RIP MD5認證配置及出錯點總結

1. 拓撲圖

2.

R1的配置1

R1#config (配置接口IP地址) R1(config)#interface range f0/0 , f0/1 R1(config-if)#no shut R1(config-if)#interface f0/0 R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#interface f0/1 R1(config-if)#ip address 172.16.0.1 255.255.255.0 R1(config-if)#exit （配置Loopback接口IP地址） R1(config)#interface l? Lex Loopback R1(config)#interface lo ? <0-2147483647> Loopback interface number R1(config)#interface lo 0 R1(config-if)#ip address 172.18.0.1 ? A.B.C.D IP subnet mask R1(config-if)#ip address 172.18.0.1 255.255.0.0 R1(config-if)#exit R1(config)#interface loo 1 R1(config-if)#ip add 172.19.0.1 255.255.0.0 R1(config-if)#exit R1(config)#interface loop 2 R1(config-if)#ip add 172.17.0.1 255.255.0.0 R1(config-if)#exit 配置認證採用的密鑰鏈keyc1 R1(config)#key ? chain Key-chain management config-key Set a private configuration key R1(config)#key chain ? WORD Key-chain name R1(config)#key chain keyc1 R1(config-keychain)#? Key-chain configuration commands: default Set a command to its defaults exit Exit from key-chain configuration mode key Configure a key no Negate a command or set its defaults R1(config-keychain)#key ? <0-2147483647> Key identifier R1(config-keychain)#key 0 R1(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R1(config-keychain-key)#key-string 123456 R1(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R1(config-keychain-key)#exit R1(config-keychain)#exit 啓用IP路由並啓用RIP R1(config)#ip routing R1(config)#router rip 聲明網絡 R1(config-router)#network 192.168.1.0 R1(config-router)#network 172.16.0.0 R1(config-router)#network 172.17.0.0 R1(config-router)#network 172.18.0.0 R1(config-router)#network 172.19.0.0 啓用RIP版本2 R1(config-router)#version 2 R1(config-router)#? R1(config-router)#exit 配置接口RIP認證模式 R1(config)#interface f0/0 R1(config-if)#ip rip ? authentication Authentication control receive advertisement reception send advertisement transmission v2-broadcast send ip broadcast v2 update R1(config-if)#ip rip auth ? key-chain Authentication key-chain mode Authentication mode R1(config-if)#ip rip auth mode ? md5 Keyed message digest text Clear text authentication R1(config-if)#ip rip auth mode md5 配置接口認證採用的密鑰鏈 R1(config-if)#ip rip authentication key-chain ? LINE name of key-chain R1(config-if)#ip rip authentication key-chain keyc1 R1(config-if)# end

R2的配置1

R2#config R2(config)#interface range f0/0 , f0/1 R2(config-if)#no shut R2(config-if)#interface f0/0 R2(config-if)#ip address 192.168.1.2 255.255.255.0 R2(config-if)#exit R2(config)#interface f0/1 R2(config-if)#ip address 172.20.0.1 255.255.0.0 R2(config-if)#exit R2(config)#interface loop0 R2(config-if)#ip address 172.21.0.1 255.255.0.0 R2(config-if)#exit R2(config)#interface loop1 R2(config-if)#ip address 172.22.0.1 255.255.0.0 R2(config-if)#exit R2(config)#ip routing R2(config)#router rip R2(config-router)#version 2 R2(config-router)#exit R2(config)#key ? chain Key-chain management config-key Set a private configuration key R2(config)#key chain keyc1 R2(config-keychain)#? Key-chain configuration commands: default Set a command to its defaults exit Exit from key-chain configuration mode key Configure a key no Negate a command or set its defaults R2(config-keychain)#key ? <0-2147483647> Key identifier R2(config-keychain)#key 0 R2(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R2(config-keychain-key)#key-string 123456 R2(config-keychain-key)#exit R2(config-keychain)#exit R2(config)#router rip R2(config-router)#network 192.168.1.0 R2(config-router)#network 172.21.0.0 R2(config-router)#network 172.22.0.0 R2(config-router)#exit R2(config)#end

3. 第一次校驗配置

路由器R1

R1#show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 10 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 2 2 keyc1 FastEthernet0/1 2 2 Loopback0 2 2 Loopback1 2 2 Loopback2 2 2 Automatic network summarization is in effect Routing for Networks: 172.16.0.0 172.17.0.0 172.18.0.0 172.19.0.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) 到了這一步，發現沒有收到R2的路由，（） R1#

路由器R2

R2#show ip route Translating "R2" Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 172.20.0.0/16 is directly connected, FastEthernet0/1 C 172.22.0.0/16 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, FastEthernet0/0

到了這一步，發現兩個路由器都收不到對方的路由，我就想是否是沒有配置neighbor命令呢？

4. 接着配置neighbor命令

R1#config terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#router rip R1(config-router)#neighbor 192.168.1.2 R1(config-router)#exit

R2#config R2(config)#router rip R2(config-router)#? R2(config-router)#neighbor ? A.B.C.D Neighbor address R2(config-router)#neighbor 192.168.1.1 ? R2(config-router)#neighbor 192.168.1.1 R2(config-router)#end

5. 第二次校驗配置

R2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 172.20.0.0/16 is directly connected, FastEthernet0/1 C 172.22.0.0/16 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, FastEthernet0/0

發現仍是沒有收到對方路由信息，說明了不是沒有配置neighbor的緣由。

6. 從新配置key-chain的key 的發送和接收時間段

接下來，我刪除了密鑰鏈keyc1,從新配置了密鑰鏈ciscoc1，此次我配置了key-chain（密鑰鏈）的key的發送和接收時間。此前我認爲在只配置一個key-chain的key的狀況下，key的發送和接收時間期限默認會是無限長的，而通過實踐，發現不是。

給出配置

R1(config)#key ? chain Key-chain management config-key Set a private configuration key R1(config)#no key chain keyc1 R1(config)#key chain ciscokc R1(config-keychain)#key 1 R1(config-keychain-key)#key-string 123456 R1(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R1(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R1(config-keychain-key)#acc R1(config-keychain-key)#accept-lifetime ? hh:mm:ss Time to start R1(config-keychain-key)#accept-lifetime 12:00:00 ? <1-31> Day of the month to start MONTH Month of the year to start R1(config-keychain-key)#accept-lifetime 12:00:00 1 ? MONTH Month of the year to start R1(config-keychain-key)#accept-lifetime 12:00:00 1 October ? <1993-2035> Year to start R1(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 ? duration Set key lifetime duration hh:mm:ss Time to stop infinite Never expires R1(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 infinite ? <cr> R1(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 infinite R1(config-keychain-key)#send R1(config-keychain-key)#send-lifetime 12:00:00 1 October 2013 infinite R1(config-keychain-key)#end R1#config R1(config)#interface f0/0 R1(config-if)#ip rip au key-chain ciscokc R1(config-if)#end

R2#config R2(config)#no key chain keyc1 R2(config)#key chain ciscokc R2(config-keychain)#key 1 R2(config-keychain-key)#key-string 123456 R2(config-keychain-key)#? Key-chain key configuration commands: accept-lifetime Set accept lifetime of key default Set a command to its defaults exit Exit from key-chain key configuration mode key-string Set key string no Negate a command or set its defaults send-lifetime Set send lifetime of key R2(config-keychain-key)#accept-lifetime ? hh:mm:ss Time to start R2(config-keychain-key)#accept-lifetime 12:00:00 ? <1-31> Day of the month to start MONTH Month of the year to start R2(config-keychain-key)#accept-lifetime 12:00:00 1 ? MONTH Month of the year to start R2(config-keychain-key)#accept-lifetime 12:00:00 1 October ? <1993-2035> Year to start R2(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 ? duration Set key lifetime duration hh:mm:ss Time to stop infinite Never expires R2(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 infinite ? <cr> R2(config-keychain-key)#accept-lifetime 12:00:00 1 October 2013 infinite R2(config-keychain-key)#send-lifetime ? hh:mm:ss Time to start R2(config-keychain-key)#send-lifetime 12:00:00 1 October 2013 infinite R2(config-keychain-key)#end R2#config R2(config)#interface f0/0 R2(config-if)#ip rip au ? key-chain Authentication key-chain mode Authentication mode R2(config-if)#ip rip au key-chain ciscoks R2(config-if)#no ip rip au key-chain ciscoks R2(config-if)#ip rip au key-chain ciscokc R2(config-if)#end

7. 第三次校驗配置

R1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 172.17.0.0/16 is directly connected, Loopback2 172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, FastEthernet0/1 C 172.19.0.0/16 is directly connected, Loopback1 C 172.18.0.0/16 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, FastEthernet0/0

R2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 172.17.0.0/16 [120/1] via 192.168.1.1, 00:01:29, FastEthernet0/0 R 172.16.0.0/16 [120/1] via 192.168.1.1, 00:01:29, FastEthernet0/0 R 172.19.0.0/16 [120/1] via 192.168.1.1, 00:01:29, FastEthernet0/0 R 172.18.0.0/16 [120/1] via 192.168.1.1, 00:01:29, FastEthernet0/0 C 172.20.0.0/16 is directly connected, FastEthernet0/1 C 172.22.0.0/16 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R2#

8. 總結

show ip protocols與show ip route 的區別

neighbor 命令的做用

月份的英文。

（配置key-chain的key的接收和發送時間段時要用到）

一月January

二月February

三月March

四月April

五月May

六月June

七月July

八月August

九月September

十月October

十一月November

十二月December