当前位置: 首页>前端>正文

ospf验证方法 ospf验证配置

OSPF身份验证方式:

(1)NULL

(2)简单密码身份验证

(3)MD5身份验证

身份验证又分接口级别身份验证和区域级别身份验证和virtual-link身份验证

配置简单密码身份验证:

接口级别的身份验证:

ospf验证方法 ospf验证配置,ospf验证方法 ospf验证配置_ospf验证方法,第1张

配置简单身份验证:

第一步: 使用接口配置命令ip ospf authentication-key password 指定一个密码(密钥),用于对邻接路由器进行OSPF简单密码身份验证。

                 

第二步:使用接口配置命令ip ospf authentication [message-digest | null] MD5 指定身份验证类型 

R1的配置:

R1#config t
 R1(config)#int lo0 
 R1(config-if)#ip add 1.1.1.1 255.255.255.0
 R1(config-if)#no shut
 R1(config-if)#int s1/0
 R1(config-if)#ip add 192.168.12.1 255.255.255.0
 R1(config-if)#no shut  R1(config-if)#ip ospf authentication 

 R1(config-if)#ip ospf authentication-key cisco
 R1(config-if)#endR1(config)#router ospf 100
R1(config-router)#net 192.168.12.0 0.0.0.255 a 0
 R1(config-router)#net 1.1.1.1 0.0.0.255 a 0R1#show ip ospf database 


             OSPF Router with ID (1.1.1.1) (Process ID 100)


                 Router Link States (Area 0)


 Link ID         ADV Router      Age         Seq#       Checksum Link count
 1.1.1.1         1.1.1.1         254         0x80000003 0x00B2DE 3
 2.2.2.2         2.2.2.2         255         0x80000002 0x00F197 3

########通过上面看出只有一类LSA###########################

R1#show ip ospf neighbor 


 Neighbor ID     Pri   State           Dead Time   Address         Interface
 2.2.2.2           0   FULL/  -        00:00:33    192.168.12.2    Serial1/0

########与2.2.2.2已经形成邻居关系###########################

R2的配置:

R2#config t
 R2(config)#int lo0 
 R2(config-if)#ip add 2.2.2.2 255.255.255.0
 R2(config-if)#no shut
 R2(config-if)#int s1/0
 R2(config-if)#ip add 192.168.12.2 255.255.255.0
 R2(config-if)#no shut
 R2(config-if)#int 
 R2(config-if)#int s1/1
 R2(config-if)#ip add 192.168.23.1 255.255.255.0
 R2(config-if)#no shut
 R2(config-if)#exit
 R2(config)#do ping 192.168.12.1


 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/36 ms
 R2(config)#do ping 1.1.1.1


 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
 .
 *Mar  1 01:16:32.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down....
 Success rate is 0 percent (0/5)
R2(config)#int s1/0
 R2(config-if)#ip ospf authentication
 R2(config-if)#ip ospf authentication-key cisco
 R2(config-if)#exit
 R2(config)#router ospf 100
 R2(config-router)#net 2.2.2.2 0.0.0.255 a 0
 R2(config-router)#net 192.168.12.0 0.0.0.255 a 0
 R2(config-router)#end
 R2#show ip ospf neighbor #检查邻居的生成状态


 Neighbor ID     Pri   State           Dead Time   Address         Interface
 1.1.1.1           0   FULL/  -        00:00:38    192.168.12.1    Serial1/0

 R2#show ip ospf database #查看拥有几类LSA


             OSPF Router with ID (2.2.2.2) (Process ID 100)


                 Router Link States (Area 0)


 Link ID         ADV Router      Age         Seq#       Checksum Link count
 1.1.1.1         1.1.1.1         24          0x80000003 0x00B2DE 3
 2.2.2.2         2.2.2.2         23          0x80000002 0x00F197 3


########通过上面看出只有一类LSA############################

验证简单密码身份验证:

R1上的路由器输出:

R1#show ip ospf interface 
 Loopback0 is up, line protocol is up 
   Internet Address 1.1.1.1/24, Area 0 
   Process ID 100, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
   Loopback interface is treated as a stub Host
 Serial1/0 is up, line protocol is up 
   Internet Address 192.168.12.1/24, Area 0 
   Process ID 100, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
   Transmit Delay is 1 sec, State POINT_TO_POINT
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     oob-resync timeout 40
     Hello due in 00:00:00
   Supports Link-local Signaling (LLS)
   Cisco NSF helper support enabled
   IETF NSF helper support enabled
   Index 1/1, flood queue length 0
   Next 0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 1
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1 
     Adjacent with neighbor 2.2.2.2
   Suppress hello for 0 neighbor(s)
   Simple password authentication enabled


R2上路由器的输出:

R2#show ip ospf interface 
 Serial1/0 is up, line protocol is up 
   Internet Address 192.168.12.2/24, Area 0 
   Process ID 100, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
   Transmit Delay is 1 sec, State POINT_TO_POINT
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     oob-resync timeout 40
     Hello due in 00:00:07
   Supports Link-local Signaling (LLS)
   Cisco NSF helper support enabled
   IETF NSF helper support enabled
   Index 2/2, flood queue length 0
   Next 0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 1
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1 
     Adjacent with neighbor 1.1.1.1
   Suppress hello for 0 neighbor(s)
   Simple password authentication enabled
 Loopback0 is up, line protocol is up 
   Internet Address 2.2.2.2/24, Area 0 
   Process ID 100, Router ID 2.2.2.2, Network Type LOOPBACK, Cost: 1
   Loopback interface is treated as a stub Host

区域级别的简单身份验证(以及调试输出):区域级别的身份验证涉及区域的接口都要启用认证

第一步: 使用接口配置命令ip ospf authentication-key password 指定一个密码(密钥),用于对邻接路由器进行OSPF简单密码身份验证。

第二步:使用接口配置命令ip ospf authentication [message-digest | null] MD5 指定身份验证类型 。

第三步:在路由协议模式下area area-id authentic-cation [message-digest]


R1#debug ip ospf adj


############查看有那些邻接关系及邻接双方接口信息################################################


OSPF adjacency events debugging is on
 R1#debug ip ospf event
 OSPF events debugging is on
 R1#config t
 Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int lo0
 R1(config-if)#ip ospf authentication-key cisco
 R1(config-if)#exit
 R1(config)#int s1/0
 R1(config-if)#ip ospf authentication-key cisco
 R1(config-if)#exit 


 R1(config)#router ospf 100
 R1(config-router)#net 1.1.1.1 0.0.0.255 a 0
 *Mar  1 01:44:33.551: OSPF: Interface Loopback0 going Up
 *Mar  1 01:44:34.055: OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq 0x80000001, process 100
 R1(config-router)#net 192.168.12.0 0.0.0.255 a 0
 *Mar  1 01:44:48.395: OSPF: Interface Serial1/0 going Up
 *Mar  1 01:44:48.395: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.1
 *Mar  1 01:44:48.455: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial1/0 192.168.12.2
 *Mar  1 01:44:48.455: OSPF: 2 Way Communication to 2.2.2.2 on Serial1/0, state 2WAY
 *Mar  1 01:44:48.455: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x1A11 opt 0x52 flag 0x7 len 32
 *Mar  1 01:44:48.459: OSPF: Send immediate hello to nbr 2.2.2.2, src address 192.168.12.2, on Serial1/0
 *Mar  1 01:44:48.459: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.1
 *Mar  1 01:44:48.459: OSPF: End of hello processing
 *Mar  1 01:44:48.495: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x1AD4 opt 0x52 flag 0x7 len 32  mtu 1500 state EXSTART
 *Mar  1 01:44:48.499: OSPF: NBR Negotiation Done. We are the SLAVE
 *Mar  1 01:44:48.499: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x1AD4 opt 0x52 flag 0x2 len 52
 *Mar  1 01:44:48.515: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x1AD5 opt 0x52 flag 0x3 len 52  mtu 1500 state EXCHANGE
 *Mar  1 01:44:48.519: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x1AD5 opt 0x52 flag 0x0 len 32
 *Mar  1 01:44:48.535: OSPF: Rcv DBD from 2.2.2.2 on Serial1/0 seq 0x1AD6 opt 0x52 flag 0x1 len 32  mtu 1500 state EXCHANGE
 *Mar  1 01:44:48.539: OSPF: Exchange Done with 2.2.2.2 on Serial1/0
 *Mar  1 01:44:48.539: OSPF: Send LS REQ to 2.2.2.2 length 12 LSA count 1
 *Mar  1 01:44:48.539: OSPF: Send DBD to 2.2.2.2 on Serial1/0 seq 0x1AD6 opt 0x52 flag 0x0 len 32
 *Mar  1 01:44:48.543: OSPF: Rcv LS REQ from 2.2.2.2 on Serial1/0 length 36 LSA count 1
 *Mar  1 01:44:48.543: OSPF: Send UPD to 192.168.12.2 on Serial1/0 length 40 LSA count 1
 *Mar  1 01:44:48.555: OSPF: Rcv LS UPD from 2.2.2.2 on Serial1/0 length 76 LSA count 1
 *Mar  1 01:44:48.559: OSPF: Synchronized with 2.2.2.2 on Serial1/0, state FULL
 *Mar  1 01:44:48.559: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Serial1/0 from LOADING to FULL, Loading Done
 *Mar  1 01:44:48.895: OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq 0x80000002, process 100
 *Mar  1 01:44:48.927: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial1/0 192.168.12.2
 *Mar  1 01:44:48.927: OSPF: End of hello processing
 *Mar  1 01:44:49.059: OSPF: Rcv LS UPD from 2.2.2.2 on Serial1/0 length 88 LSA count 1
R1(config-router)#area 0 authentication 
 *Mar  1 01:44:58.395: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.1
 *Mar  1 01:44:58.895: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial1/0 192.168.12.2
 *Mar  1 01:44:58.895: OSPF: End of hello processing
 R1(config-router)#end
 *Mar  1 01:45:00.639: %SYS-5-CONFIG_I: Configured from console by console
 R1#show ip route 
 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route


 Gateway of last resort is not set


 C    192.168.12.0/24 is directly connected, Serial1/0
      1.0.0.0/24 is subnetted, 1 subnets
 C       1.1.1.0 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
 O       2.2.2.2 [110/65] via 192.168.12.2, 00:00:06, Serial1/0
 *Mar  1 01:45:08.395: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.1
 *Mar  1 01:45:08.899: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial1/0 192.168.12.2
 *Mar  1 01:45:08.899: OSPF: End of hello processing
 R1#show ip ospf interface 
 Serial1/0 is up, line protocol is up 
   Internet Address 192.168.12.1/24, Area 0 
   Process ID 100, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
   Transmit Delay is 1 sec, State POINT_TO_POINT
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     oob-resync timeout 40
     Hello due in 00:00:03
   Supports Link-local Signaling (LLS)
   Cisco NSF helper support enabled
   IETF NSF helper support enabled
   Index 2/2, flood queue length 0
   Next 0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 1
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1 
     Adjacent with neighbor 2.2.2.2
   Suppress hello for 0 neighbor(s)
   Simple password authentication enabled
 Loopback0 is up, line protocol is up 
   Internet Address 1.1.1.1/24, Area 0 
   Process ID 100, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
   Loopback interface is treated as a stub Host
 R1#
 *Mar  1 01:45:18.395: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 192.168.12.1
 *Mar  1 01:45:18.899: OSPF: Rcv hello from 2.2.2.2 area 0 from Serial1/0 192.168.12.2
 *Mar  1 01:45:18.899: OSPF: End of hello processing

R2的配置说明:

R2#debug ip ospf adj
 OSPF adjacency events debugging is on
 R2#debug ip ospf events 
 OSPF events debugging is on
 R2#config t
 Enter configuration commands, one per line.  End with CNTL/Z.
 R2(config)#int s1/0
 R2(config-if)#ip ospf authentication
 R2(config-if)#ip ospf authentication-key cisco
 R2(config-if)#end
 R2(config)#int lo0
 R2(config-if)#ip ospf authentication
 R2(config-if)#ip ospf authentication-key cisco
 R2(config-if)#end
 R2(config)#router ospf 100
 R2(config-router)#net 2.2.2.2 0.0.0.255 a 0
 R2(config-router)#net 192.168.12.0 0.0.0.255 a 0
 R2(config-router)#area 0 authentication




配置MD5身份验证:

接口模式下配置MD5身份验证:

第一步:使用接口配置命令ip ospf authentication [message-digest | null]指定身份验证类型。如果是MD5则选择message-digest。

第二步: 使用接口配置命令ip ospf message-digest-key key-id md5 key给采用OSPF MD5身份验证的路由器指定要使用的密钥ID和密钥。

                 key-id 取值范围为0~255的标志符

                 key      由数字和字母组成的密码,最长16个字符

配置略

区域模式下配置MD5身份验证:

第一步: 使用接口配置命令ip ospf message-digest-key key-id md5 key 指定一个密码(密钥),用于对邻接路由器进行OSPF简单密码身份验证。
第二步:使用接口配置命令ip ospf authentication [message-digest | null] MD5 指定身份验证类型 。
第三步:在路由协议模式下area area-id authentic-cation message-digest

R1(config)#inter f0/0 
R1(config-if)#ip ospf   message-digest-key 1 md5 0 testtest
 R1(config-if)#inter f1/0 
R1(config-if)#ip ospf   message-digest-key 1 md5 0 testtest

============== 1表示密匙链ID,取值1-255; md5表示使用MD5加密; 0代表加密类型,0为缺省,7为cisco私有,testtest为密码。 ============

R1(config-if)#exit
 R1(config)#router ospf 10
 R1(config-router)#area 1 authentication message-digest

 ========================== area 1 authentication message-digest 表示area1传送摘要而不传送明文,如果不配置则传送明文 ========================== 

R2(config)#inter f0/0 
R2(config-if)#ip ospf   message-digest-key 1 md5 0 testtest 
R2(config-if)#exit
 R2(config)#router ospf 10

R2(config-router)#area 1 authentication message-digest   其余路由器正常配置   注:开启认证则区域内的路由器全部要开启认证。选择摘要传输就必须配置md5类型的密匙。  


https://www.xamrdz.com/web/27c1961669.html

相关文章: