登录站点

用户名

密码

OSPF(三):基于区域的OSPF简单口令认证

已有 1869 次阅读  2013-09-28 00:42   标签OSPF  认证 

1、配置路由器R1
R1(config)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#int s0/0
R1(config-if)#no shut
R1(config-if)#ip add 192.168.12.1 255.255.255.0
R1(config-if)#exit
R1(config)#router ospf 110
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 1.1.1.1 0.0.0.255 a 0
R1(config-router)#net 192.168.12.0 0.0.0.255 a 0
R1(config-router)#area 0 authentication     //区域0启用简单口令认证
R1(config-router)#exit
R1(config)#int s0/0
R1(config-if)#ip ospf authentication-key cisco   //配置认证密码
 
2、配置路由器R2
R2(config)#int lo 0
R2(config-if)#ip add 2.2.2.2 255.255.255.0
R2(config-if)#int s0/0
R2(config-if)#no shut
R2(config-if)#ip add 192.168.12.2 255.255.255.0
R2(config-if)#exit
R2(config)#router ospf 110
R2(config-router)#router-id 2.2.2.2
R2(config-router)#net 2.2.2.2 0.0.0.255 a 0
R2(config-router)#net 192.168.12.0 0.0.0.255 a 0
R2(config-router)#area 0 authentication
R2(config-router)#exit
R2(config)#int s0/0
R2(config-if)#ip ospf authentication-key cisco
 
3、实验查看与调试
(1)show ip ospf interface
R1#sh ip ospf interface
Serial0/0 is up, line protocol is up
  Internet Address 192.168.12.1/24, Area 0
  Process ID 110, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:02
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled
  //以上输出最后一行信息表明该接口启用了简单口令认证
Loopback0 is up, line protocol is up
  Internet Address 1.1.1.1/24, Area 0
  Process ID 110, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
(2)show ip ospf
R1#sh ip ospf
 Routing Process "ospf 110" with ID 1.1.1.1
 Start time: 00:01:54.260, Time elapsed: 00:10:52.108
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 2 (1 loopback)
        Area has simple password authentication
        SPF algorithm last executed 00:02:27.252 ago
        SPF algorithm executed 5 times
        Area ranges are
        Number of LSA 2. Checksum Sum 0x01B75E
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
//以上输出表明区域0采用简单口令认证。

PS:①如果R1区域0没有启动认证,而R2区域0启动简单口令认证,则R2上出现下面的信息:
*Sep 6 13:03:05.691: OSPF: Rcv pkt from 192.168.12.1, Serial0/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1
②如果R1和R2的区域0都启动简单口令认证,但是R2的接口下没有配置密码或密码错误,则R2上出现下面的信息:
*Sep 6 13:10:09.323: OSPF: Rcv pkt from 192.168.12.1, Serial0/0 : Mismatch Authentication Key - Clear Text
分享 举报