config_rip#network192.168.1.0255.255.255.0
RA_config_rip#exit
在RSW1上配置RIP动态路由
RSW1(config)#routerrip
RSW1(config-router)#ver2
RSW1(config-router)#showiproute
Codes:
K-kernel,C-connected,S-static,R-RIP,B-BGP
O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault
C127.0.0.0/8isdirectlyconnected,Loopbacktag:
0
C192.168.0.0/24isdirectlyconnected,Vlan100tag:
0
Totalroutesare:
2item(s)
RSW1(config-router)#network192.168.0.0/24
RSW1(config-router)#exit
下面测试,由RSW1pingRSW2,能ping通代表路由成功了
RSW1#ping192.168.2.1
Type^ctoabort.
Sending556-byteICMPEchosto192.168.2.1,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/0ms
下面先来做RIP的文明,本端打上认证而对端没打上,路由过不来,ping不通,就代表认证生效了,ping通就代表失败之后把对端认证也打上,能ping通就代表做成了
RSW1(config)#interfacevlan100/先进入需要认证的vlan里面
RSW1(config-if-vlan100)#ipripauthenticationmodetext
【敲上明文认证】
RSW1(config-if-vlan100)#ipripauthenticationstringluyou
【设置秘钥,对端要和这个一样】
RSW1(config-if-vlan100)#exit/退出
RSW1#ping192.168.2.1
Type^ctoabort.
Sending556-byteICMPEchosto192.168.2.1,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/0ms
RSW1#ping192.168.2.1
Type^ctoabort.
Sending556-byteICMPEchosto192.168.2.1,timeoutis2seconds.
.....
Successrateis0percent(0/5),round-tripmin/avg/max=0/0/0ms
一开始ping是通的,是因为还没有生效,大家多等会就可以,等个一两分钟足够了,也可以一直尝试,也可以把接口给shutdown再noshutdown
下面做RA,RB,RSW2的明文认证
RA_config#interfacegigaEthernet0/3
RA_config_g0/3#ipripauthenticationsimple/选择明文认证
RA_config_g0/3#iprippasswordluyou/秘钥要一致
RA_config_g0/3#exit
RA_config#intfastEthernet0/0
RA_config_f0/0#ipripauthenticationsimple
RA_config_f0/0#iprippasswordluyou
RA_config_f0/0#exit
RB_config#intgigaEthernet0/3
RB_config_g0/3#ipripauthenticationsimple
RB_config_g0/3#iprippasswordluyou
RB_config_g0/3#exit
RB_config#interfacefastEthernet0/0
RB_config_f0/0#ipripauthenticationsimple
RB_config_f0/0#iprippasswordluyou
RB_config_f0/0#exit
RSW2(config)#interfacevlan200
RSW2(config-if-vlan200)#ipripauthenticationmodetext
RSW2(config-if-vlan200)#ipripauthenticationstringluyou
RSW2(config-if-vlan200)#exit
下面pingRSW1应该是通的,然后RSW1再pingRSW2
RSW2#ping192.168.0.1
Type^ctoabort.
Sending556-byteICMPEchosto192.168.0.1,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/0ms
RSW1#ping192.168.2.1
Type^ctoabort.
Sending556-byteICMPEchosto192.168.2.1,timeoutis2seconds.
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/0ms
证明明文认证成功了,下面做MD5认证,大家做的时候要删档,或者把明文认证NO掉,这里我就不写上了...
下面做RSW1的MD5认证
RSW1(config)#keychain1/建立钥匙环
RSW1(config-keychain)#key1/创建一把钥匙
RSW1(config-keychain-key)#key-stringluyou/创建秘钥
RSW1(config-keychain-key)#end/退出
RSW1(config)#interfacevlan100/进入vlan
RSW1(config-if-vlan100)#ipripauthenticationmodemd5
【设置MD5认证】
RSW1(config-if-vlan100)#ipripauthenticationkey-chain1
【把配置模式下创建的钥匙环匹配到这里】
RSW1(config-if-vlan100)#exit
之后pingRSW2应该是不通的,因为路由器和RSW2都没有做MD5认证
下面做RA,RB,RSW2的MD5认证
RA_config#intgigaEthernet0/3
RA_config_g0/3#ipripauthenticationmd5/开启MD5认证
RA_config_g0/3#ipripmd5-key1md5luyou
【跟交换机相对应的钥匙环【1】和秘钥
RA_config_g0/3#exit
RA_config#interfacefastEthernet0/0
RA_config_f0/0#ipripauthenticationmd5
RA_config_f0/0#ipripmd5-key1md5luyou
RA_config_f0/0#exit
RB_config#interfacegigaEthernet0/3
RB_config_g0/3#ipripauthenticationmd5
RB_config_g0/3#ipripmd5-key1md5luyou
RB_config_g0/3#exit
RB_config#intfastEthernet0/0
RB_config_f0/0#ipripauthenticationmd5
RB_config_f0/0#ipripmd5-key1md5luyou
RB_config_f0/0#exit
RSW2(config)#keychain1
RSW2(config-keychain)#key1
RSW2(config-keychain-key)#key-stringluyou
RSW2(config-keychain-key)#end
RSW2(config)#interfacevlan200
RSW2(config-if-vlan200)#ipripauthenticationmodemd5
RSW2(config-if-vlan200)#ipripauthenticationkey-chain1
RSW2(config-if-vlan200)#exit
下面pingRSW1应该是通的
之后从RSW1pingRSW2
以上就是路由器和交换机的RIP动态路由的MD5认证和明文认证
逍遙提供【仅供参考】
升级会员 