BSCI实验之十三:配置点到点链路OSPF及认证

实验拓扑:
 
实验要求:分别在RA/RB/RC(即图中的R1/R2/R3)上启用OSPF,注意观察它们的网络类型以及邻居关系,并观察认证后的特点。
实验目的:熟练进行点到点OSPF的基本配置和认证调试。
实验仿真:DynamipsGUI
 
一、点到点链路OSPF的配置及调试
 
1、三个路由器的基本配置
-----------------------------------------
RA(config)#int l0
RA(config-if)#ip add 2.2.2.2 255.255.255.0
RA(config-if)#ip ospf network point-to-point      ----这里要配置网络类型
RA(config-if)#int s1/0
RA(config-if)#ip add 10.0.0.2 255.255.255.0
RA(config-if)#no shut
RA(config-if)#int s1/2
RA(config-if)#ip add 12.0.0.1 255.255.255.0
RA(config-if)#no shut
RA(config-if)#exit
RA(config)#router ospf 1                                       -----配置基本的OSPF
RA(config-router)#router-id 1.1.1.1                       -----指定路由器ID
RA(config-router)#network  1.1.1.0 0.0.0.255 area 0
RA(config-router)#net 10.0.0.0 0.0.0.255 area 0
RA(config-router)#net 12.0.0.0 0.0.0.255 area 0
RA(config-router)#end
-----------------------------------------------------
RB(config)#int l0
RB(config-if)#ip add 2.2.2.2 255.255.255.0
RB(config-if)#ip ospf network point-to-point
RB(config-if)#int s1/0
RB(config-if)#ip add 10.0.0.2 255.255.255.0
RB(config-if)#no shut
RB(config-if)#int s1/1
RB(config-if)#ip add 11.0.0.1 255.255.255.0
RB(config-if)#no shut
RB(config-if)#exit
RB(config)#router ospf 2
RB(config-router)#router-id 2.2.2.2
RB(config-router)#net 2.2.2.0 0.0.0.255 area 0
RB(config-router)#net 10.0.0.0 0.0.0.255 area 0
RB(config-router)#net 11.0.0.0 0.0.0.255 area 0
RB(config-router)#end
---------------------------------------------------
RC(config)#int l0
RC(config-if)#ip add 3.3.3.3 255.255.255.0
RC(config-if)#ip ospf network point-to-point
RC(config-if)#int s1/2
RC(config-if)#ip add 12.0.0.2 255.255.255.0
RC(config-if)#no shut
RC(config-if)#int s1/1
RC(config-if)#ip add 11.0.0.2 255.255.255.0
RC(config-if)#no shut
RC(config-if)#exit
RC(config)#router ospf 3
RC(config-router)#router-id 3.3.3.3
RC(config-router)#net 3.3.3.0 0.0.0.255 area 0
RC(config-router)#net 11.0.0.0 0.0.0.255 area 0
RC(config-router)#net 12.0.0.0 0.0.0.255 area 0
RC(config-router)#end
 
注意:在DynamipsGUI中进行配置时可不配时钟,但在实际的配置过程中,对DCE接口必须配置时钟。
-----------------------------------------------------
2、基本调试

RA#sh ip route ospf                  ------查看通过OSPF学习到的路由
     2.0.0.0/24 is subnetted, 1 subnets
O       2.2.2.0 [110/65] via 10.0.0.2, 00:00:14, Serial1/0
     3.0.0.0/24 is subnetted, 1 subnets
O       3.3.3.0 [110/65] via 12.0.0.2, 00:00:14, Serial1/2
     11.0.0.0/24 is subnetted, 1 subnets
O       11.0.0.0 [110/128] via 12.0.0.2, 00:00:14, Serial1/2
                 [110/128] via 10.0.0.2, 00:00:14, Serial1/0
 
RA#sh ip protocols                 -----查看路由
Routing Protocol is "ospf 1"        ------启用了OSPF,进程号为1
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 1.1.1.1                       ------路由器ID
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:              -----路由的网络
    1.1.1.0 0.0.0.255 area 0
    10.0.0.0 0.0.0.255 area 0
    12.0.0.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps     ----路由花费参考带宽为100M
  Routing Information Sources:                   ----邻居路由器
    Gateway         Distance      Last Update
    3.3.3.3              110      00:01:14
    2.2.2.2              110      00:01:14
  Distance: (default is 110)
 
RA#sh ip ospf interface s1/2          -----查看接口
Serial1/2 is up, line protocol is up
  Internet Address 12.0.0.1/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5   ----hello/dead时间间隔
    …………
  Suppress hello for 0 neighbor(s)

RA#sh ip ospf nei            -----查看邻居
Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:00:37    12.0.0.2        Serial1/2
2.2.2.2           0   FULL/  -        00:00:39    10.0.0.2        Serial1/0
从以上可见,在点对点环境下,没有DR/BDR选举,邻居关系自动建立。
 
RA#sh ip ospf database       -----查看LSDB,三张表的LSDB是一样的
            OSPF Router with ID (1.1.1.1) (Process ID 1)
                Router Link States (Area 0)
Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         325         0x80000005 0x00E5BD 5
2.2.2.2         2.2.2.2         223         0x80000006 0x002F6D 5
3.3.3.3         3.3.3.3         202         0x80000005 0x00C1CF 5
===========================================================================================
二、OSPF认证配置
 
OSPF认证有基于区域和基于链路的认证,现分别介绍如下:
 
(一)基于区域的认证
 
1、明文认证:各个路由器的基本配置
-------------------------------------
RA(config)#router ospf 1
RA(config-router)#area 0 auth     -----启用基于区域的明文验证
RA(config-router)#int s1/0
RA(config-if)#ip ospf authentication-key 123    ----设置验证密钥
RA(config-if)#int s1/2
RA(config-if)#ip ospf authentication-key 123
RA(config-if)#end
-------------------------------------------
RB(config-router)#area 0 auth
RB(config-router)#int s1/0
RB(config-if)#ip ospf authentication-key 123
RB(config-if)#int s1/1
RB(config-if)#ip ospf authentication-key 123
------------------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth
RC(config-router)#int s1/1
RC(config-if)#ip ospf authentication-key 123
RC(config-if)#int s1/2
RC(config-if)#ip ospf authentication-key 1
--------------------------------------------------
2、明文认证:调试

RA#sh ip route ospf         ----查看通过OSPF学习到的路由
     2.0.0.0/24 is subnetted, 1 subnets
O       2.2.2.0 [110/65] via 10.0.0.2, 00:02:39, Serial1/0
     3.0.0.0/24 is subnetted, 1 subnets
O       3.3.3.0 [110/129] via 10.0.0.2, 00:02:39, Serial1/0
     11.0.0.0/24 is subnetted, 1 subnets
O       11.0.0.0 [110/128] via 10.0.0.2, 00:02:39, Serial1/0

RA#sh ip ospf              ----查看路由信息
  Routing Process "ospf 1" with ID 1.1.1.1
 Start time: 00:16:37.616, Time elapsed: 00:53:20.840
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 ……
 Cisco NSF helper support enabled
    Area BACKBONE(0)              ----区域0的信息
        Number of interfaces in this area is 3
        Area has simple password authentication      ------明文认证信息
        ……
        Flood list length 0
===================================================
3、MD5认证:各路由器基本配置
 
删除明文认证后重新配置如下:
RA(config)#router ospf 1
RA(config-router)#area 0 auth message-digest           -----区域0启用MD5验证
RA(config-router)#int s1/0
RA(config-if)#ip ospf message-digest-key 1 md5 123     -----设置认证KEY ID和密钥
RA(config-if)#int s1/2
RA(config-if)#ip ospf message-digest-key 1 md5 123
----------------------------------------------------------------------
RB(config)#router ospf 2
RB(config-router)#area 0 auth message-digest
RB(config-router)#int s1/0
RB(config-if)#ip ospf message-digest-key 1 md5 123
RB(config-if)#int s1/1
RB(config-if)#ip ospf message-digest-key 1 md5 123
-----------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth message-digest
RC(config-router)#int s1/1
RC(config-if)#ip ospf message-digest-key 1 md5 123
RC(config-if)#int s
*Apr 23 09:19:29.707: %OSPF-5-ADJCHG: Process 3, Nbr 2.2.2.2 on
OADING to FULL, Loading Done1/2
RC(config-if)#ip ospf message-digest-key 1 md5 123
-------------------------------------
4、MD5认证:调试

RA#sh ip route ospf
     2.0.0.0/24 is subnetted, 1 subnets
O       2.2.2.0 [110/65] via 10.0.0.2, 00:00:35, Serial1/0
     3.0.0.0/24 is subnetted, 1 subnets
O       3.3.3.0 [110/65] via 12.0.0.2, 00:00:35, Serial1/2
     11.0.0.0/24 is subnetted, 1 subnets
O       11.0.0.0 [110/128] via 12.0.0.2, 00:00:35, Serial1/2
                 [110/128] via 10.0.0.2, 00:00:35, Serial1/0

RA#sh ip ospf nei
Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:00:37    12.0.0.2        Serial1/2
2.2.2.2           0   FULL/  -        00:00:37    10.0.0.2        Serial1/0
 
RA#sh ip ospf
  Routing Process "ospf 1" with ID 1.1.1.1
 Start time: 00:16:37.616, Time elapsed: 01:00:13.356
 ……
  Cisco NSF helper support enabled
    Area BACKBONE(0)                                   -----区域0信息
        Number of interfaces in this area is 3
        Area has message digest authentication             ----MD5认证
       ……
        Flood list length 0
 
RA#sh ip ospf int s1/2                   -----查看接口信息
Serial1/2 is up, line protocol is up
  Internet Address 12.0.0.1/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    ……
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled                   ----MD5认证信息
    Youngest key id is 1
-----------------------------------------------------------------------------
(一)基于链路的认证
 
 
基于链路的认证也分为明文和MD5验证。其配置过程同基于区域的配置过程基本相同,但需要在各个路由器配置中去掉启用区域认证这一句(以RA为例):
RA(config)#router ospf 1
RA(config-router)#no area 0 auth message-digest           -----去掉区域0启用MD5验证
调试方法也参考基于区域的认证。
====================================================
 
实验总结:在点到点链路上配置OSPF,邻居关系自动创建,没有DR/BDP选举。OSPF的验证分为基于区域和基于链路的认证两种,其中基于链路的认证优于基于区域的认证。
 
 
 
 

你可能感兴趣的:(认证,ospf,ccnp,点到点,BSCI)