OSPF邻居加密认证配置

实验十三OSPF邻居加密认证配置

试验目的：

掌握OSPF的邻居加密认证配置

背景描述：

你是一名高级技术支持工程师，某企业的网络整个的网络环境是ospf。为了安全起见，新加入的路由器要通过认证，请你给予支持。

试验设备：

RG-RSR20 二台、网线若干

试验拓扑图：

实验步骤及要求：

1、配置各台路由器用户名和接口IP地址，并且使用ping命令确认各路由器的直连口的互通性。具体配置请参考试验十二

2、在R1上启动OSPF路由协议

R1(config)#router ospf 100

R1(config-router)#area 0 authentication message-digest

R1(config-router)#inter f0/0

R1(config-if)#ip osp message-digest-key 1 md5 ruijie

R1(config-if)#end

R1#

*Apr 10 20:09:23: %OSPFV2-5-NBRCHG: OSPF[100] Nbr[2.2.2.2-FastEthernet 0/0] Full to Down, InactivityTimer

3、在R2上启动OSPF路由协议

R2(config)#router ospf 100

R2(config-router)#area 0 authentication message-digest

R2(config-router)#inter f0/1

R2(config-if)#ip osp message-digest-key 1 md5 ruijie

R2(config-if)#end

R2#

*Apr 10 20:11:08: %OSPFV2-5-NBRCHG: OSPF[100] Nbr[1.1.1.1-FastEthernet 0/1] Loading to Full, LoadingDone

4、验证测试：（以R1为例）

R1#sho ip route

Codes: C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default

Gateway of last resort is no set

C 1.1.1.0/24 is directly connected, Loopback 0

C 1.1.1.1/32 is local host.

O 2.2.2.2/32 [110/1] via 12.1.1.2, 00:00:04, FastEthernet 0/0

C 12.1.1.0/24 is directly connected, FastEthernet 0/0

C 12.1.1.1/32 is local host.

R1#show ip ospf neighbor

OSPF process 100, 1 Neighbors, 1 is Full:

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 Full/BDR 00:00:37 12.1.1.2 FastEthernet 0/0

R1#show ip osp

Routing Process "ospf 100" with ID 1.1.1.1

Process uptime is 1 hour 23 minutes

Process bound to VRF default

Conforms to RFC2328, and RFC1583Compatibility flag is enabled

Supports only single TOS(TOS0) routes

Supports opaque LSA

SPF schedule delay 5 secs, Hold time between two SPFs 10 secs

LsaGroupPacing: 240 secs

Number of incomming current DD exchange neighbors 0/5

Number of outgoing current DD exchange neighbors 0/5

Number of external LSA 0. Checksum 0x000000

Number of opaque AS LSA 0. Checksum 0x000000

Number of non-default external LSA 0

External LSA database is unlimited.

Number of LSA originated 3

Number of LSA received 20

Log Neighbor Adjency Changes : Enabled

Number of areas attached to this router: 1: 1 normal 0 stub 0 nssa Area 0 (BACKBONE)

Number of interfaces in this area is 2(2)

Number of fully adjacent neighbors in this area is 1 Area has message digest authentication

SPF algorithm last executed 00:07:16.730 ago

SPF algorithm executed 20 times

Number of LSA 3. Checksum 0x00a138

5、试验完成

【注意事项】

在接口上配置的认证密码一定要一致