C_RFC3315_21.4.1_DelayedAuthProto.seq - Checking Delayed Authentication Protocol for Client
Client
C_RFC3315_21.4.1_DelayedAuthProto.seq [-tooloption...]
-pkt C_RFC3315_21.4.1_DelayedAuthProto.def
-tooloption : v6eval tool option
See Also DHCPv6.def
NUT(Client)
|
|
Link0 --+--------+------------------------ 3ffe:501:ffff:100::/64
|
|
TN(Server)
To validate an incoming message, the receiver first checks that the
value in the replay detection field is acceptable according to the
replay detection method specified by the RDM field. Next, the
receiver computes the MAC as described in [8]. The entire DHCP
message (setting the MAC field of the authentication option to 0) is
used as input to the HMAC-MD5 computation function. If the MAC
computed by the receiver does not match the MAC contained in the
authentication option, the receiver MUST discard the DHCP message.
- Configurations
Enable Delayed Authenticaion Protocol Service
Authenticaion parameter
- DHCP realm: DHCPv6.TEST.EXAMPLE.COM
- Client DUID: ANY
- Key id: 1
- Shared secret key: TAHITEST_VALID12
| Device Name |
Device Type |
Interface |
Address |
Link Local Addr |
MAC Addr |
| Client |
NUT |
Link0 |
|
NUT's Linklocal address |
NUT's MAC address |
| Server |
TN |
Link0 |
3ffe:501:ffff:100:200:ff:fe00:a1a1 |
fe80::200:ff:fe00:a1a1 |
00:00:00:00:a1:a1 |
NUT TN
| |
| |Initialize NUT (as a DHCPv6 client)
| |
| ----> |Solicit w/ Authentication Option (1*)
| <---- |Advertise w/ Authentication Option
| ----> |Request w/ Authentication Option (3*)
| <---- |Reply w/ Authentication Option
| |
| <---- |Echo Request
| ----> |Echo Reply (6*)
| |
(1*)PASS: TN receives Solicit w/ Authentication Option from NUT.
(3*)PASS: TN receives Request w/ Authentication Option from NUT.
(6*)PASS: NUT should send Echo Reply to TN.
N/A
see also RFC3315
21.4.4 Client Considerations for Delayed Authentication protocol
22.11 Authentication Option
perldoc V6evalTool