OSPF 虚链路验证 Authentication Over a Virtual Link

来源:本站原创 CISCO 超过825 views围观 0条评论

 

配置虚链路验证

setp1 接口下配置KEY

ip ospf authentication-key cisco

setp2 ospf进程下开启认证

             router ospf 1
             area 0 authentication

setp3 在虚链路下开启认证

            area 1 virtual-link 3.3.3.3 authentication-key bosco

setp4      查看是否成功

              show ip ospf

EX1 使用简单验证

Router A
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.252
ip ospf authentication-key cisco
clockrate 64000
!
router ospf 1
area 0 authentication
network 10.1.1.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0

Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bosco // 这个KEY 和前面接口下的KEY没有关系

**********************************************************************************************

Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
      <0-7>      Encryption type (0 for not yet encrypted, 7 for proprietary)
  LINE       Authentication key (8 chars) //这个KEY 和前面接口下的KEY没有关系

**********************************************************************************************

network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 0 authentication  

*****************************************************************************

注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in Area 0.

         如果在area0 RA 上开启了验证 那么在 在RC 上也要使用 area 0 authentication 命令,因为RC通过virtual-link连接到了 area 0

****************************************************************

EX2      配置MD5 验证

Message Digest Authentication Over a Virtual Link

Router B
router ospf 1
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco

network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication message-digest   //启用MD5认证
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //设MD5KEY-1 为 cisco

network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1

验证:


rtrB#show ip ospf virtual-links
Virtual Link OSPF_VL3 to router 3.3.3.3 is up     //VIR状态
     Run as demand circuit
     DoNotAge LSA allowed.
     Transit area 1, via interface Serial1, Cost of using 64
     Transmit Delay is 1 sec, State POINT_TO_POINT,
     Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
       Hello due in 00:00:01
       Adjacency State FULL (Hello suppressed)
  Message digest authentication enabled         //此句说明MD5 验证已经启用
    Youngest key id is 1                                   //说明的KEY-1

Configuration Example : Null Authentication    不启用VIR验证

Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication null
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
_______________________________________________________________________
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication null
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1

文章出自:CCIE那点事 http://www.jdccie.com/ 版权所有。本站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.jdccie.com/?p=1678转载请注明转自CCIE那点事
如果喜欢:点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点

暂时还木有人评论,坐等沙发!
发表评论

快捷键:Ctrl+Enter