BSCI实验之十三:配置点到点链路OSPF及认证
BSCI实验之十三:配置点到点链路OSPF及认证
2010-01-12 09:28:47
标签:
OSPF 认证 点到点 BSCI CCNP [ 推送到技术圈]
|
实验拓扑:
实验要求:分别在RA/RB/RC(即图中的R1/R2/R3)上启用OSPF,注意观察它们的网络类型以及邻居关系,并观察认证后的特点。
实验目的:熟练进行点到点OSPF的基本配置和认证调试。
实验仿真:DynamipsGUI
一、点到点链路OSPF的配置及调试
1、三个路由器的基本配置
----------------------------------------- RA(config)#int l0 RA(config-if)#ip add 2.2.2.2 255.255.255.0 RA(config-if)#ip ospf network point-to-point ----这里要配置网络类型 RA(config-if)#int s1/0 RA(config-if)#ip add 10.0.0.2 255.255.255.0 RA(config-if)#no shut RA(config-if)#int s1/2 RA(config-if)#ip add 12.0.0.1 255.255.255.0 RA(config-if)#no shut RA(config-if)#exit
RA(config)#router ospf 1 -----配置基本的OSPF
RA(config-router)#router-id 1.1.1.1 -----指定路由器ID RA(config-router)#network 1.1.1.0 0.0.0.255 area 0 RA(config-router)#net 10.0.0.0 0.0.0.255 area 0 RA(config-router)#net 12.0.0.0 0.0.0.255 area 0 RA(config-router)#end ----------------------------------------------------- RB(config)#int l0 RB(config-if)#ip add 2.2.2.2 255.255.255.0 RB(config-if)#ip ospf network point-to-point RB(config-if)#int s1/0 RB(config-if)#ip add 10.0.0.2 255.255.255.0 RB(config-if)#no shut RB(config-if)#int s1/1 RB(config-if)#ip add 11.0.0.1 255.255.255.0 RB(config-if)#no shut RB(config-if)#exit
RB(config)#router ospf 2
RB(config-router)#router-id 2.2.2.2 RB(config-router)#net 2.2.2.0 0.0.0.255 area 0 RB(config-router)#net 10.0.0.0 0.0.0.255 area 0 RB(config-router)#net 11.0.0.0 0.0.0.255 area 0 RB(config-router)#end --------------------------------------------------- RC(config)#int l0 RC(config-if)#ip add 3.3.3.3 255.255.255.0 RC(config-if)#ip ospf network point-to-point RC(config-if)#int s1/2 RC(config-if)#ip add 12.0.0.2 255.255.255.0 RC(config-if)#no shut RC(config-if)#int s1/1 RC(config-if)#ip add 11.0.0.2 255.255.255.0 RC(config-if)#no shut RC(config-if)#exit
RC(config)#router ospf 3
RC(config-router)#router-id 3.3.3.3 RC(config-router)#net 3.3.3.0 0.0.0.255 area 0 RC(config-router)#net 11.0.0.0 0.0.0.255 area 0 RC(config-router)#net 12.0.0.0 0.0.0.255 area 0 RC(config-router)#end
注意:在DynamipsGUI中进行配置时可不配时钟,但在实际的配置过程中,对DCE接口必须配置时钟。
----------------------------------------------------- 2、基本调试 RA#sh ip route ospf ------查看通过OSPF学习到的路由 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/65] via 10.0.0.2, 00:00:14, Serial1/0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/65] via 12.0.0.2, 00:00:14, Serial1/2 11.0.0.0/24 is subnetted, 1 subnets O 11.0.0.0 [110/128] via 12.0.0.2, 00:00:14, Serial1/2 [110/128] via 10.0.0.2, 00:00:14, Serial1/0
RA#sh ip protocols -----查看路由
Routing Protocol is "ospf 1" ------启用了OSPF,进程号为1 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 1.1.1.1 ------路由器ID Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: -----路由的网络 1.1.1.0 0.0.0.255 area 0 10.0.0.0 0.0.0.255 area 0 12.0.0.0 0.0.0.255 area 0 Reference bandwidth unit is 100 mbps ----路由花费参考带宽为100M Routing Information Sources: ----邻居路由器 Gateway Distance Last Update 3.3.3.3 110 00:01:14 2.2.2.2 110 00:01:14 Distance: (default is 110)
RA#sh ip ospf interface s1/2 -----查看接口
Serial1/2 is up, line protocol is up Internet Address 12.0.0.1/24, Area 0 Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 ----hello/dead时间间隔 …………
Suppress hello for 0 neighbor(s)
RA#sh ip ospf nei -----查看邻居
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:37 12.0.0.2 Serial1/2 2.2.2.2 0 FULL/ - 00:00:39 10.0.0.2 Serial1/0
从以上可见,在点对点环境下,没有DR/BDR选举,邻居关系自动建立。
RA#sh ip ospf database -----查看LSDB,三张表的LSDB是一样的
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 325 0x80000005 0x00E5BD 5 2.2.2.2 2.2.2.2 223 0x80000006 0x002F6D 5 3.3.3.3 3.3.3.3 202 0x80000005 0x00C1CF 5 =========================================================================================== 二、OSPF认证配置
OSPF认证有基于区域和基于链路的认证,现分别介绍如下:
(一)基于区域的认证
1、明文认证:各个路由器的基本配置
-------------------------------------
RA(config)#router ospf 1
RA(config-router)#area 0 auth -----启用基于区域的明文验证 RA(config-router)#int s1/0 RA(config-if)#ip ospf authentication-key 123 ----设置验证密钥 RA(config-if)#int s1/2 RA(config-if)#ip ospf authentication-key 123
RA(config-if)#end
-------------------------------------------
RB(config-router)#area 0 auth
RB(config-router)#int s1/0 RB(config-if)#ip ospf authentication-key 123 RB(config-if)#int s1/1 RB(config-if)#ip ospf authentication-key 123 ------------------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth RC(config-router)#int s1/1 RC(config-if)#ip ospf authentication-key 123 RC(config-if)#int s1/2 RC(config-if)#ip ospf authentication-key 1 --------------------------------------------------
2、明文认证:调试
RA#sh ip route ospf ----查看通过OSPF学习到的路由 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/65] via 10.0.0.2, 00:02:39, Serial1/0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/129] via 10.0.0.2, 00:02:39, Serial1/0 11.0.0.0/24 is subnetted, 1 subnets O 11.0.0.0 [110/128] via 10.0.0.2, 00:02:39, Serial1/0 RA#sh ip ospf ----查看路由信息 Routing Process "ospf 1" with ID 1.1.1.1 Start time: 00:16:37.616, Time elapsed: 00:53:20.840 Supports only single TOS(TOS0) routes Supports opaque LSA ……
Cisco NSF helper support enabled
Area BACKBONE(0) ----区域0的信息 Number of interfaces in this area is 3 Area has simple password authentication ------明文认证信息 ……
Flood list length 0
=================================================== 3、MD5认证:各路由器基本配置
删除明文认证后重新配置如下:
RA(config)#router ospf 1
RA(config-router)#area 0 auth message-digest -----区域0启用MD5验证 RA(config-router)#int s1/0 RA(config-if)#ip ospf message-digest-key 1 md5 123 -----设置认证KEY ID和密钥 RA(config-if)#int s1/2 RA(config-if)#ip ospf message-digest-key 1 md5 123 ---------------------------------------------------------------------- RB(config)#router ospf 2 RB(config-router)#area 0 auth message-digest RB(config-router)#int s1/0 RB(config-if)#ip ospf message-digest-key 1 md5 123 RB(config-if)#int s1/1 RB(config-if)#ip ospf message-digest-key 1 md5 123 -----------------------------------------------------------
RC(config)#router ospf 3
RC(config-router)#area 0 auth message-digest RC(config-router)#int s1/1 RC(config-if)#ip ospf message-digest-key 1 md5 123 RC(config-if)#int s *Apr 23 09:19:29.707: %OSPF-5-ADJCHG: Process 3, Nbr 2.2.2.2 on OADING to FULL, Loading Done1/2 RC(config-if)#ip ospf message-digest-key 1 md5 123 -------------------------------------
4、MD5认证:调试
RA#sh ip route ospf 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/65] via 10.0.0.2, 00:00:35, Serial1/0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/65] via 12.0.0.2, 00:00:35, Serial1/2 11.0.0.0/24 is subnetted, 1 subnets O 11.0.0.0 [110/128] via 12.0.0.2, 00:00:35, Serial1/2 [110/128] via 10.0.0.2, 00:00:35, Serial1/0 RA#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:37 12.0.0.2 Serial1/2 2.2.2.2 0 FULL/ - 00:00:37 10.0.0.2 Serial1/0
RA#sh ip ospf
Routing Process "ospf 1" with ID 1.1.1.1 Start time: 00:16:37.616, Time elapsed: 01:00:13.356 ……
Cisco NSF helper support enabled
Area BACKBONE(0) -----区域0信息 Number of interfaces in this area is 3 Area has message digest authentication ----MD5认证 ……
Flood list length 0
RA#sh ip ospf int s1/2 -----查看接口信息
Serial1/2 is up, line protocol is up Internet Address 12.0.0.1/24, Area 0 Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 ……
Suppress hello for 0 neighbor(s)
Message digest authentication enabled ----MD5认证信息 Youngest key id is 1
-----------------------------------------------------------------------------
(一)基于链路的认证
基于链路的认证也分为明文和MD5验证。其配置过程同基于区域的配置过程基本相同,但需要在各个路由器配置中去掉启用区域认证这一句(以RA为例):
RA(config)#router ospf 1
RA(config-router)#no area 0 auth message-digest -----去掉区域0启用MD5验证
调试方法也参考基于区域的认证。
====================================================
实验总结:在点到点链路上配置OSPF,邻居关系自动创建,没有DR/BDP选举。OSPF的验证分为基于区域和基于链路的认证两种,其中基于链路的认证优于基于区域的认证。
|