KaleenaParr926

来自NoteExpress知识库
2015年2月28日 (六) 17:03KaleenaParr926讨论 | 贡献的版本

(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳转至: 导航搜索

When you earned your CCNA, you believed you learned everything there is to know about RIP. Close, but not rather There are some further details you require to know to pass the BSCI exam and get a single step closer to the CCNP exam, and a single of those includes RIP update packet authentication. You are familiar with some positive aspects of employing RIPv2 over RIPv1, help for VLSM chief amongst them. Identify more on our partner use with - Click here askperrybelcher.jimdo.com. But one benefit that you happen to be not introduced to in your CCNA scientific studies is the ability to configure routing update packet authentication. You have two alternatives, clear text and MD5. Clear text is just that - a clear text password that is visible by any person who can choose a packet off the wire. If you happen to be going to go to the difficulty of configuring update authentication, you really should use MD5. The MD stands for "Message Digest", and this is the algorithm that creates the hash value for the password that will be contained in the update packets. Not only have to the routers agree on the password, they must agree on the authentication strategy. If a single router sends an MD5-hashed password to an additional router that is configured for clear-text authentication, the update will not be accepted. Meet Perry Belcher contains additional information concerning the inner workings of it. debug ip rip is a excellent command for troubleshooting authenticated updates. R1, R2, and R3 are running RIP more than a frame relay cloud. Identify new information about aboutperrybelcherdash.blog.com/2014/04/23/how-perry-belcher-can-help-you-out-with-internet-advertising by visiting our fine web site. Here is how RIP authentication would be configured on these three routers. R1#conf t R1config#key chain RIP The key chain can have any name. R1config-keychain#important 1 Key chains can have multiple keys. Number them carefully when using multiples. R1config-keychain-key#key-string CISCO This is the text string the key will use for authentication. R1config#int s0 R1config-if#ip rip authentication mode text The interface will use clear-text mode. R1config-if#ip rip authentication essential-chain RIP The interface is using key chain RIP, configured earlier. R2#conf t R2config#crucial chain RIP R2config-keychain#key 1 R2config-keychain-key#key-string CISCO R2config#int s0.123 R2config-subif#ip rip authentication mode text R2config-subif#ip rip authentication important-chain RIP R3#conf t R3config#important chain RIP R3config-keychain#key 1 R3config-keychain-crucial#crucial-string CISCO R3config#int s0.31 R3config-subif#ip rip authentication mode text R3config-subif#ip rip authentication crucial-chain RIP To use MD5 authentication rather than clear-text, basically replace the word "text" in the ip rip authentication mode command with md5. Heres what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in impact and the password is "cisco". 3d04h RIP received packet with text authentication cisco 3d04h RIP received v2 update from 150.1.1.three on Ethernet0 3d04h one hundred.../8 through ... in 1 hops 3d04h 150.1.2./24 by way of ... in 1 hops Heres what it looks like when the remote device is set for MD5 authentication and the regional router is set for clear-text. You are going to also see this message if the password itself is incorrect. 3d04h RIP ignored v2 packet from 150.1.1.3 invalid authentication "Debug ip rip" might be a basic command as compared to the debugs for other protocols. but its also a really powerful debug. Start making use of debugs as early as attainable in your Cisco reports to learn how router commands really work.

取自“https://www.inoteexpress.com/wiki/index.php?title=KaleenaParr926&oldid=5914