一、实验拓扑
二、实验需求
1、配置基于单一密钥的BGP认证功能(R11与R2明文建立,R2与R3密文建立)
(1)R1的配置
undo ter mo
sys
sysname R1
int loop 0
ip add 1.1.1.1 24
int g0/0/0
ip add 192.168.12.1 24
bgp 100
router-id 1.1.1.1
peer 192.168.12.2 as-number 100
peer 192.168.12.2 password simple huawei
network 1.1.1.0 255.255.255.0
(2)R2的配置
undo ter mo
sys
sysname R2
int loop 0
ip add 2.2.2.2 24
int g0/0/0
ip add 192.168.12.2 24
int g0/0/1
ip add 192.168.23.2 24
bgp 100
router-id 2.2.2.2
peer 192.168.12.1 as-number 100
peer 192.168.23.3 as-number 200
peer 192.168.12.1 password simple huawei
peer 192.168.23.3 password cipher huawei
network 2.2.2.0 255.255.255.0
(3)R3的配置
undo ter mo
sys
sysname R3
int loop 0
ip add 3.3.3.3 24
int g0/0/1
ip add 192.168.23.3 24
bgp 200
router-id 3.3.3.3
peer 192.168.23.2 as-number 100
peer 192.168.23.2 password cipher huawei
network 3.3.3.0 255.255.255.0
(4)结果验证
R1上使用命令测试与R3的连通性
2、R1与R2配置基于Keychain的BGP认证,选用Periodic Daily模式,每天 8点到 18 使用key-id 1对BGP报文做hash运算。配置前删掉R1、R2、R3上的简单认证
(1)R1的配置
keychain key mode periodic daily
key-id 1
algorithm md5
key-string plain huawei
send-time daily 08:00 to 18:00
receive-time daily 08:00 to 18:00
bgp 100
router-id 1.1.1.1
peer 192.168.12.2 as-number 100
peer 192.168.12.2 keychain key
network 1.1.1.0 255.255.255.0
(2)R1的配置
keychain key mode periodic daily
key-id 1
algorithm md5
key-string plain huawei
send-time daily 08:00 to 18:00
receive-time daily 08:00 to 18:00
bgp 100
router-id 2.2.2.2
peer 192.168.12.1 as-number 100
peer 192.168.12.1 keychain key
peer 192.168.23.3 as-number 200
network 2.2.2.0 255.255.255.0
peer 192.168.12.1 next-hop-local
(3)验证R1与R2的邻居关系
(4)在R1上验证与R2的连通性
评论区