NA-NP-IE系列实验26: 基于链路的OSPF 简单口令认证

实验26: 基于链路的OSPF 简单口令认证
1. 实验目的
通过本实验可以掌握:
1OSPF 认证的类型和意义
2)基于链路的OSPF 简单口令认证的配置和调试
2. 实验拓扑
本实验的拓扑结构如图所示。
NA-NP-IE系列实验26: 基于链路的OSPF 简单口令认证_第1张图片
3. 实验步骤
配置如下:
r0(config-if)#int lo 1
*Mar  1 00:02:25.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
r0(config-if)#ip add 1.1.1 .1 255.255.255.0
r0(config-if)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.16.1.1      YES manual administratively down down   
Serial0/1                  unassigned      YES unset  administratively down down   
Serial0/2                  unassigned      YES unset  administratively down down   
Serial0/3                  unassigned      YES unset  administratively down down   
Loopback1                  1.1.1 .1         YES manual up                    up     
r0(config)#int s0/0
r0(config-if)#ip add 172.16.1.1 255.255.255.0
r0(config-if)#no sh
r0(config-if)#
*Mar  1 00:04:56.159: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar  1 00:04:57.159: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#exit
r0(config)#router ospf 1
r0(config-router)#net 1.1.1 .0 0.0.0.255 area 0
r0(config-router)#net 172.16.1.0 0.0.0 .255 area 0
r0(config-router)#area 0 authen
r0(config-router)#area 0 authentication / 链路启用简单口令认证
 
r0(config-router)#exit
r0(config)#int s0/0
r0(config-if)#ip ospf aut
r0(config-if)#ip ospf authentication-key cisco // 配置认证密码
 
r0(config-if)#exit
r0(config)#
*Mar  1 00:09:04.015: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2 .2 on Serial0/0 from LOADING to FULL, Loading Done
r0(config)#do sh ip ospf int
Serial0/0 is up, line protocol is up
  Internet Address 172.16.1.1/24, Area 0
  Process ID 1, Router ID 1.1.1 .1, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:08
  Supports Link-local Signaling (LLS)
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2 .2
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled 以上输出最后一行信息表明该接口启用了简单口令认证。
 
Loopback1 is up, line protocol is up
  Internet Address 1.1.1 .1/24, Area 0
  Process ID 1, Router ID 1.1.1 .1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
r0(config)#do sh ip ospf
 Routing Process "ospf 1" with ID 1.1.1 .1
 Start time: 00:05:18.352, Time elapsed: 00:04:33.244
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 2 (1 loopback)
        Area has simple password authentication
        SPF algorithm last executed 00:00:46.044 ago
        SPF algorithm executed 3 times
        Area ranges are
        Number of LSA 2. Checksum Sum 0x00F404
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
         
r0(config)#router ospf 1
r0(config-router)#no area 0 au
r0(config-router)#no area 0 authentication 如果R1 s0/0/0 接口启动简单口令认证,R2 s0/0/0 接口没有启动认证,则
*Mar  1 00:11:13.811: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2 .2 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
r0(config-router)#do ping 2.2.2 .2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2 .2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r0(config-router)#
 
 
 
 
r1(config)#int loo 1
r1(config-if)#ip add 2.2.2 .2 255.255.255.0
r1(config-if)#int s0/0
r1(config-if)#ip add 172.16.1.2 255.255.255.0
r1(config-if)#no sh
r1(config-if)#exit
r1(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  172.16.1.2      YES manual up                    up     
Serial0/1                  unassigned      YES unset  administratively down down   
Serial0/2                  unassigned      YES unset  administratively down down   
Serial0/3                  unassigned      YES unset  administratively down down   
Loopback1                  2.2.2 .2         YES manual up                    up     
r1(config)#router ospf 1
r1(config-router)#net 2.2.2 .0 0.0.0.255 area 0
r1(config-router)#net 172.16.1.0 0.0.0 .255 area 0
 
r1(config-router)#area 0 authentication
r1(config-router)#exit
r1(config)#int s0/0
r1(config-if)#ip ospf authentication-key cisco
r1(config-if)#exit
r1(config)#do ping 172.16
*Mar  1 00:09:03.575: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1 .1 on Serial0/0 from LOADING to FULL, Loading Done
r1(config)#do ping 172.16.1.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/47/80 ms
r1(config)#do ping 1.1.1 .1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1 .1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/48/76 ms
r1(config)#
*Mar  1 00:11:07.231: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1 .1 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
r1(config)#

本文出自 “柯浩坚” 博客,转载请与作者联系!

你可能感兴趣的:(职场,休闲,NA-NP-IE系列实验,简单口令认证,基于链路的OSPF)