OSPF认证
ospf认证解决安全隐患,只要通过认证的ospf路由器才能正常建立邻居关系、交互信息
认证模式:不认证null(默认);明文simple认证;MD5认证
OSPF的认证方式
** 接口认证**
[R1-GigabitEthernet0/0/2]ospf authentication-mode simple cipher 123
//进入配置进程的接口配置认证方式为明文 密码123
cipher加密仅表示在查看命令时加密显示,而报文在传输过程中密码是明文显示。
[R1-GigabitEthernet0/0/2] ospf authentication-mode md5 1 cipher 123 // MD5认证,1为key id,密码为123,cipher表示报文在传输过程中通过MD5算法加密
**区域认证**
Ospf
area 0
authentication-mode simple cipher 123
明文认证,密码为123, cipher加密仅表示在查看命令时加密显示,而报文在传输过程中密码是明文显示。
authentication-mode md5 1 cipher 123
MD5认证,1为key id,密码为123,cipher表示报文在传输过程中通过MD5算法加密
注意:当simple和MD5都存在时,优先使用接口认证方式
两台设备之间 要么两端都不配置认证 要么两端都都配置simple认证 要么两端都都配置md5认证
本实验area1区域认证方式为接口认证
area0认证方式为区域md5认证
area2没有配置认证方式
配置步骤
[R1]interface GigabitEthernet0/0/0
ip address 10.10.1.1 255.255.255.0
ospf authentication-mode simple cipher 123
interface GigabitEthernet0/0/1
ip address 192.168.1.254 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 //默认id为1
area 0.0.0.1
network 1.1.1.1 0.0.0.0
network 10.10.1.1 0.0.0.0
network 192.168.1.254 0.0.0.0
[R2]interface GigabitEthernet0/0/0
ip address 10.11.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.10.1.2 255.255.255.0
ospf authentication-mode simple cipher 123
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface LoopBack1
ip address 6.6.6.6 255.255.255.255
ospf 1
area 0.0.0.0
authentication-mode md5 1 cipher 123
network 2.2.2.2 0.0.0.0
network 10.11.1.1 0.0.0.0
area 0.0.0.1
network 6.6.6.6 0.0.0.0
network 10.10.1.2 0.0.0.0
[R5]interface GigabitEthernet0/0/0
ip address 10.11.1.2 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.13.1.1 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1
area 0.0.0.0
authentication-mode md5 1 cipher 123
network 3.3.3.3 0.0.0.0
network 10.11.1.2 0.0.0.0
network 10.13.1.1 0.0.0.0
[R3]interface GigabitEthernet0/0/1
ip address 10.12.1.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.13.1.2 255.255.255.0
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
interface LoopBack1
ip address 7.7.7.7 255.255.255.255
ospf 1
area 0.0.0.0
authentication-mode md5 1 cipher 123
network 7.7.7.7 0.0.0.0
network 10.13.1.2 0.0.0.0
area 0.0.0.2
network 4.4.4.4 0.0.0.0
network 10.12.1.1 0.0.0.0
[R4]interface GigabitEthernet0/0/0
ip address 192.168.2.254 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.12.1.2 255.255.255.0
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
ospf 1
area 0.0.0.2
network 5.5.5.5 0.0.0.0
network 10.12.1.2 0.0.0.0
network 192.168.2.254 0.0.0.0
测试验证
原文地址:https://blog.51cto.com/13566951/2472837