配置实例:
1.将R1和R2的相应端口设置为被动端口。
R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# passive-interface FastEthernet 1/0
R1(config-router)# passive-interface FastEthernet 0/0
R1(config-router)# passive-interface FastEthernet 0/1
R2(config)# router rip
R2(config-router)# version 2
R2(config-router)# passive-interface FastEthernet 1/0
R2(config-router)# passive-interface FastEthernet 0/0
R2(config-router)# passive-interface FastEthernet 0/1
2.将路由器1和路由器2设置为邻居关系。
R1(config-router)# neighbor 172.17.1.1 //R2 Fa0/0接口的Ip地址
R2(config-router)# neighbor 172.17.1.2 //R1 Fa0/0接口的Ip地址
3.根据时间配置密钥链
R1(config)# key chain R1
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string nike
R1(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R1(config-keychain)# key 2
R1(config-keychain-key)# key-string love
R1(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R1(config-keychain)# key 3
R1(config-keychain-key)# key-string baby
R1(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R1(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
R2(config)# key chain R2
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string nike
R2(config-keychain-key)# key accept-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain-key)# key send-lifetime 16:30:00 May 28 2009 duration 43200
R2(config-keychain)# key 2
R2(config-keychain-key)# key-string love
R2(config-keychain-key)# accept-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain-key)# send-lifetime 04:00:00 May 29 2009 13:00:00 Nov 25 2009
R2(config-keychain)# key 3
R2(config-keychain-key)# key-string baby
R2(config-keychain-key)# accept-lifetime 13:00:00 Nov 25 2009 infinite
R2(config-keychain-key)# send-lifetime 13:00:00 Nov 25 2009 infinite
4.将密钥链应用到需要认证的网络接口上。
R1(config)# int FastEthernet 0/0
R1(config-if)# ip rip authentication key-chain R1
R1(config)# int FastEthernet 0/1
R1(config-if)# ip rip authentication key-chain R1
R2(config)# int FastEthernet 0/0
R2(config-if)# ip rip authentication key-chain R2
R2(config)# int FastEthernet 0/1
R2(config-if)# ip rip authentication key-chain R2
5.定义加密方式为明文或者MD5加密,这里使用MD5加密。
R1(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication mode md5