OSPF 虚链路验证 Authentication Over a Virtual Link

2013.05 17

OSPF 虚链路验证 Authentication Over a Virtual Link

来源：本站原创 CISCO 超过2,547 views围观 0条评论

配置虚链路验证

setp1 接口下配置KEY

ip ospf authentication-key cisco

setp2 ospf进程下开启认证

router ospf 1
area 0 authentication

setp3 在虚链路下开启认证

area 1 virtual-link 3.3.3.3 authentication-key bosco

setp4 查看是否成功

show ip ospf

EX1 使用简单验证

Router A
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.252
ip ospf authentication-key cisco
clockrate 64000
!
router ospf 1
area 0 authentication
network 10.1.1.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0

Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bosco // 这个KEY 和前面接口下的KEY没有关系

**********************************************************************************************

Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE Authentication key (8 chars) //这个KEY 和前面接口下的KEY没有关系

**********************************************************************************************

network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 0 authentication

*****************************************************************************

注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in Area 0.

如果在area0 RA 上开启了验证那么在在RC 上也要使用 area 0 authentication 命令，因为RC通过virtual-link连接到了 area 0

****************************************************************

EX2 配置MD5 验证

Message Digest Authentication Over a Virtual Link

Router B
router ospf 1
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication message-digest //启用MD5认证
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //设MD5KEY-1 为 cisco
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1

验证:

rtrB#show ip ospf virtual-links
Virtual Link OSPF_VL3 to router 3.3.3.3 is up     //VIR状态
     Run as demand circuit
     DoNotAge LSA allowed.
     Transit area 1, via interface Serial1, Cost of using 64
     Transmit Delay is 1 sec, State POINT_TO_POINT,
     Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
       Hello due in 00:00:01
       Adjacency State FULL (Hello suppressed)
Message digest authentication enabled         //此句说明MD5 验证已经启用
    Youngest key id is 1                                   //说明的KEY-1

Configuration Example : Null Authentication 不启用VIR验证

Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication null
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication null
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1