RIPv2的认证(Enabling RIPv2 Autherization)

fhqmqjqq

实验来源：工大瑞普Cisco网络技术论坛

1.按照试验拓扑配置好各台路由器的接口IP地址；
2.使用ping命令验证相邻两台路由器的连通性；
3.配置RIP协议：
R1配置：
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.1.1.0
Router(config-router)#network 172.16.1.0
Router(config-router)#passive-interface loopback 0
Router(config-router)#no auto-summary                    //取消自动汇总
R2配置：
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 172.16.1.0
Router(config-router)#network 172.16.2.0
Router(config-router)#no auto-summary
R3配置：
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.2.2.0
Router(config-router)#network 172.16.2.0
Router(config-router)#passive-interface loopback 0
Router(config-router)#no auto-summary4.使用命令show ip protocols查看所配置的RIP协议，例R1：
Router#show ip protocols
Routing Protocol is "rip"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 0 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial1/1             2     2                                    
    Loopback0             2     2                                    
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    10.0.0.0
    172.16.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.1.2           120      00:00:13
  Distance: (default is 120)再在R2上查看一下路由表：
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Serial1/0
C       172.16.2.0 is directly connected, Serial1/1
     10.0.0.0/24 is subnetted, 2 subnets
R       10.2.2.0 [120/1] via 172.16.2.1, 00:00:20, Serial1/1
R       10.1.1.0 [120/1] via 172.16.1.1, 00:01:43, Serial1/0使用ping命令验证连通性，这里略。。。
5.OK，下面开始配置RIP验证，举例在R2上配置，验证R1：
Router(config)#key chain cisco      //定义钥匙链。钥匙链名为cisco
Router(config-keychain)#key 1      //定义钥匙链上的第一个钥匙
Router(config-keychain-key)#key-string key  //定义密钥
Router(config-keychain-key)#exit
Router(config-keychain)#exit
Router(config)#interface serial 1/0
Router(config-if)#ip rip authentication key-chain cisco  //在接口下起用rip验证，并使用钥匙链cisco
Router(config-if)#ip rip authentication mode md5  //定义钥匙的验证是md5的
Router(config-if)#exit
配置好后，要等待一段时间，我们在R2上用debug ip rip命令看一下rip的调试信息：
Router#debug ip rip
RIP protocol debugging is on
Router#
*Mar  1 00:07:34.643: RIP: received v2 update from 172.16.2.1 on Serial1/1
*Mar  1 00:07:34.643:      10.2.2.0/24 via 0.0.0.0 in 1 hops
*Mar  1 00:07:36.519: RIP: sending v2 update to 224.0.0.9 via Serial1/1 (172.16.2.2)
*Mar  1 00:07:36.519: RIP: build update entries
*Mar  1 00:07:36.519:   10.1.1.0/24 via 0.0.0.0, metric 2, tag 0
*Mar  1 00:07:36.523:   172.16.1.0/24 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:07:42.539: RIP: ignored v2 packet from 172.16.1.1 (invalid authentication) //无效的   验证
*Mar  1 00:07:45.623: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (172.16.1.2)
*Mar  1 00:07:45.623: RIP: build update entries
*Mar  1 00:07:45.623:   10.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Mar  1 00:07:45.627:   172.16.2.0/24 via 0.0.0.0, metric 1, tag 0从172.16.1.1收到无效的验证，然后使用show ip route查看：
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Serial1/0
C       172.16.2.0 is directly connected, Serial1/1
     10.0.0.0/24 is subnetted, 2 subnets
R       10.2.2.0 [120/1] via 172.16.2.1, 00:00:23, Serial1/1
R       10.1.1.0/24 is possibly down,
          routing via 172.16.1.1, Serial1/0和最开始我们查看到的信息不一样了。
如果我们想让R1继续可以和R2更新，那么也需要在R1上配置key，方法和在R2上配置时一样。。（为了演示方便，我把认证模式改为test了），然后我们再在R2上debug 一下：
Router#debug ip rip
RIP protocol debugging is on
Router#
*Mar  1 00:19:24.475: RIP: received packet with text authentication key
*Mar  1 00:19:24.475: RIP: received v2 update from 172.16.1.1 on Serial1/0
*Mar  1 00:19:24.479:      10.1.1.0/24 via 0.0.0.0 in 1 hops然后用show ip route察看路由表（这里略）发现和最开始的路由表一样。


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/47604/showart_398292.html