HCNA-21.OSPF的认证

21.OSPF的认证

默认情况下， OSPF使用身份验证方法null， 即不对通过网络交换的路由选择信息进行身份验证。

1） OSPF还支持其他两种身份验证方法： 简单密码身份验证(也叫明文身份验证)和MD5身份验证。

2）按认证作用的范围分为：

          a. 区域范围认证： 区域内所有路由器都启用认证功能

           b.接口范围认证： 在任意两个直连接口间启用认证功能

==========================================================

1.路由设备初始化配置和配置OSPF路由协议

==========================================================

实验拓扑：

#根据拓扑图，配置路由器的各个接口

R1:

sys

sysname R1

undo info-cen en

int g0/0/0

ip add 10.0.12.1 24

int loopback 0

ip add 1.1.1.1 32

q

ospf 1

area 1

network 10.0.12.0 0.0.0.255

network 1.1.1.1 0.0.0.0

q

q

------------------------------------------

R4:

sys

sysname R4

undo info-cen en

int g0/0/0

ip add 10.0.24.4 24

int loopback 0

ip add 4.4.4.4 32

q

ospf 1

area 1

network 10.0.24.0 0.0.0.255

network 4.4.4.4 0.0.0.0

q

q

------------------------------------------

R2:

sys

sysname R2

undo info-cen en

int g0/0/0

ip add 10.0.12.2 24

int g0/0/1

ip add 10.0.24.2 24

int g0/0/2

ip add 10.0.23.2 24

int loopback 0

ip add 2.2.2.2 32

q

ospf 1

area 1

network 10.0.12.0 0.0.0.255

network 10.0.24.0 0.0.0.255

area 0

network 10.0.23.0 0.0.0.255

network 2.2.2.2 0.0.0.0

q

q

------------------------------------------

R3:

sys

sysname R3

undo info-cen en

int g0/0/2

ip add 10.0.23.3 24

int g0/0/0

ip add 10.0.35.3 24

int g0/0/1

ip add 10.0.36.3 24

int loopback 0

ip add 3.3.3.3 32

q

ospf 1

area 0

network 10.0.23.0 0.0.0.255

network 10.0.35.0 0.0.0.255

network 10.0.36.0 0.0.0.255

network 3.3.3.3 0.0.0.0

q

q

------------------------------------------

R5:

sys

sysname R5

undo info-cen en

int g0/0/0

ip add 10.0.35.5 24

int loopback 0

ip add 5.5.5.5 32

q

ospf 1

area 0

network 10.0.35.0 0.0.0.255

network 5.5.5.5 0.0.0.0

q

q

------------------------------------------

R6:

sys

sysname R6

undo info-cen en

int g0/0/0

ip add 10.0.36.6 24

int loopback 0

ip add 6.6.6.6 32

q

ospf 1

area 0

network 10.0.36.0 0.0.0.255

network 6.6.6.6 0.0.0.0

q

q

------------------------------------------

------------------------------------------

R4 ping R5,R6

R1,R4 ping 6.6.6.6

==========================================================

二、配置公司分部OSPF区域明文认证

==========================================================

使用命令authentication-mode simple 给接口配置一个密码。

------------------------------------------

R1:

ospf 1

area 1

authentication-mode simple plain huawei1

dis this

undo authentication-mode

authentication-mode simple huawei1

dis this

dis ospf peer brief

------------------------------------------

R2:

ospf 1

area 1

authentication-mode simple huawei1

------------------------------------------

R4:

ospf 1

area 1

authentication-mode simple huawei1

==========================================================

三、配置公司总部OSPF区域密文认证

==========================================================

#使用命令authentication-mode md5 1给接口配置一个MD5密文认证。

R2,R3,R5,R6:

ospf 1

area 0

authentication-mode md5 1 huawei3

q

q

------------------------------------------

R3:

dis ospf peer brief

------------------------------------------

------------------------------

配置OSPF链路认证

------------------------------

R2:

int g0/0/1

ospf authentication-mode md5 1 huawei5

q

dis ospf peer brief

------------------------------------------

R4:

int g0/0/0

ospf authentication-mode md5 1 huawei5

q

------------------------------------------