实验25: 基于链路的OSPF MD5 认证
1.实验目的
通过本实验可以掌握:
1OSPF 认证的类型和意义
2)基于链路的OSPF MD5 认证的配置和调试
2.实验拓扑
本实验的拓扑结构如图所示。
3.实验步骤
注:
1. OSPF 链路认证优于区域认证;
2. OSPF 定义3 种认证类型:0-表示不进行认证,是缺省的类型;1-表示采用简单口令
认证;2-表示采用MD5 认证。
配置如下
r0(config-if)#int lo 1
*Mar  1 00:02:25.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
r0(config-if)#ip add 1.1.1.1 255.255.255.0
r0(config-if)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.16.1.1      YES manual administratively down down   
Serial0/1                  unassigned      YES unset  administratively down down   
Serial0/2                  unassigned      YES unset  administratively down down   
Serial0/3                  unassigned      YES unset  administratively down down   
Loopback1                  1.1.1.1         YES manual up                    up     
r0(config)#int s0/0
r0(config-if)#ip add 172.16.1.1 255.255.255.0
r0(config-if)#no sh
r0(config-if)#
*Mar  1 00:04:56.159: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar  1 00:04:57.159: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#exit
r0(config)#router ospf 1
r0(config-router)#net 1.1.1.0 0.0.0.255 area 0
r0(config-router)#net 172.16.1.0 0.0.0.255 area 0
 
r0(config)#int s0/0
r0(config-if)#ip ospf aut
r0(config-if)#ip ospf authentication message-d
r0(config-if)#ip ospf authentication message-digest
r0(config-if)#ip ospf mes
r0(config-if)#ip ospf message-digest-key 1 md5 cisco
r0(config-if)#
*Mar  1 00:23:53.851: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
r0(config-if)#
*Mar  1 00:24:47.851: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from LOADING to FULL, Loading Done
r0(config-if)#do sh ip ospf int
Serial0/0 is up, line protocol is up
  Internet Address 172.16.1.1/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:01
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1输出最后两行信息表明该接口启用了MD5 认证,而且密钥ID 1
 
Loopback1 is up, line protocol is up
  Internet Address 1.1.1.1/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
r0(config-if)#do sh ip ospf
 Routing Process "ospf 1" with ID 1.1.1.1
 Start time: 00:05:18.352, Time elapsed: 00:19:53.612
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 2 (1 loopback)
        Area has no authentication
        SPF algorithm last executed 00:00:22.428 ago
        SPF algorithm executed 7 times
        Area ranges are
        Number of LSA 2. Checksum Sum 0x00E40C
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
         
r0(config-if)#
 
 
r1(config)#int loo 1
r1(config-if)#ip add 2.2.2.2 255.255.255.0
r1(config-if)#int s0/0
r1(config-if)#ip add 172.16.1.2 255.255.255.0
r1(config-if)#no sh
r1(config-if)#exit
r1(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.16.1.2      YES manual up                    up     
Serial0/1                  unassigned      YES unset  administratively down down   
Serial0/2                  unassigned      YES unset  administratively down down   
Serial0/3                  unassigned      YES unset  administratively down down   
Loopback1                  2.2.2.2         YES manual up                    up     
r1(config)#router ospf 1
r1(config-router)#net 2.2.2.0 0.0.0.255 area 0
r1(config-router)#net 172.16.1.0 0.0.0.255 area 0
r1(config)#int s0/0
r1(config-if)#ip ospf authentication message-digest //接口s0/0 启用MD5 认证
 
r1(config-if)#ip ospf message-digest-key 1 md5 cisco//配置key ID 及密匙
r1(config-if)#exit
r1(config)#d
*Mar  1 00:24:47.351: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL, Loading Done
r1(config)#do ping 1.1.1.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/34/68 ms
r1(config)#do