Juniper OSPF邻居验证实例讲解
OSPF邻居验证支持MD5和明文验证两种方式,下面就通过r1,r2,r3来做邻居验证。这里我们把r1和r2进行邻居md5加密
r1的配置如下: interfaces {
em1 {
unit 12 {
vlan-id 12;
family inet {
address 10.0.4.5/30;
}
}
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.14/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 10.0.0.1/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.2 {
interface em1.12 {
authentication {
md5 123 key "$9$4oZikmfTzn/"; ## SECRET-DATA//md5认证的key-id和key一定要和对端接口的key-id和key相匹配,否则就会验证失败!
}
}
interface em1.13;
}
}
}
r2的配置如下:interfaces {
em2 {
unit 21 {
vlan-id 12;
family inet {
address 10.0.4.6/30;
}
}
unit 23 {
vlan-id 23;
family inet {
address 10.0.4.2/30;
}
}
}
lo0 {
unit 2 {
family inet {
address 10.0.0.2/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.2 {
interface em2.21 {
authentication {
md5 123 key "$9$XkQ-s2oJGDHq"; ## SECRET-DATA
}
}
interface em2.23;
}
}
}
验证MD5是否成功:olive# run show ospf interface logical-system r1 em1.12 extensive
Interface State Area DR ID BDR ID Nbrs
em1.12 BDR 0.0.0.2 10.0.0.2 10.0.0.1 1
Type: LAN, Address: 10.0.4.5, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 10.0.4.6, BDR addr: 10.0.4.5, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: MD5, Active key ID: 123, Start time: 1970 Jan 1 08:00:00 CST
Protection type: None
Topology default (ID 0) -> Cost: 1
[edit logical-systems r2]
olive# run show ospf interface logical-system r2 em2.21 extensive
Interface State Area DR ID BDR ID Nbrs
em2.21 DR 0.0.0.2 10.0.0.2 10.0.0.1 1
Type: LAN, Address: 10.0.4.6, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 10.0.4.6, BDR addr: 10.0.4.5, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: MD5, Active key ID: 123, Start time: 1970 Jan 1 08:00:00 CST
Protection type: None
Topology default (ID 0) -> Cost: 1