路由器 OSPF 邻居认证配置
实训三十五 路由器 OSPF 邻居认证配置
一、实验目的
1.掌握 OSPF 邻居认证的配置
2.理解理解邻居认证的作用
二、应用环境
在企业环境中,需要配置认证来保证 OSPF 路由的安全性
三、实验设备
1.DCR-2655
两台
2.网线
一条
配置要求
六、实验步骤
第一步:路由器接口的配置
路由器 A 的配置:
Router-A#config !进入全局模式
Router-A_config#interface loopback0 !进入环回接口
Router-A_config_l0#ip address 10.10.10.1 255.255.255.0 !设置环回地址
Router-A_config_l0#no shutdown !开启环回接口
Router-A_config_l0#exit !退出环回接口
Router-A_config#interface g0/3 !进入接口
Router-A_config_g0/3#ip address 192.168.1.1 255.255.255.0 !设置 IP 地址
Router-A_config_g0/3#no shutdown !开启端口
Router-A_config_g0/3#^Z !按 ctrl+z,直接进入特权模式
路由器 B 的配置:
Router-B#config
Router-B_config#interface loopback0
Router-B_config_l0#ip address 10.10.11.1 255.255.255.0
Router-B_config_l0#no shutdown
Router-B_config#interface g0/3
Router-B_config_g0/3#ip add 192.168.1.2 255.25.255.0
Router-B_config_g0/3#no shutdown
Router-B_config_g0/3#^Z
第二步:验证接口配置
Router-A#show int lookback 0
Loopback0 is up, line protocol is up !环回接口开启
Hardware is Loopback
MTU 1514 bytes, BW 8000000 kbit, DLY 500 usec
Interface address is 10.10.10.1/24 !环回地址
Encapsulation LOOPBACK
第三步:路由器的 OSPF 配置
路由器 A 的配置:
Router-A_config#router ospf 2 !启动 OSPF 进程,进程号为 2
Router-A_config_ospf_2#network 10.10.10.0 255.255.255.0 area 0!注意要写掩码和区域号
Router-A_config_ospf_2#network 192.168.1.0 255.255.255.0 area 0
Router-A_config_ospf_2#area 0 authentication !定义在区域 0 中使用明文认证
Router-A_config_ospf_2#exit !退出 OSPF 进程模式
Router-A_config#int g0/3
RA(config-if)#ip ospf authentication-key wolf (配明文密码)
RA(config-if)#ip ospf authentication (启动明文认证)
##RA(config-if)#ip ospf message-digest-key 1 md5 wolf (配密文密码)
##RA(config-router)#area 0 authentication Message-digest (启动密文认证)
Router-A_config_g0/3#exit !退出接口模式
路由器 B 的配置:
Router-B_config#router ospf 1
Router-B_config_ospf_1#network 10.10.11.0 255.255.255.0 area 0
Router-B_config_ospf_1#network 192.168.1.0 255.255.255.0 area 0
Router-B_config_ospf_1#area 0 authentication !定义在区域 0 中使用明文认证
Router-B_config_ospf_1#exit
Router-B_config_s0/2#int g0/4
RB(config-if)#ip ospf authentication-key wolf (配明文密码)
RB(config-if)#ip ospf authentication (启动明文认证)
##RA(config-if)#ip ospf message-digest-key 1 md5 wolf (配密文密码)
##RA(config-router)#area 0 authentication Message-digest (启动密文认证)
路由器 A:
Router-A_config#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connected
D - BEIGRP, DEX - external BEIGRP, O - OSPF, OIA - OSPF inter area
ON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2
OE1 - OSPF external type 1, OE2 - OSPF external type 2
DHCP - DHCP type, L1 - IS-IS level-1, L2 - IS-IS level-2
VRF ID: 0C 10.10.10.0/24 is directly connected, Loopback0
O 10.10.11.1/32 [110,2] via 192.168.1.2(on GigaEthernet0/3)
!注意到环回接口产生的是主机路由
C 192.168.1.0/24 is directly connected, GigaEthernet0/3
路由器 B:
Router-B_config#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP, BC - BGP connected
D - BEIGRP, DEX - external BEIGRP, O - OSPF, OIA - OSPF inter area
ON1 - OSPF NSSA external type 1, ON2 - OSPF NSSA external type 2
OE1 - OSPF external type 1, OE2 - OSPF external type 2
DHCP - DHCP type, L1 - IS-IS level-1, L2 - IS-IS level-2
VRF ID: 0
O 10.10.10.1/32 [110,2] via 192.168.1.1(on GigaEthernet0/3) !注意管理距离为 110
C 10.10.11.0/24 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, GigaEthernet0/3
七、配置序列
路由器 A 的序列
Router-A_config#show run
Building configuration...
Current configuration:
!
!version 1.3.3H
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname Router-A
!
gbsc group default
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0 !查看环回地址
no ip directed-broadcast
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/3
ip address 192.168.1.1 255.255.255.0 !查看接口 IP 地址
Ip ospf authentication
Ip ospf authentication-key wolf !查看接口密码
!
interface GigaEthernet0/4
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/5
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/6
no ip address
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
!
interface Serial0/2
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
router ospf 2 !查看 ospf 进程
network 10.10.10.0 255.255.255.0 area 0
network 192.168.1.0 255.255.255.0 area 0 !查看 ospf 宣称的网段到哪个区域
area 0 authentication simple !查看区域 0 明文认证
!
路由器 B 的序列
Router-B#show run
Building configuration...
Current configuration:
!
!version 1.3.3H
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname Router-B
!
gbsc group default
!
interface Loopback0ip address 10.10.11.1 255.255.255.0 !查看环回地址
no ip directed-broadcast
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/3
ip address 192.168.1.2 255.255.255.0 !查看接口 IP 地址
Ip ospf authentication
Ip ospf authentication-key wolf !查看接口密码
!
interface GigaEthernet0/4
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/5
no ip address
no ip directed-broadcast
!
interface GigaEthernet0/6
no ip address
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
!
interface Serial0/2
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
router ospf 1 !查看 ospf 进程
network 10.10.11.0 255.255.255.0 area 0
network 192.168.1.0 255.255.255.0 area 0 !查看 ospf 宣称的网段到哪个区域
area 0 authentication simple !查看区域 0 明文认证
!
