OSPF 安全认证
了解 OSPF认证作用 只能ospf的安全性 了解ospf认证的类型 明文 密文 了解ospf认证的规则 1.认证模式一模一样 2.认证密码要一样 3.如果是密文认证kid也要一样
案例4:配置 OSPF 认证 4.1 问题 如图配置IP地址和OSPF区域 区域12启用密文的链路认证,密码为HCIE 区域56启用明文的区域认证,密码为HCIP 区域0启用最安全区域认证,密码为 HCIA R3-R4使用最安全密码为:HuaWei
配置思路: 1.确认认证类型 2.密码类型,密码一致 3.验证与测试
[R1-GigabitEthernet0/0/0]ospf authentication-mode simple HCIE /接口认证明文密码 [R3-ospf-1-area-0.0.0.0]authentication-mode md5 10 HCIA /区域认证密文密码
4 案例4:配置 OSPF 认证 4.1 问题 如图配置IP地址和OSPF区域 区域12启用密文的链路认证,密码为HCIE 区域56启用明文的区域认证,密码为HCIP 区域0启用最安全区域认证,密码为 HCIA R3-R4使用最安全密码为:HuaWei 4.2 方案 搭建实验环境,如图-4所示。
图-4
4.3 步骤 实现此案例需要按照如下步骤进行。
1)配置IP地址和OSPF网络
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.12.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 12
[R1-ospf-1-area-0.0.0.12]network 192.168.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.12]quit
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.12.2 24
[R2-GigabitEthernet0/0/1]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.23.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 12
[R2-ospf-1-area-0.0.0.12]network 192.168.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.12]quit
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]quit
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R3
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip add 192.168.23.3 24
[R3-GigabitEthernet0/0/1]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.34.3 24
[R3-GigabitEthernet0/0/0]quit
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.34.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]quit
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R4
[R4]interface GigabitEthernet 0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.34.4 24
[R4-GigabitEthernet0/0/1]quit
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip add 192.168.45.4 24
[R4-GigabitEthernet0/0/0]quit
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 192.168.34.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.45.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]quit
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R5
[R5]interface GigabitEthernet 0/0/1
[R5-GigabitEthernet0/0/1]ip add 192.168.45.5 24
[R5-GigabitEthernet0/0/1]quit
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip add 192.168.56.5 24
[R5-GigabitEthernet0/0/0]quit
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 56
[R5-ospf-1-area-0.0.0.56]network 192.168.56.0 0.0.0.255
[R5-ospf-1-area-0.0.0.56]quit
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 192.168.45.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]quit
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R6
[R6]interface GigabitEthernet 0/0/1
[R6-GigabitEthernet0/0/1]ip add 192.168.56.6 24
[R6-GigabitEthernet0/0/1]quit
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 56
[R6-ospf-1-area-0.0.0.56]network 192.168.56.0 0.0.0.255
[R6-ospf-1-area-0.0.0.56]quit
2)配置区域12的认证 ,
[R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher HCIE [R2]interface GigabitEthernet 0/0/1 [R2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher HCIE 3)配置区域56的认证
[R5]ospf 1 [R5-ospf-1]area 56 [R5-ospf-1-area-0.0.0.56]authentication-mode simple cipher HCIP [R6]ospf 1 [R6-ospf-1]area 56 [R6-ospf-1-area-0.0.0.56]authentication-mode simple cipher HCIP 4)配置区域0的认证
[R2]ospf 1 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher HCIA [R3]ospf 1 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher HCIA [R4]ospf 1 [R4-ospf-1]area 0 [R4-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher HCIA [R5]ospf 1 [R5-ospf-1]area 0 [R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher HCIA 5)配置R3-R4之间的认证
[R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher Huawei [R4]interface GigabitEthernet 0/0/1 [R4-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher Huawei