实验拓扑:
实验要求:分别在RA/RB/RC(即图中的R1/R2/R3)上启用OSPF,注意观察它们的网络类型以及邻居关系,并观察认证后的特点。
实验目的:熟练进行点到点OSPF的基本配置和认证调试。
实验仿真:DynamipsGUI
一、点到点链路OSPF的配置及调试
1、三个路由器的基本配置
-----------------------------------------
RA(config)#int l0
RA(config-if)#ip add 2.2.2.2 255.255.255.0
RA(config-if)#ip ospf network point-to-point ----这里要配置网络类型
RA(config-if)#int s1/0
RA(config-if)#ip add 10.0.0.2 255.255.255.0
RA(config-if)#no shut
RA(config-if)#int s1/2
RA(config-if)#ip add 12.0.0.1 255.255.255.0
RA(config-if)#no shut
RA(config-if)#exit
RA(config)#router ospf 1 -----配置基本的OSPF
RA(config-router)#router-id 1.1.1.1 -----指定路由器ID
RA(config-router)#network 1.1.1.0 0.0.0.255 area 0
RA(config-router)#net 10.0.0.0 0.0.0.255 area 0
RA(config-router)#net 12.0.0.0 0.0.0.255 area 0
RA(config-router)#end
-----------------------------------------------------
RB(config)#int l0
RB(config-if)#ip add 2.2.2.2 255.255.255.0
RB(config-if)#ip ospf network point-to-point
RB(config-if)#int s1/0
RB(config-if)#ip add 10.0.0.2 255.255.255.0
RB(config-if)#no shut
RB(config-if)#int s1/1
RB(config-if)#ip add 11.0.0.1 255.255.255.0
RB(config-if)#no shut
RB(config-if)#exit
RB(config)#router ospf 2
RB(config-router)#router-id 2.2.2.2
RB(config-router)#net 2.2.2.0 0.0.0.255 area 0
RB(config-router)#net 10.0.0.0 0.0.0.255 area 0
RB(config-router)#net 11.0.0.0 0.0.0.255 area 0
RB(config-router)#end
---------------------------------------------------
RC(config)#int l0
RC(config-if)#ip add 3.3.3.3 255.255.255.0
RC(config-if)#ip ospf network point-to-point
RC(config-if)#int s1/2
RC(config-if)#ip add 12.0.0.2 255.255.255.0
RC(config-if)#no shut
RC(config-if)#int s1/1
RC(config-if)#ip add 11.0.0.2 255.255.255.0
RC(config-if)#no shut
RC(config-if)#exit
RC(config)#router ospf 3
RC(config-router)#router-id 3.3.3.3
RC(config-router)#net 3.3.3.0 0.0.0.255 area 0
RC(config-router)#net 11.0.0.0 0.0.0.255 area 0
RC(config-router)#net 12.0.0.0 0.0.0.255 area 0
RC(config-router)#end
注意:在DynamipsGUI中进行配置时可不配时钟,但在实际的配置过程中,对DCE接口必须配置时钟。
-----------------------------------------------------
2、基本调试
RA#sh ip route ospf ------查看通过OSPF学习到的路由
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.0.0.2, 00:00:14, Serial1/0
3.0.0.0/24 is subnetted, 1 subnets
O 3.3.3.0 [110/65] via 12.0.0.2, 00:00:14, Serial1/2
11.0.0.0/24 is subnetted, 1 subnets
O 11.0.0.0 [110/128] via 12.0.0.2, 00:00:14, Serial1/2
[110/128] via 10.0.0.2, 00:00:14, Serial1/0
RA#sh ip protocols -----查看路由
Routing Protocol is "ospf 1" ------启用了OSPF,进程号为1
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.1 ------路由器ID
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks: -----路由的网络
1.1.1.0 0.0.0.255 area 0
10.0.0.0 0.0.0.255 area 0
12.0.0.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps ----路由花费参考带宽为100M
Routing Information Sources: ----邻居路由器
Gateway Distance Last Update
3.3.3.3 110 00:01:14
2.2.2.2 110 00:01:14
Distance: (default is 110)
RA#sh ip ospf interface s1/2 -----查看接口
Serial1/2 is up, line protocol is up
Internet Address 12.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 ----hello/dead时间间隔
…………
Suppress hello for 0 neighbor(s)
RA#sh ip ospf nei -----查看邻居
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:37 12.0.0.2 Serial1/2
2.2.2.2 0 FULL/ - 00:00:39 10.0.0.2 Serial1/0
从以上可见,在点对点环境下,没有DR/BDR选举,邻居关系自动建立。
RA#sh ip ospf database -----查看LSDB,三张表的LSDB是一样的
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 325 0x80000005 0x00E5BD 5
2.2.2.2 2.2.2.2 223 0x80000006 0x002F6D 5
3.3.3.3 3.3.3.3 202 0x80000005 0x00C1CF 5
===========================================================================================
二、OSPF认证配置
OSPF认证有基于区域和基于链路的认证,现分别介绍如下:
(一)基于区域的认证
1、明文认证:各个路由器的基本配置
-------------------------------------
RA(config)#router ospf 1
RA(config-router)#area 0 auth -----启用基于区域的明文验证
RA(config-router)#int s1/0
RA(config-if)#ip ospf authentication-key 123 ----设置验证密钥
RA(config-if)#int s1/2
RA(config-if)#ip ospf authentication-key 123
RA(config-if)#end
-------------------------------------------
RB(config-router)#area 0 auth
RB(config-router)#int s1/0
RB(config-if)#ip ospf authentication-key 123
RB(config-if)#int s1/1
RB(config-if)#ip ospf authentication-key 123
------------------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth
RC(config-router)#int s1/1
RC(config-if)#ip ospf authentication-key 123
RC(config-if)#int s1/2
RC(config-if)#ip ospf authentication-key 1
--------------------------------------------------
2、明文认证:调试
RA#sh ip route ospf ----查看通过OSPF学习到的路由
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.0.0.2, 00:02:39, Serial1/0
3.0.0.0/24 is subnetted, 1 subnets
O 3.3.3.0 [110/129] via 10.0.0.2, 00:02:39, Serial1/0
11.0.0.0/24 is subnetted, 1 subnets
O 11.0.0.0 [110/128] via 10.0.0.2, 00:02:39, Serial1/0
RA#sh ip ospf ----查看路由信息
Routing Process "ospf 1" with ID 1.1.1.1
Start time: 00:16:37.616, Time elapsed: 00:53:20.840
Supports only single TOS(TOS0) routes
Supports opaque LSA
……
Cisco NSF helper support enabled
Area BACKBONE(0) ----区域0的信息
Number of interfaces in this area is 3
Area has simple password authentication ------明文认证信息
……
Flood list length 0
===================================================
3、MD5认证:各路由器基本配置
删除明文认证后重新配置如下:
RA(config)#router ospf 1
RA(config-router)#area 0 auth message-digest -----区域0启用MD5验证
RA(config-router)#int s1/0
RA(config-if)#ip ospf message-digest-key 1 md5 123 -----设置认证KEY ID和密钥
RA(config-if)#int s1/2
RA(config-if)#ip ospf message-digest-key 1 md5 123
----------------------------------------------------------------------
RB(config)#router ospf 2
RB(config-router)#area 0 auth message-digest
RB(config-router)#int s1/0
RB(config-if)#ip ospf message-digest-key 1 md5 123
RB(config-if)#int s1/1
RB(config-if)#ip ospf message-digest-key 1 md5 123
-----------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth message-digest
RC(config-router)#int s1/1
RC(config-if)#ip ospf message-digest-key 1 md5 123
RC(config-if)#int s
*Apr 23 09:19:29.707: %OSPF-5-ADJCHG: Process 3, Nbr 2.2.2.2 on
OADING to FULL, Loading Done1/2
RC(config-if)#ip ospf message-digest-key 1 md5 123
-------------------------------------
4、MD5认证:调试
RA#sh ip route ospf
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 [110/65] via 10.0.0.2, 00:00:35, Serial1/0
3.0.0.0/24 is subnetted, 1 subnets
O 3.3.3.0 [110/65] via 12.0.0.2, 00:00:35, Serial1/2
11.0.0.0/24 is subnetted, 1 subnets
O 11.0.0.0 [110/128] via 12.0.0.2, 00:00:35, Serial1/2
[110/128] via 10.0.0.2, 00:00:35, Serial1/0
RA#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:37 12.0.0.2 Serial1/2
2.2.2.2 0 FULL/ - 00:00:37 10.0.0.2 Serial1/0
RA#sh ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Start time: 00:16:37.616, Time elapsed: 01:00:13.356
……
Cisco NSF helper support enabled
Area BACKBONE(0) -----区域0信息
Number of interfaces in this area is 3
Area has message digest authentication ----MD5认证
……
Flood list length 0
RA#sh ip ospf int s1/2 -----查看接口信息
Serial1/2 is up, line protocol is up
Internet Address 12.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
……
Suppress hello for 0 neighbor(s)
Message digest authentication enabled ----MD5认证信息
Youngest key id is 1
-----------------------------------------------------------------------------
(一)基于链路的认证
基于链路的认证也分为明文和MD5验证。其配置过程同基于区域的配置过程基本相同,但需要在各个路由器配置中去掉启用区域认证这一句(以RA为例):
RA(config)#router ospf 1
RA(config-router)#no area 0 auth message-digest -----去掉区域0启用MD5验证
调试方法也参考基于区域的认证。
====================================================
实验总结:在点到点链路上配置OSPF,邻居关系自动创建,没有DR/BDP选举。OSPF的验证分为基于区域和基于链路的认证两种,其中基于链路的认证优于基于区域的认证。