EIGRP认证 配置 (仅仅是命令 原理自己去看书) 转自:http://blog.163.com/s_u/blog/static/13308367201111771831631/

EIGRP认证  

目的:掌握EIGRP的MD5认证

拓扑:
技术分享
这里IP配置我就不写出来了,应该对大家来说是非常简单的事了,就要细心一点就可以了。
首先我们在R1上启用MD5认证
R1(config)#key chain R1    #R1 这个值可以去路由器2 路由器3的不同
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s0/0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 R1
R1(config)#int s0/1
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 R1
R2:
R2(config)#key chain R2    #R2 这个值可以去路由器1 路由器3的不同
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int s0/0
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 R2
R2(config)#int s0/1
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100 R2
R3: 
R3(config)#key chain R3    #R3 这个值可以去路由器2 路由器1的不同
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco #cisco 这个一定要相同不然会认证失败
R3(config-keychain-key)#exit
R3(config-keychain)#exit
R3(config)#int s0/0
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100 R3
R3(config)#int s0/1
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100 R3 
这样就配置好了,看一下R1的路由表:
D    172.17.0.0/16 [90/2297856] via 10.0.0.10, 00:00:12, Serial0/1
     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D       172.16.0.0/16 is a summary, 00:00:11, Null0
C       172.16.0.0/24 is directly connected, Loopback0
C       172.16.1.0/24 is directly connected, Loopback1
C       172.16.2.0/24 is directly connected, Loopback2
C       172.16.3.0/24 is directly connected, Loopback3
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.0.8/30 is directly connected, Serial0/1
D       10.0.0.0/8 is a summary, 01:10:17, Null0
C       10.0.0.0/30 is directly connected, Serial0/0
D       10.0.0.4/30 [90/2681856] via 10.0.0.10, 00:00:12, Serial0/1
                    [90/2681856] via 10.0.0.1, 00:00:12, Serial0/0
R2:
     172.17.0.0/16 is variably subnetted, 5 subnets, 2 masks
C       172.17.1.0/24 is directly connected, Loopback1
D       172.17.0.0/16 is a summary, 01:11:47, Null0
C       172.17.0.0/24 is directly connected, Loopback0
C       172.17.3.0/24 is directly connected, Loopback3
C       172.17.2.0/24 is directly connected, Loopback2
D    172.16.0.0/16 [90/2297856] via 10.0.0.9, 00:02:43, Serial0/1
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.0.8/30 is directly connected, Serial0/1
D       10.0.0.0/30 [90/2681856] via 10.0.0.5, 00:45:19, Serial0/0
                    [90/2681856] via 10.0.0.9, 00:45:19, Serial0/1
D       10.0.0.0/8 is a summary, 01:11:47, Null0
C       10.0.0.4/30 is directly connected, Serial0/0
R3:
D    172.17.0.0/16 [90/2297856] via 10.0.0.6, 00:03:28, Serial0/1
D    172.16.0.0/16 [90/2297856] via 10.0.0.2, 00:03:28, Serial0/0
     10.0.0.0/30 is subnetted, 3 subnets
D       10.0.0.8 [90/2681856] via 10.0.0.6, 00:03:28, Serial0/1
                 [90/2681856] via 10.0.0.2, 00:03:28, Serial0/0
C       10.0.0.0 is directly connected, Serial0/0
C       10.0.0.4 is directly connected, Serial0/1
这里路由表自动汇总了……
认证主要注意两点:
1 key chain XXX   这个各个路由器可以不相同 
2 key-string XXXX 这个一定要相同

 

key chain EIGRP
 key 1
  key-string CISCO123
  accept-lifetime 00:00:00 Jan 1 1993 00:15:00 Jan 1 2020
  send-lifetime 00:00:00 Jan 1 1993 00:00:00 Jan 1 2020
 key 2
  key-string CISCO456
  accept-lifetime 23:45:00 Dec 31 2019 infinite
  send-lifetime 00:00:00 Jan 1 2020 infinite
!
int s0/0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 EIGRP

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。