ospf 虛鏈路配置

Authentication Over a Virtual Link

setp1 　接口下配置KEY
　　　　 　ip ospf authentication-key cisco
setp2 　ospf進程下開啓認證
         router ospf 1

         area 0 authentication
setp3 　在虛鏈路下開啓認證
         area 1 virtual-link 3.3.3.3 authentication-key bosco
setp4    查看是否成功
             show ip ospf


1、使用簡單驗證
Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

ip ospf authentication-key cisco

clockrate 64000

!

router ospf 1

area 0 authentication

network 10.1.1.0 0.0.0.3 area 0

network 1.1.1.1 0.0.0.0 area 0


Router B

router ospf 1

area 0 authentication

area 1 virtual-link 3.3.3.3 authentication-key bosco　// 這個KEY 和前面接口下的KEY沒有關係
**********************************************************************************************
Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
   <0-7>    Encryption type (0 for not yet encrypted, 7 for proprietary)
  LINE    Authentication key (8 chars)　　　　//這個KEY 和前面接口下的KEY沒有關係
**********************************************************************************

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1



Router C

router ospf 1

area 0 authentication
*****************************************************************************
注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in
      Area 0.
      若是在area0 RA 上開啓了驗證，那麼在RC上也要使用 area 0 authentication 命令，由於RC經過virtual-link鏈接到了　area 0
****************************************************************

2、 配置MD5 驗證
Message Digest Authentication Over a Virtual Link

Router B

router ospf 1

area 1 virtual-link 3.3.3.3 authentication message-digest

area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1



Router C

router ospf 1

area 1 virtual-link 2.2.2.2 authentication message-digest //啓用MD5認證

area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //設MD5KEY-1 爲 cisco

network 3.3.3.3 0.0.0.0 area 2

network 10.1.1.4 0.0.0.3 area 1

驗證:

rtrB#show ip ospf virtual-links

Virtual Link OSPF_VL3 to router 3.3.3.3 is up    //VIR狀態

    Run as demand circuit

    DoNotAge LSA allowed.

    Transit area 1, via interface Serial1, Cost of using 64

    Transmit Delay is 1 sec, State POINT_TO_POINT,

    Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

   Hello due in 00:00:01

   Adjacency State FULL (Hello suppressed)

   Message digest authentication enabled       //此句說明MD5 驗證已經啓用

Youngest key id is 1                                   //說明的KEY-1



3、Configuration Example : Null Authentication 不啓用VIR驗證
Router B

router ospf 1

area 0 authentication

area 1 virtual-link 3.3.3.3 authentication null

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1



Router C

router ospf 1

area 1 virtual-link 2.2.2.2 authentication null network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1