C_RFC3315_21.4.2_MD5Mismatch.seq - Computed MD5 is mismatched
Client
C_RFC3315_21.4.2_MD5Mismatch.seq [-tooloption...]
-pkt DHCPv6.def
NUT(Client)
|
|
Link0 --+--------+------------------------ 3ffe:501:ffff:100::/64
|
|
TN(Server)
To validate an incoming message, the receiver first checks that the
value in the replay detection field is acceptable according to the
replay detection method specified by the RDM field. Next, the
receiver computes the MAC as described in [8]. The entire DHCP
message (setting the MAC field of the authentication option to 0) is
used as input to the HMAC-MD5 computation function. If the MAC
computed by the receiver does not match the MAC contained in the
authentication option, the receiver MUST discard the DHCP message.
- Configurations
Enable Delayed Authenticaion Protocol Service
Authenticaion parameter
- DHCP realm: DHCPv6.TEST.EXAMPLE.COM
- Client DUID: ANY
- Key id: 1
- Shared secret key: TAHITEST_VALID12
| Device Name |
Device Type |
Interface |
Address |
Link Local Addr |
MAC Addr |
| Client |
NUT |
Link0 |
|
NUT's Linklocal address |
NUT's MAC address |
| Server |
TN |
Link0 |
3ffe:501:ffff:100:200:ff:fe00:a1a1 |
fe80::200:ff:fe00:a1a1 |
00:00:00:00:a1:a1 |
NUT TN
| |
| |Initialize NUT (as a DHCPv6 client)
| |
| ----> |Solicit w/ Authentication Option
| <---- |Advertise w/ Authentication Option
| | including shared secret key ="TAHITEST_INVALID"
| <---- |Advertise w/ Authentication Option
| | including shared secret key ="TAHITEST_VALID12"
| ----> |Request w/ Authentication Option (4*)
| |
(4*)PASS: TN discards 1st Advertise message
TN responds to 2nd received Advertise message from NUT.
N/A
see also RFC3315
21.4.2 Message Validation
22.11 Authentication Option
perldoc V6evalTool