配置OSPF认证
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://weiqijun.blog.51cto.com/338163/73186 |
OSPF的认证分为基于区域和基于链路的认证两种,其中基于链路的认证优于基于区域的认证。
网络拓扑:
 一、基于区域的认证配置
A、明文认证:
1、RA的配置如下:
Router(config)#hostname RA
RA(config)#interface Loopback0 RA(config-if)#ip address 1.1.1.1 255.255.255.0 RA(config-if)#ip ospf network point-to-point RA(config-if)#exit RA(config)#interface Serial0/0 RA(config-if)#ip address 10.0.0.1 255.255.255.0 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#interface Serial0/1 RA(config-if)#ip address 20.0.0.1 255.255.255.0 RA(config-if)#no shutdown RA(config-if)#exit RA(config)#router ospf 1 RA(config-router)#router-id 1.1.1.1 RA(config-router)#network 1.1.1.0 0.0.0.255 area 0 RA(config-router)#network 10.0.0.0 0.0.0.255 area 0 RA(config-router)#network 20.0.0.0 0.0.0.255 area 0 RA(config-router)#area 0 authentication RA(config-router)#exit RA(config)#interface Serial0/0 RA(config-if)#ip ospf authentication-key cisco RA(config-if)#exit RA(config)#interface Serial0/1 RA(config-if)#ip ospf authentication-key cisco RA(config-if)#exit 2、RB的配置如下:
Router(config)#hostname RB RB(config)#interface Loopback0 RB(config-if)#ip address 2.2.2.2 255.255.255.0 RB(config-if)#ip ospf network point-to-point RB(config-if)#exit RB(config)#interface Serial0/0 RB(config-if)#ip address 10.0.0.2 255.255.255.0 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#interface Serial0/2 RB(config-if)#ip address 30.0.0.1 255.255.255.0 RB(config-if)#no shutdown RB(config-if)#exit RB(config)#router ospf 1 RB(config-router)#router-id 2.2.2.2 RB(config-router)#network 2.2.2.0 0.0.0.255 area 0 RB(config-router)#network 10.0.0.0 0.0.0.255 area 0 RB(config-router)#network 30.0.0.0 0.0.0.255 area 0 RB(config-router)#area 0 authentication RB(config-router)#exit RB(config)#interface Serial0/0 RB(config-if)#ip ospf authentication-key cisco RB(config-if)#exit RB(config)#interface Serial0/2 RB(config-if)#ip ospf authentication-key cisco RB(config-if)#exit 3、RC的配置如下:
Router(config)#hostname RC
RC(config)#interface Loopback0 RC(config-if)#ip address 3.3.3.3 255.255.255.0 RC(config-if)#ip ospf network point-to-point RC(config-if)#exit RC(config)#interface Serial0/1 RC(config-if)#ip address 20.0.0.2 255.255.255.0 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#interface Serial0/2 RC(config-if)#ip address 30.0.0.2 255.255.255.0 RC(config-if)#no shutdown RC(config-if)#exit RC(config)#router ospf 1 RC(config-router)#router-id 3.3.3.3 RC(config-router)#network 3.3.3.0 0.0.0.255 area 0 RC(config-router)#network 20.0.0.0 0.0.0.255 area 0 RC(config-router)#network 30.0.0.0 0.0.0.255 area 0 RC(config-router)#area 0 authentication RC(config-router)#exit RC(config)#interface Serial0/1 RC(config-if)#ip ospf authentication-key cisco RC(config-if)#exit RC(config)#interface Serial0/2 RC(config-if)#ip ospf authentication-key cisco RC(config-if)#exit 4、验证配置:
RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has simple password authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0xC461 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has simple password authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x908A Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RC#show ip ospf Routing Process "ospf 1" with ID 3.3.3.3 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has simple password authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x5EB2 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 ====================================================================
B、MD5认证:首先,删除明文认证配置;然后,再配置MD5认证。
1、RA的配置如下:
RA(config)#router ospf 1
RA(config-router)#no area 0 authentication RA(config-router)#area 0 authentication message-digest RA(config-router)#exit RA(config)#interface Serial0/0 RA(config-if)#no ip ospf authentication-key cisco RA(config-if)#ip ospf message-digest-key 1 md5 cisco RA(config-if)#exit RA(config)#interface Serial0/1 RA(config-if)#no ip ospf authentication-key cisco RA(config-if)#ip ospf message-digest-key 1 md5 cisco RA(config-if)#exit 2、RB的配置如下:
RB(config)#router ospf 1
RB(config-router)#no area 0 authentication RB(config-router)#area 0 authentication message-digest RB(config-router)#exit RB(config)#interface Serial0/0 RB(config-if)#no ip ospf authentication-key cisco RB(config-if)#ip ospf message-digest-key 1 md5 cisco RB(config-if)#exit RB(config)#interface Serial0/2 RB(config-if)#no ip ospf authentication-key cisco RB(config-if)#ip ospf message-digest-key 1 md5 cisco RB(config-if)#exit 3、RC的配置如下:
RC(config)#router ospf 1
RC(config-router)#no area 0 authentication RC(config-router)#area 0 authentication message-digest RC(config-router)#exit RC(config)#interface Serial0/1 RC(config-if)#no ip ospf authentication-key cisco RC(config-if)#ip ospf message-digest-key 1 md5 cisco RC(config-if)#exit RC(config)#interface Serial0/2 RC(config-if)#no ip ospf authentication-key cisco RC(config-if)#ip ospf message-digest-key 1 md5 cisco RC(config-if)#exit 4、验证配置:
RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0. Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 ns External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has message digest authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0xC262 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has message digest authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x908A Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RC#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has message digest authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x5CB3 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 ====================================================================
二、基于链路的认证配置
基于链路的认证也分为明文认证和MD5认证。配置过程与基于区域的认证的配置过程基本相同;但是,需要删除“启动区域认证”的配置信息。
A、MD5认证:
1、RA的配置如下:
RA(config)#router ospf 1
RA(config-router)#no area 0 authentication message-digest RA(config-router)#exit
!
interface Serial0/0 ip address 10.0.0.1 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 cisco ! interface Serial0/1 ip address 20.0.0.1 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 cisco ! router ospf 1 log-adjacency-changes network 1.1.1.0 0.0.0.255 area 0 network 10.0.0.0 0.0.0.255 area 0 network 20.0.0.0 0.0.0.255 area 0 ! 2、RB的配置如下:
RB(config)#router ospf 1
RB(config-router)#no area 0 authentication message-digest RB(config-router)#exit !
interface Serial0/0 ip address 10.0.0.2 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 cisco ! interface Serial0/2 ip address 30.0.0.1 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 cisco ! router ospf 1 router-id 2.2.2.2 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 10.0.0.0 0.0.0.255 area 0 network 30.0.0.0 0.0.0.255 area 0 ! 3、RC的配置如下:
RC(config)#router ospf 1
RC(config-router)#no area 0 authentication message-digest RC(config-router)#exit !
interface Serial0/1 ip address 20.0.0.2 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 ci ! interface Serial0/2 ip address 30.0.0.2 255.255.255.0 ip ospf authentication ip ospf message-digest-key 1 md5 ci ! router ospf 1 router-id 3.3.3.3 log-adjacency-changes network 3.3.3.0 0.0.0.255 area 0 network 20.0.0.0 0.0.0.255 area 0 network 30.0.0.0 0.0.0.255 area 0 ! 4、验证配置:
RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0.0.0. Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0xBE64 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 ====================================================================
B、明文认证:首先,删除MD5认证信息;然后,再配置明文认证。
1、RA的配置如下:
RA(config)#interface Serial0/0
RA(config-if)#no ip ospf message-digest-key 1 md5 cisco RA(config-if)#ip ospf authentication-key cisco RA(config-if)#exit RA(config)#interface Serial0/1 RA(config-if)#no ip ospf message-digest-key 1 md5 cisco RA(config-if)#ip ospf authentication-key cisco RA(config-if)#exit 2、RB的配置如下:
RB(config)#interface Serial0/0
RB(config-if)#no ip ospf message-digest-key 1 md5 cisco RB(config-if)#ip ospf authentication-key cisco RB(config-if)#exit RB(config)#interface Serial0/2 RB(config-if)#no ip ospf message-digest-key 1 md5 cisco RB(config-if)#ip ospf authentication-key cisco RB(config-if)#exit
3、RC的配置如下:
RC(config)#interface Serial0/1
RC(config-if)#no ip ospf message-digest-key 1 md5 cisco RC(config-if)#ip ospf authentication-key cisco RC(config-if)#exit RC(config)#interface Serial0/2 RC(config-if)#no ip ospf message-digest-key 1 md5 cisco RC(config-if)#ip ospf authentication-key cisco RC(config-if)#exit 4、验证配置:
RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x8A8D Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 本文出自 “Uione” 博客,请务必保留此出处http://weiqijun.blog.51cto.com/338163/73186 本文出自 51CTO.COM技术博客 |
weiqijun
博客统计信息
热门文章
最新评论
友情链接
