实验目的:
Router#conf t
Router(config)#no ip do lo
Router(config)#lin con 0
Router(config-line)#exec-ti 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#hos R1
R1(config)#int lo 0
R1(config-if)#ip add
R1(config-if)#ip ospf net point-to-p
R1(config-if)#int lo 1
R1(config-if)#ip add 10.1.2.1 255.255.255.0
R1(config-if)#ip ospf net point-to-p
R1(config-if)#int s1/1
R1(config-if)#ip add 192.168.1.1 255.255.255.252
R1(config-if)#no sh
R1(config-router)#router-id
R1(config-router)#net 192.168.1.1 0.0.
R1(config-router)#net 10.1.1.1 0.0.
R1(config-router)#net 10.1.2.1 0.0.
R1(config-router)#exit
R1(config)#end
R1#
Router#conf t
Router(config)#no ip do lo
Router(config)#lin con 0
Router(config-line)#exec-ti 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#hos R2
R2(config)#int s1/0
R2(config-if)#ip add 192.168.1.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#cl ra 64000
R2(config-if)#int s1/1
R2(config-if)#ip add 192.168.1.5 255.255.255.252
R2(config-if)#no sh
R2(config-if)#router ospf 100
R2(config-router)#net 192.168.1.2 0.0.
R2(config-router)#net 192.168.1.5 0.0.
R2(config-router)#exit
R2(config)#end
R2#
Router#conf t
Router(config)#no ip do lo
Router(config)#lin con 0
Router(config-line)#exec-ti 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#hos R3
R3(config)#int s1/0
R3(config-if)#ip add 192.168.1.6 255.255.255.252
R3(config-if)#no sh
R3(config-if)#cl ra 64000
R3(config-if)#int s1/1
R3(config-if)#no sh
R3(config-if)#router ospf 100
R3(config-router)#router-id
R3(config-router)#net 192.168.1.6 0.0.
R3(config-router)#net 192.168.1.9 0.0.
R3(config-router)#exit
R3(config)#^Z
R3#
Router>en
Router#conf t
Router(config)#lin con 0
Router(config-line)#exec-ti 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#no ip do lo
Router(config)#hos R4
R4(config)#int lo 0
R4(config-if)#ip add 172.16.1.1 255.255.255.0
R4(config-if)#ip ospf net point-to-p
R4(config-if)#int lo 1
R4(config-if)#ip add 172.16.2.1 255.255.255.0
R4(config-if)#ip ospf net point-to-p
R4(config-if)#int s1/0
R4(config-if)#ip add 192.168.1.10 255.255.255.252
R4(config-if)#cl ra 64000
R4(config-if)#no sh
R4(config-if)#router ospf 100
R4(config-router)#router-id
R4(config-router)#net 192.168.1.10 0.0.
R4(config-router)#net 172.16.1.1 0.0.
R4(config-router)#net 172.16.2.1 0.0.
R4(config-router)#exit
R4(config)#
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/37/56 ms
R1#p 172.16.2.1 so lo 1
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/38/60 ms
R1#
00:36:06: OSPF: Rcv pkt from 192.168.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 0
01:37:46: OSPF: Rcv pkt from 192.168.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 0---认证类型不匹配
01:37:46: %OSPF-5-ADJCHG: Process 100, Nbr
01:41:26: OSPF: Rcv pkt from 192.168.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 0----没调用认证之前提示认证类型不匹配
R2(config-if)#ip ospf authentication---调用认证
01:41:36: OSPF: Rcv pkt from 192.168.1.1, Serial1/0 : Mismatch Authentication Key - Clear Text---调用认证后,提示认证密钥不匹配
R2(config-if)#ip ospf au
R2(config-if)#ip ospf authentication-
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#
01:49:06: %OSPF-5-ADJCHG: Process 100, Nbr
01:50:43: OSPF: Rcv pkt from 192.168.1.5, Serial1/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
01:54:03: %OSPF-5-ADJCHG: Process 100, Nbr
02:00:23: %OSPF-5-ADJCHG: Process 100, Nbr
02:06:40: OSPF: Send with youngest Key 0
02:06:43: OSPF: Rcv pkt from 192.168.1.5, Serial1/0 : Mismatch Authentication Key - No message digest key 2 on interface---R3只调用不设密钥,提示认证密钥不匹配,并且,R3和R2只验证key 2的成功与否,因为key 2是密钥中youngest(最新的)
02:28:13: OSPF: Rcv pkt from 192.168.1.5, Serial1/0 : Mismatch Authentication Key - No message digest key 2 on interface---邻居可以建立因为有key相匹配,但是R2和R3之间仍然提示,key2不匹配,表明R2和R3之间只要有key匹配就可以建立邻居关系,但是他们会尽量使用最新的key建立邻居
02:29:20: OSPF: Send with youngest Key 2---之后R3只会发送最新的key,这样可以保证邻居关系在不down的情况下更新密钥
R3(config-router)#area 2 authentication ---ospf进程下调用区域认证
R3(config-router)#int s1/1
R3(config-if)#ip ospf authentication-key cisco--属于这个认证区域接口上设置认证密钥
R4#conf t
R4(config)#router ospf 100
R4(config-router)#area 2 authentication
02:47:28: OSPF: Rcv pkt from 192.168.1.9, Serial1/0 : Mismatch Authentication Key - Clear Text--调用认证后,提示认证密钥不匹配
R4(config-router)#int s1/0
R3(config-router)#int s1/1
R3(config-if)#ip ospf message-digest-key 2 md5 hahaha--R4提示认证类型不匹配
R4(config-if)#ip ospf message-digest-key 1 md5 cisco--只设置key 1 ,邻居关系可以建立,仍然企望key2匹配