5. Configuring EIGRP Authentication

1、理解EIGRP的认证过程。 
2、掌握EIGRP的认证的配置。
 
上图:

image.png


配置好各个路由器的IP地址,测试连通性,配好EIGRP 50,查看两路由器的路由表:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:00:35, Null0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.0/24 is directly connected, Loopback0
D       10.0.0.0/8 is a summary, 00:00:35, Null0
D    192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:00:22, Serial0/0

 

R2#show ip route 
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:01:35, Null0
D    10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:01:35, Serial0/0
C    192.168.1.0/24 is directly connected, Loopback0

 

结果说明学习路由正常。

 

配置R1的EIGRP认证:

R1#conf t
R1(config)#key chain xiaoyang(创建名为xiaoyang的密钥链)
R1(config-keychain)#key  1(创建密钥链1)
R1(config-keychain-key)#key-string xiaoyang(配置密文为xiaoyang)

R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s0/0
R1(config-if)#ip authentication key-chain eigrp 50 xiaoyang(在s0/0接口下为EIGRP 50启用路由认证。使用xiaoyang密钥链。)
R1(config-if)#ip authentication mode eigrp 50 md5(设置认证模式为md5加密方式,即传输过程以密文传输。)
R1(config-if)#end

 

查看两路由器的路由表变化:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:12:30, Null0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.0/24 is directly connected, Loopback0
D       10.0.0.0/8 is a summary, 00:12:30, Null0

 

R2#show ip route
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:12:40, Null0
C    192.168.1.0/24 is directly connected, Loopback0

此时双方都不能学习到对方的路由信息,同时R2上有如下反馈信息:

R2#
*Mar  1 00:16:10.975: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial0/0) is down: Auth failure

说明认证失败,不能建立邻居关系。

 

配置R2的EIGRP认证:

R2#conf t
R2(config)#key chain xiaoyang
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string xiaoyang
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int s0/0
R2(config-if)#ip authentication key-chain eigrp 50 xiaoyang
R2(config-if)#ip authentication mode eigrp 50 md5
R2(config-if)#exit
*Mar  1 00:26:31.007: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial0/0) is up: new adjacency

配置完成,最后一条日志信息说明邻居重新建立,认证成功。

查看R2上邻居信息:

R2(config)#do show ip eigrp 50 nei
IP-EIGRP neighbors for process 50
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.1.9              Se0/0             12 00:03:35   65   390  0  12

正常!

 

再查看双方路由表:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:23:03, Null0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.0/24 is directly connected, Loopback0
D       10.0.0.0/8 is a summary, 00:23:03, Null0
D    192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:05:04, Serial0/0

 

R2(config)#do show ip route 
Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.1.8/30 is directly connected, Serial0/0
D       172.16.0.0/16 is a summary, 00:23:23, Null0
D    10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:05:38, Serial0/0
C    192.168.1.0/24 is directly connected, Loopback0

 

一切正常。


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

桂ICP备19000498号-3