实验拓扑图

 

OSPF认证的配置_第1张图片

实验过程

1.R1的预配置

Router>en

Router#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#no ip domain-lookup

Router(config)#line console 0

Router(config-line)#no exec-timeout

Router(config-line)#loggin syn

Router(config-line)#exit

Router(config)#host R1

R1(config)#int lo0

R1(config-if)#ip add 10.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#int lo1

R1(config-if)#ip add 10.1.2.1 255.255.255.0

R1(config-if)#exit

R1(config)#int s0/0

R1(config-if)#no shut

R1(config-if)#ip add 192.168.1.1 255.255.255.252

R1(config-if)#exit

2.R2的预配置

Router>en

Router#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#no ip domain-lookup

Router(config)#line console 0

Router(config-line)#no exec-timeout

Router(config-line)#loggin syn

Router(config-line)#exit

Router(config)#host R2

R2(config)#int s0/0

R2(config-if)#no shut

R2(config-if)#ip add 192.168.1.2 255.255.255.252

R2(config-if)#exit

R2(config)#int s0/1

R2(config-if)#no shut

R2(config-if)#ip add 192.168.1.5 255.255.255.252

R2(config-if)#exit

3.R3的预配置

Router>en

Router#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#no ip domain-lookup

Router(config)#line console 0

Router(config-line)#no exec-timeout

Router(config-line)#loggin syn

Router(config-line)#exit

Router(config)#host R3

R3(config)#int s0/1

R3(config-if)#no shut

R3(config-if)#ip add 192.168.1.6 255.255.255.252

R3(config-if)#exit

R3(config)#int s0/2

R3(config-if)#no shut

R3(config-if)#ip add 192.168.1.9 255.255.255.252

R3(config-if)#exit

4.R4的预配置

Router>en

Router#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#no ip domain-lookup

Router(config)#line console 0

Router(config-line)#no exec-timeout

Router(config-line)#loggin syn

Router(config-line)#exit

Router(config)#host R4

R4(config)#int s0/2

R4(config-if)#no shut

R4(config-if)#ip add 192.168.1.10 255.255.255.252

R4(config-if)#exit

R4(config)#int lo0

R4(config-if)#ip add 172.16.1.1 255.255.255.0

R4(config-if)#exit

R4(config)#int lo1

R4(config-if)#ip add 172.16.2.1 255.255.255.0

R4(config-if)#exit

5.R1OSPF配置

R1(config)#router ospf 1

R1(config-router)#net 10.1.1.1 0.0.0.0 area 1

R1(config-router)#net 10.1.2.1 0.0.0.0 area 1

R1(config-router)#net 192.168.1.1 0.0.0.0 area 1

R1(config-router)#end

6.R2OSPF配置

R2(config)#router ospf 1

R2(config-router)#net 192.168.1.2 0.0.0.0 area 1

R2(config-router)#net 192.168.1.5 0.0.0.0 area 0

R2(config-router)#end

7.R3OSPF配置

R3(config)#router ospf 1

R3(config-router)#net 192.168.1.6 0.0.0.0 area 0

R3(config-router)#net 192.168.1.9 0.0.0.0 area 2

R3(config-router)#end

8.R4OSPF配置

R4(config)#router ospf 1

R4(config-router)#net 192.168.1.10 0.0.0.0 area 2

R4(config-router)#net 172.16.1.1 0.0.0.0 area 2

R4(config-router)#net 172.16.2.1 0.0.0.0 area 2

R4(config-router)#end

9.测试连通性

R1#ping 172.16.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/54/108 ms

R1#ping 172.16.2.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/61/124 ms

10.查看OSPF邻居表

R1#show ip ospf nei

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.1.5       0   FULL/  -        00:00:38    192.168.1.2     Serial0/0

11.R1上配置明文认证

R1(config)#int s0/0

R1(config-if)#ip ospf authentication   //启用OSPF认证

R1(config-if)#ip ospf authentication-key cisco  //配置认证密码

R1(config-if)#end

*Mar  1 00:32:38.571: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired  //邻居不能建立,因为R2没有配置认证。

12.R2上配置明文认证

R2(config)#int s0/0

R2(config-if)#ip ospf authentication

R2(config-if)#ip ospf authentication-key cisco

R2(config-if)#end

*Mar  1 00:35:18.311: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.2.1 on Serial0/0 from LOADING to FULL, Loading Done  //两端认证成功,因此邻居关系建立成功

13.R3上配置密文认证

R3(config)#int s0/2

R3(config-if)#ip ospf authentication message-digest               

R3(config-if)#ip ospf message-digest-key 1 md5 cisco

R3(config-if)#end

*Mar  1 00:42:29.655: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.2.1 on Serial0/2 from FULL to DOWN, Neighbor Down: Dead timer expired

14.R4上配置密文认证

R4(config)#int s0/2

R4(config-if)#ip ospf authentication message-digest

R4(config-if)#ip ospf message-digest-key 1 md5 cisco

R4(config-if)#end

*Mar  1 00:43:48.775: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.9 on Serial0/2 from LOADING to FULL, Loading Done

15.再次测试连通性

R4#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/48/92 ms