OSPF的认证-白红宇

OSPF的认证

阅读量：5771 次

发布时间：2019-06-18

本文共 14798 字，大约阅读时间需要 49 分钟。

OSPF的认证分为基于区域和基于链路的认证两种，其中基于链路的认证优于基于区域的认证。

网络拓扑：

一、基于区域的认证配置

A、明文认证：

1、RA的配置如下：

Router(config)#hostname RA
RA(config)#interface Loopback0
RA(config-if)#ip address 1.1.1.1 255.255.255.0
RA(config-if)#ip ospf network point-to-point
RA(config-if)#exit
RA(config)#interface Serial0/0
RA(config-if)#ip address 10.0.0.1 255.255.255.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface Serial0/1
RA(config-if)#ip address 20.0.0.1 255.255.255.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#router ospf 1
RA(config-router)#router-id 1.1.1.1
RA(config-router)#network 1.1.1.0 0.0.0.255 area 0
RA(config-router)#network 10.0.0.0 0.0.0.255 area 0
RA(config-router)#network 20.0.0.0 0.0.0.255 area 0
RA(config-router)#area 0 authentication
RA(config-router)#exit
RA(config)#interface Serial0/0
RA(config-if)#ip ospf authentication-key cisco
RA(config-if)#exit
RA(config)#interface Serial0/1
RA(config-if)#ip ospf authentication-key cisco
RA(config-if)#exit

2、RB的配置如下：

Router(config)#hostname RB
RB(config)#interface Loopback0
RB(config-if)#ip address 2.2.2.2 255.255.255.0
RB(config-if)#ip ospf network point-to-point
RB(config-if)#exit
RB(config)#interface Serial0/0
RB(config-if)#ip address 10.0.0.2 255.255.255.0
RB(config-if)#no shutdown
RB(config-if)#exit
RB(config)#interface Serial0/2
RB(config-if)#ip address 30.0.0.1 255.255.255.0
RB(config-if)#no shutdown
RB(config-if)#exit
RB(config)#router ospf 1
RB(config-router)#router-id 2.2.2.2
RB(config-router)#network 2.2.2.0 0.0.0.255 area 0
RB(config-router)#network 10.0.0.0 0.0.0.255 area 0
RB(config-router)#network 30.0.0.0 0.0.0.255 area 0
RB(config-router)#area 0 authentication
RB(config-router)#exit
RB(config)#interface Serial0/0
RB(config-if)#ip ospf authentication-key cisco
RB(config-if)#exit
RB(config)#interface Serial0/2
RB(config-if)#ip ospf authentication-key cisco
RB(config-if)#exit

3、RC的配置如下：

Router(config)#hostname RC
RC(config)#interface Loopback0
RC(config-if)#ip address 3.3.3.3 255.255.255.0
RC(config-if)#ip ospf network point-to-point
RC(config-if)#exit
RC(config)#interface Serial0/1
RC(config-if)#ip address 20.0.0.2 255.255.255.0
RC(config-if)#no shutdown
RC(config-if)#exit
RC(config)#interface Serial0/2
RC(config-if)#ip address 30.0.0.2 255.255.255.0
RC(config-if)#no shutdown
RC(config-if)#exit
RC(config)#router ospf 1
RC(config-router)#router-id 3.3.3.3
RC(config-router)#network 3.3.3.0 0.0.0.255 area 0
RC(config-router)#network 20.0.0.0 0.0.0.255 area 0
RC(config-router)#network 30.0.0.0 0.0.0.255 area 0
RC(config-router)#area 0 authentication
RC(config-router)#exit
RC(config)#interface Serial0/1
RC(config-if)#ip ospf authentication-key cisco
RC(config-if)#exit
RC(config)#interface Serial0/2
RC(config-if)#ip ospf authentication-key cisco
RC(config-if)#exit

4、验证配置：

RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has simple password authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0xC461
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has simple password authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x908A
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

RC#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has simple password authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x5EB2
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

====================================================================

B、MD5认证：首先，删除明文认证配置；然后，再配置MD5认证。

1、RA的配置如下：

RA(config)#router ospf 1
RA(config-router)#no area 0 authentication
RA(config-router)#area 0 authentication message-digest
RA(config-router)#exit
RA(config)#interface Serial0/0
RA(config-if)#no ip ospf authentication-key cisco
RA(config-if)#ip ospf message-digest-key 1 md5 cisco
RA(config-if)#exit
RA(config)#interface Serial0/1
RA(config-if)#no ip ospf authentication-key cisco
RA(config-if)#ip ospf message-digest-key 1 md5 cisco
RA(config-if)#exit

2、RB的配置如下：

RB(config)#router ospf 1
RB(config-router)#no area 0 authentication
RB(config-router)#area 0 authentication message-digest
RB(config-router)#exit
RB(config)#interface Serial0/0
RB(config-if)#no ip ospf authentication-key cisco
RB(config-if)#ip ospf message-digest-key 1 md5 cisco
RB(config-if)#exit
RB(config)#interface Serial0/2
RB(config-if)#no ip ospf authentication-key cisco
RB(config-if)#ip ospf message-digest-key 1 md5 cisco
RB(config-if)#exit

3、RC的配置如下：

RC(config)#router ospf 1
RC(config-router)#no area 0 authentication
RC(config-router)#area 0 authentication message-digest
RC(config-router)#exit
RC(config)#interface Serial0/1
RC(config-if)#no ip ospf authentication-key cisco
RC(config-if)#ip ospf message-digest-key 1 md5 cisco
RC(config-if)#exit
RC(config)#interface Serial0/2
RC(config-if)#no ip ospf authentication-key cisco
RC(config-if)#ip ospf message-digest-key 1 md5 cisco
RC(config-if)#exit

4、验证配置：

RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0.
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 ns
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has message digest authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0xC262
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has message digest authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x908A
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

RC#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has message digest authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x5CB3
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

====================================================================

二、基于链路的认证配置

基于链路的认证也分为明文认证和MD5认证。配置过程与基于区域的认证的配置过程基本相同；但是，需要删除“启动区域认证”的配置信息。

A、MD5认证：

1、RA的配置如下：

RA(config)#router ospf 1
RA(config-router)#no area 0 authentication message-digest

RA(config-router)#exit

!
interface Serial0/0
ip address 10.0.0.1 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 cisco
!
interface Serial0/1
ip address 20.0.0.1 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 cisco
!
router ospf 1
log-adjacency-changes
network 1.1.1.0 0.0.0.255 area 0
network 10.0.0.0 0.0.0.255 area 0
network 20.0.0.0 0.0.0.255 area 0
!

2、RB的配置如下：

RB(config)#router ospf 1
RB(config-router)#no area 0 authentication message-digest
RB(config-router)#exit

!
interface Serial0/0
ip address 10.0.0.2 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 cisco
!
interface Serial0/2
ip address 30.0.0.1 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 cisco
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
network 10.0.0.0 0.0.0.255 area 0
network 30.0.0.0 0.0.0.255 area 0
!

3、RC的配置如下：

RC(config)#router ospf 1
RC(config-router)#no area 0 authentication message-digest
RC(config-router)#exit

!
interface Serial0/1
ip address 20.0.0.2 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 ci
!
interface Serial0/2
ip address 30.0.0.2 255.255.255.0
ip ospf authentication
ip ospf message-digest-key 1 md5 ci
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.0 0.0.0.255 area 0
network 20.0.0.0 0.0.0.255 area 0
network 30.0.0.0 0.0.0.255 area 0
!

4、验证配置：

RA#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 and Domain ID 0.0.0.
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has no authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0xBE64
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

====================================================================

B、明文认证：首先，删除MD5认证信息；然后，再配置明文认证。

1、RA的配置如下：

RA(config)#interface Serial0/0
RA(config-if)#no ip ospf message-digest-key 1 md5 cisco

RA(config-if)#ip ospf authentication-key cisco
RA(config-if)#exit
RA(config)#interface Serial0/1
RA(config-if)#no ip ospf message-digest-key 1 md5 cisco
RA(config-if)#ip ospf authentication-key cisco
RA(config-if)#exit

2、RB的配置如下：

RB(config)#interface Serial0/0
RB(config-if)#no ip ospf message-digest-key 1 md5 cisco

RB(config-if)#ip ospf authentication-key cisco
RB(config-if)#exit
RB(config)#interface Serial0/2
RB(config-if)#no ip ospf message-digest-key 1 md5 cisco
RB(config-if)#ip ospf authentication-key cisco

RB(config-if)#exit

3、RC的配置如下：

RC(config)#interface Serial0/1
RC(config-if)#no ip ospf message-digest-key 1 md5 cisco
RC(config-if)#ip ospf authentication-key cisco
RC(config-if)#exit
RC(config)#interface Serial0/2
RC(config-if)#no ip ospf message-digest-key 1 md5 cisco
RC(config-if)#ip ospf authentication-key cisco
RC(config-if)#exit

4、验证配置：

RB#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2 and Domain ID 0.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 3
        Area has no authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x8A8D
        Number of opaque link LSA 0. Checksum Sum 0x0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

本文出自 “” 博客，请务必保留此出处

转载于:https://blog.51cto.com/taiguoqing/1063711

你可能感兴趣的文章

定制Three.js中Material属性

查看>>

在进行make之前，configure的时候，请先清理config.cache

查看>>

结对编程-四则运算