OSPF认证的配置
实验拓扑图
实验过程
1.R1的预配置
Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R1 R1(config)#int lo0 R1(config-if)#ip add 10.1.1.1 255.255.255.0 R1(config-if)#exit R1(config)#int lo1 R1(config-if)#ip add 10.1.2.1 255.255.255.0 R1(config-if)#exit R1(config)#int s0/0 R1(config-if)#no shut R1(config-if)#ip add 192.168.1.1 255.255.255.252 R1(config-if)#exit |
2.R2的预配置
Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R2 R2(config)#int s0/0 R2(config-if)#no shut R2(config-if)#ip add 192.168.1.2 255.255.255.252 R2(config-if)#exit R2(config)#int s0/1 R2(config-if)#no shut R2(config-if)#ip add 192.168.1.5 255.255.255.252 R2(config-if)#exit |
3.R3的预配置
Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R3 R3(config)#int s0/1 R3(config-if)#no shut R3(config-if)#ip add 192.168.1.6 255.255.255.252 R3(config-if)#exit R3(config)#int s0/2 R3(config-if)#no shut R3(config-if)#ip add 192.168.1.9 255.255.255.252 R3(config-if)#exit |
4.R4的预配置
Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#no exec-timeout Router(config-line)#loggin syn Router(config-line)#exit Router(config)#host R4 R4(config)#int s0/2 R4(config-if)#no shut R4(config-if)#ip add 192.168.1.10 255.255.255.252 R4(config-if)#exit R4(config)#int lo0 R4(config-if)#ip add 172.16.1.1 255.255.255.0 R4(config-if)#exit R4(config)#int lo1 R4(config-if)#ip add 172.16.2.1 255.255.255.0 R4(config-if)#exit |
5.R1的OSPF配置
R1(config)#router ospf 1 R1(config-router)#net 10.1.1.1 0.0.0.0 area 1 R1(config-router)#net 10.1.2.1 0.0.0.0 area 1 R1(config-router)#net 192.168.1.1 0.0.0.0 area 1 R1(config-router)#end |
6.R2的OSPF配置
R2(config)#router ospf 1 R2(config-router)#net 192.168.1.2 0.0.0.0 area 1 R2(config-router)#net 192.168.1.5 0.0.0.0 area 0 R2(config-router)#end |
7.R3的OSPF配置
R3(config)#router ospf 1 R3(config-router)#net 192.168.1.6 0.0.0.0 area 0 R3(config-router)#net 192.168.1.9 0.0.0.0 area 2 R3(config-router)#end |
8.R4的OSPF配置
R4(config)#router ospf 1 R4(config-router)#net 192.168.1.10 0.0.0.0 area 2 R4(config-router)#net 172.16.1.1 0.0.0.0 area 2 R4(config-router)#net 172.16.2.1 0.0.0.0 area 2 R4(config-router)#end |
9.测试连通性
R1#ping 172.16.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/54/108 ms R1#ping 172.16.2.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/61/124 ms |
10.查看OSPF邻居表
R1#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface 192.168.1.5 0 FULL/ - 00:00:38 192.168.1.2 Serial0/0 |
11.在R1上配置明文认证
R1(config)#int s0/0 R1(config-if)#ip ospf authentication //启用OSPF认证 R1(config-if)#ip ospf authentication-key cisco //配置认证密码 R1(config-if)#end *Mar 1 00:32:38.571: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired //邻居不能建立,因为R2没有配置认证。 |
12.在R2上配置明文认证
R2(config)#int s0/0 R2(config-if)#ip ospf authentication R2(config-if)#ip ospf authentication-key cisco R2(config-if)#end *Mar 1 00:35:18.311: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.2.1 on Serial0/0 from LOADING to FULL, Loading Done //两端认证成功,因此邻居关系建立成功 |
13.在R3上配置密文认证
R3(config)#int s0/2 R3(config-if)#ip ospf authentication message-digest R3(config-if)#ip ospf message-digest-key 1 md5 cisco R3(config-if)#end *Mar 1 00:42:29.655: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.2.1 on Serial0/2 from FULL to DOWN, Neighbor Down: Dead timer expired |
14.在R4上配置密文认证
R4(config)#int s0/2 R4(config-if)#ip ospf authentication message-digest R4(config-if)#ip ospf message-digest-key 1 md5 cisco R4(config-if)#end *Mar 1 00:43:48.775: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.9 on Serial0/2 from LOADING to FULL, Loading Done |
15.再次测试连通性
R4#ping 10.1.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/48/92 ms |
转载于:https://blog.51cto.com/mxn19871215/482993