R1配置
r1(config)#int s2/1
r1(config-if)#ip ad 192.168.1.1 255.255.255.0
r1(config-if)#no sh
R2配置
r2(config)#int s2/1
r2(config-if)#ip ad 192.168.1.2 255.255.255.0
r2(config-if)#no sh
R1配置认证
r1(config)#router os 100
r1(config-router)#net 192.168.1.1 0.0.0.0 a 0
r1(config-router)#area 0 authen 区域0下所有接口使用ospf明文认证
r1(config-router)#exi
r1(config)#int s2/1
r1(config-if)#ip ospf authentication-key 123 认证密码为123
r1(config-if)#end
R2配置认证
r2(config)#router os 100
r2(config-router)#net 192.168.1.2 0.0.0.0 a 0
r2(config-router)#exi
r2(config)#int s2/1
r2(config-if)#ip ospf authentication-key 123
R1调试信息
r1#deb ip os adj
OSPF adjacency events debugging is on
收到认证错误的提示信息
r1#
*Sep 10 15:35:17.211: OSPF: Rcv pkt from 192.168.1.2, Serial2/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1
解决认证错误问题
r2(config)#router os 100
r2(config-router)#area 0 authen
查看r1和r2的邻居关系
r1#sh ip os nei
Neighbor ID Pri State Dead Time Address Interface
192.168.1.2 0 FULL/ - 00:00:35 192.168.1.2 Serial2/1
查看ospf接口信息
r1#sh ip os nei
Neighbor ID Pri State Dead Time Address Interface
192.168.1.2 0 FULL/ - 00:00:32 192.168.1.2 Serial2/1
r1#sh ip os int
Serial2/1 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0
Process ID 100, Router ID 192.168.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.1.2
Suppress hello for 0 neighbor(s)
Simple password authentication enabled 这行显示的意思就是现在使用的是明文认证
现在将明文认证修改为密文认证
r1(config)#int s2/1
r1(config-if)#ip os authentication message-digest
r1(config-if)#ip os message-digest-key 1 md5 123
收到邻居down的消息
*Sep 10 15:45:27.235: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.2 on Serial2/1 from FULL to DOWN, Neighbor Down: Dead timer expired
查看ospf接口信息
r1(config)#do sh ip os int
Serial2/1 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0
Process ID 100, Router ID 192.168.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Message digest authentication enabled 现在已经成为密文认证了
Youngest key id is 1
修改r2认证类型也为密文
r2(config)#int s2/1
r2(config-if)#ip os authentication message-digest
r2(config-if)#ip os message-digest-key 1 md5 123
此时显示邻居关系已经建立好了
*Sep 10 15:50:46.535: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.1 on Serial2/1 from LOADING to FULL, Loading Done
再修改区域认证类型为密文认证
r1(config)#router os 100
r1(config-router)#area 0 authentication message-digest
r2(config)#router os 100
r2(config-router)#area 0 authentication message-digest