自动安全后没有发送 RIP 更新

自动安全后没有发送 RIP 更新

我正在配置/测试 Cisco 路由器(抱歉,我不知道型号,因为我使用的是 NETLAB),并且我的 RIPv2 更新正在正确传播/更新。然后我使用该auto secure命令对其进行强化,但似乎不再发送它们了。

下面是其中一个有问题的路由器的配置。它包含一些我自己的命令以及自动安全设置放置在那里的命令。

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname R2
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$uXB4$cDJCPm41SKo3DgjSMrfxx/
enable password 7 01160805590703
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
!
!
ip cef
!
!
no ip bootp server
ip domain name sit377
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
login block-for 120 attempts 5 within 120
!
frame-relay switching
!
voice-card 0
 no dspfarm
!
!
key chain RIP_KEY
 key 1
   key-string 7 05080F1C2243
!
!
!
!
!
!
!
!
!
!
!
!
!
username R1 password 7 121A0C041104
username R2 password 7 01100F175804
archive
 log config
  logging enable
!
!
ip tcp intercept list autosec_tcp_intercept_list
ip tcp intercept connection-timeout 3600
ip tcp intercept watch-timeout 15
ip tcp intercept max-incomplete low 450
ip tcp intercept max-incomplete high 550
ip tcp intercept drop-mode random
ip ssh time-out 60
ip ssh authentication-retries 2
! 
!
!
!
!
interface FastEthernet0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip address 10.1.1.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip rip authentication mode md5
 ip rip authentication key-chain RIP_KEY
 encapsulation ppp
 ppp authentication chap
 no shutdown
!
interface Serial0/0/1
 ip address 10.2.2.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip rip authentication mode md5
 ip rip authentication key-chain RIP_KEY
 encapsulation frame-relay
 clock rate 64000
 frame-relay map ip 10.2.2.1 203
 frame-relay map ip 10.2.2.2 302 broadcast
 frame-relay intf-type dce
 no shutdown
!
router rip
 version 2
 passive-interface default
 no passive-interface Serial0/0/0
 no passive-interface Serial0/0/1
 network 10.0.0.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
no cdp run
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^CBanner message^C
!
line con 0
 exec-timeout 5 0
 password 7 060506324F41
 logging synchronous
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 password 7 110A1016141D
 logging synchronous
 login authentication local_auth
 transport input telnet ssh
line vty 5 15
 password 7 01100F175804
 logging synchronous
 login authentication local_auth
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

答案1

事实证明是 NETLAB 本身把事情搞砸了。

在加载路由器配置时,它会进入命令key chain,但不会从那里退出。因此,当它开始在其中一个链接上为 CHAP 设置用户时,它失败了,因为它不在全局配置模式中。

相关内容