21.OSPF的认证
默认情况下, OSPF使用身份验证方法null, 即不对通过网络交换的路由选择信息进行身份验证。
1) OSPF还支持其他两种身份验证方法: 简单密码身份验证(也叫明文身份验证)和MD5身份验证。
2)按认证作用的范围分为:
a. 区域范围认证: 区域内所有路由器都启用认证功能
b.接口范围认证: 在任意两个直连接口间启用认证功能
==========================================================
1.路由设备初始化配置和配置OSPF路由协议
==========================================================
实验拓扑:
#根据拓扑图,配置路由器的各个接口
R1:
sys
sysname R1
undo info-cen en
int g0/0/0
ip add 10.0.12.1 24
int loopback 0
ip add 1.1.1.1 32
q
ospf 1
area 1
network 10.0.12.0 0.0.0.255
network 1.1.1.1 0.0.0.0
q
q
------------------------------------------
R4:
sys
sysname R4
undo info-cen en
int g0/0/0
ip add 10.0.24.4 24
int loopback 0
ip add 4.4.4.4 32
q
ospf 1
area 1
network 10.0.24.0 0.0.0.255
network 4.4.4.4 0.0.0.0
q
q
------------------------------------------
R2:
sys
sysname R2
undo info-cen en
int g0/0/0
ip add 10.0.12.2 24
int g0/0/1
ip add 10.0.24.2 24
int g0/0/2
ip add 10.0.23.2 24
int loopback 0
ip add 2.2.2.2 32
q
ospf 1
area 1
network 10.0.12.0 0.0.0.255
network 10.0.24.0 0.0.0.255
area 0
network 10.0.23.0 0.0.0.255
network 2.2.2.2 0.0.0.0
q
q
------------------------------------------
R3:
sys
sysname R3
undo info-cen en
int g0/0/2
ip add 10.0.23.3 24
int g0/0/0
ip add 10.0.35.3 24
int g0/0/1
ip add 10.0.36.3 24
int loopback 0
ip add 3.3.3.3 32
q
ospf 1
area 0
network 10.0.23.0 0.0.0.255
network 10.0.35.0 0.0.0.255
network 10.0.36.0 0.0.0.255
network 3.3.3.3 0.0.0.0
q
q
------------------------------------------
R5:
sys
sysname R5
undo info-cen en
int g0/0/0
ip add 10.0.35.5 24
int loopback 0
ip add 5.5.5.5 32
q
ospf 1
area 0
network 10.0.35.0 0.0.0.255
network 5.5.5.5 0.0.0.0
q
q
------------------------------------------
R6:
sys
sysname R6
undo info-cen en
int g0/0/0
ip add 10.0.36.6 24
int loopback 0
ip add 6.6.6.6 32
q
ospf 1
area 0
network 10.0.36.0 0.0.0.255
network 6.6.6.6 0.0.0.0
q
q
------------------------------------------
R4 ping R5,R6
R1,R4 ping 6.6.6.6
==========================================================
二、配置公司分部OSPF区域明文认证
==========================================================
使用命令authentication-mode simple 给接口配置一个密码。
------------------------------------------
R1:
ospf 1
area 1
authentication-mode simple plain huawei1
dis this
undo authentication-mode
authentication-mode simple huawei1
dis this
dis ospf peer brief
------------------------------------------
R2:
ospf 1
area 1
authentication-mode simple huawei1
------------------------------------------
R4:
ospf 1
area 1
authentication-mode simple huawei1
==========================================================
三、配置公司总部OSPF区域密文认证
==========================================================
#使用命令authentication-mode md5 1给接口配置一个MD5密文认证。
R2,R3,R5,R6:
ospf 1
area 0
authentication-mode md5 1 huawei3
q
q
------------------------------------------
R3:
dis ospf peer brief
------------------------------------------
------------------------------
配置OSPF链路认证
------------------------------
R2:
int g0/0/1
ospf authentication-mode md5 1 huawei5
q
dis ospf peer brief
------------------------------------------
R4:
int g0/0/0
ospf authentication-mode md5 1 huawei5
q
------------------------------------------