登录站点

用户名

密码

OSPF(六):基于链路的OSPF MD5认证

已有 2578 次阅读  2013-09-28 01:21   标签OSPF  链路认证  MD5 

1、配置路由器R1
R1(config)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#int s0/0
R1(config-if)#no shut
R1(config-if)#ip add 192.168.12.1 255.255.255.0
R1(config-if)#exit
R1(config)#router ospf 110
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 1.1.1.1 0.0.0.255 a 0
R1(config-router)#net 192.168.12.0 0.0.0.255 a 0
R1(config)#int s0/0
R1(config-if)#ip ospf authentication message-digest   //接口s0/0/0启用MD5认证
R1(config-if)#ip ospf message-digest-key 1 md5 cisco  //配置认证key ID及密匙
 
2、配置路由器R2
R2(config)#int lo 0
R2(config-if)#ip add 2.2.2.2 255.255.255.0
R2(config-if)#int s0/0
R2(config-if)#no shut
R2(config-if)#ip add 192.168.12.2 255.255.255.0
R2(config-if)#exit
R2(config)#router ospf 110
R2(config-router)#router-id 2.2.2.2
R2(config-router)#net 2.2.2.2 0.0.0.255 a 0
R2(config-router)#net 192.168.12.0 0.0.0.255 a 0
R2(config)#int s0/0
R2(config-if)#ip os authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
 
3、show ip ospf interface
R1#sh ip ospf interface
Serial0/0 is up, line protocol is up
  Internet Address 192.168.12.1/24, Area 0
  Process ID 110, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1
  //输出最后两行信息表明该接口启用了MD5认证,而且密钥ID为1 。
Loopback0 is up, line protocol is up
  Internet Address 1.1.1.1/24, Area 0
  Process ID 110, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
 
PS:①如果R1的s0/0启动MD5认证,而R2的s0/0启动简单口令认证,则R2上出现下面的信息:
*Sep 6 13:56:45.699: OSPF: Rcv pkt from 192.168.12.1, Serial0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 1
②如果R1和R2的s0/0/0都启动MD5认证,但是R2的接口下没有配置key ID和密码,则R2上出现下面的信息:
*Sep 6 13:58:35.687: OSPF: Rcv pkt from 192.168.12.1, Serial0/0 : Mismatch Authentication Key - No message digest key 1 on interface
分享 举报