OSPF 認證
1.實驗目的
通過本實驗可以掌握:
(1)OSPF 認證的類型和意義
(2)基於區域的OSPF 簡單口令認證的配置和調試
2實驗環境
如下圖所示
3.實驗步驟
(1)步驟1:配置路由器R1
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1 .1
R1(config-router)#network 192.168.12.0 255.255.255.0 area 0
R1(config-router)#network 1.1.1 .0 255.255.255.0 area 0
R1(config-router)#area 0 authentication //區域0 啓用簡單口令認證
R1(config)#interface s0/0/0
R1(config-if)#ip ospf authentication-key cisco //配置認證密碼
(2)步驟2:配置路由器R2
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2 .2
R2(config-router)#network 2.2.2 .0 255.255.255.0 area 0
R2(config-router)#network 192.168.12.0 255.255.255.0 area 0
R2(config-router)#area 0 authentication
R2(config)#interface s0/0/0
R2(config-if)#ip ospf authentication-key cisco
4.實驗調試
(1)show ip ospf interface
R1#show ip ospf interface s0/0/0
Serial0/0/0 is up, line protocol is up
Internet Address 192.168.12.1/24, Area 0
Process ID 1, Router ID 1.1.1 .1, Network Type POINT_TO_POINT, Cost: 781
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
以上輸出最後一行信息表明該接口啓用了簡單口令認證。
(2)show ip ospf
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1 .1
Supports only single TOS(TOS0) routes
......
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has simple password authentication
SPF algorithm last executed 00:00:01.916 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 2. Checksum Sum 0x010117
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
以上輸出表明區域0 採用簡單口令認證。
(3)如果R1 區域0 沒有啓動認證,而R2 區域0 啓動簡單口令認證,則R2 上出現下面
的信息:
*Feb 10 11:03:03.071: OSPF: Rcv pkt from 192.168.12.1, Serial0/0/0 : Mismatch
Authentication type. Input packet specified type 0, we use type 1
(4)如果R1 和R2 的區域0 都啓動簡單口令認證,但是R2 的接口下沒有配置密碼或密
碼錯誤,則R2 上出現下面的信息:
*Feb 10 10:55:53.071: OSPF: Rcv pkt from 192.168.12.1, Serial0/0/0 : Mismatch
Authentication Key - Clear Text