1、RIP-2 邻居认证配置一、 实验目的1. 掌握邻居认证的配置2. 理解 RIP-2 与 RIP-1 的不同二、 应用环境1. 为避免外部路由器得到路由表,保证一定安全性,采用认证三、 实验设备1. DCR-17512. CR-V35FC3. CR-V35MT 四、 实验拓扑五、 实验要求配置表ROUTER-A S1/1(DCE)两台一条一条192.168.1.1/24ROUTER-B S1/0(DTE) 192.168.1.2/24F0/0六、 实验步骤192.168.0.1 F0/0 192.169.2.1/24第一步:按照实验三和上表,配置路由器的所有接口地址并测试连通性第二步:配置路由
2、器 BRouter-B#confRouter-B_config#router ripRouter-B_config_rip#version 2Router-B_config_rip#network 192.168.1.0!配置为版本 2Router-B_config_rip#network 192.168.2.0Router-B_config_rip#exitRouter-B_config#int s1/0 !进入与 A 相连的接口Router-B_config_s1/0#ip rip authentication simple !配置以明文方式验证Router-B_config_s1/0#i
3、p rip password digitalchina !配置密码为 digitalchinaRouter-B_config_s1/0#Z第三步:查看 B 的配置Router-B#sh runBuilding configuration. Current configuration:!version 1.3.2Eservice timestamps log date service timestamps debug dateno service password-encryption!hostname Router-B!interface FastEthernet0/0ip address 1
4、92.168.2.1 255.255.255.0no ip directed-broadcast !interface Serial1/0ip address 192.168.1.2 255.255.255.0no ip directed-broadcast ip rip authentication simpleip rip password digitalchina!interface Async0/0 no ip address no ip directed-broadcast !router ripversion 2network 192.168.2.0network 192.168.
5、1.0!第四步:配置路由器 A(不配认证)并查看路由表Router-A#confRouter-A_config#router ripRouter-A_config_rip#version 2Router-A_config_rip#network 192.168.0.0Router-A_config_rip#network 192.168.1.0Router-A_config_rip#Z查看路由表Router-A#sh ip routeCodes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connectedD - DEIGRP,
6、 DEX - external DEIGRP, O - OSPF, OIA - OSPF inter areaON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2OE1 - OSPF external type 1, OE2 - OSPF external type 2DHCP - DHCP typeVRF ID: 0 C 192.168.0.0/24 is directly connected, FastEthernet0/0 C 192.168.1.0/24 is directly connected, Seria
7、l1/1第五步:配置 A 的认证Router-A_config#int s1/1 !进入与 B 相连的接口Router-A_config_s1/1#ip rip authentication simpleRouter-A_config_s1/1#ip rip password digitalchina第六步:再次查看路由表Router-A#sh ip routeCodes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connected!没有学习到路由D - DEIGRP, DEX - external DEIGRP, O - O
8、SPF, OIA - OSPF inter areaON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2OE1 - OSPF external type 1, OE2 - OSPF external type 2DHCP - DHCP typeVRF ID: 0 C 192.168.0.0/24 is directly connected, FastEthernet0/0C 192.168.1.0/24 is directly connected, Serial1/1R 192.168.2.0/24 120,1 via
9、 192.168.1.2(on Serial1/1) Router-B#show ip routeCodes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connectedD - DEIGRP, DEX - external DEIGRP, O - OSPF, OIA - OSPF inter areaON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2OE1 - OSPF external type 1, OE2 - OSPF external typ
10、e 2DHCP - DHCP typeVRF ID: 0 R 192.168.0.0/24 120,1 via 192.168.1.1(on Serial1/0) C 192.168.1.0/24 is directly connected, Serial1/0C 192.168.2.0/24 is directly connected, FastEthernet0/0七、 注意事项和排错1. 只有 RIP-2 才支持认证2. 在相邻的接口上配置认证3. 认证密码要一致,必须是双向的八、 配置序列Router-B#sh runBuilding configuration. Current co
11、nfiguration:!version 1.3.2Eservice timestamps log date service timestamps debug dateno service password-encryption!hostname Router-B!interface FastEthernet0/0ip address 192.168.2.1 255.255.255.0no ip directed-broadcast !interface Serial1/0ip address 192.168.1.2 255.255.255.0no ip directed-broadcast
12、ip rip authentication simpleip rip password digital!interface Async0/0 no ip address no ip directed-broadcast !router ripversion 2network 192.168.2.0network 192.168.1.0!九、 共同思考1. 认证有什么意义?2. 为什么一定要是双向的?十、 课后练习1. 请用?查看除了明文以外还有哪些认证方式?2. 请将地址改为 10.0.0.0/24 重复以上实验十一、 相关命令详解ip rip authentication使用 ip rip authentication 接口配置命令指定用于 RIP-2 包的认证类型,no ip rip authentication 则不对报文进行认证。ip rip authentication simple | message-digestno ip rip authentication参数simple参数明文认证类型参数说明缺省不认证message-digest MD5密文认证类型命令模式接口配置态使用说明RIP-1 不支持认证示例这个例子配置接口使用 MD5 密文认证类型。ip rip authentication message-digest
