OSPF Authentication配置詳解
在IOS12.0之前,若是在一個OSPF Area內任意一個接口上配置了認證,則全部area內的其它路由器的所
有接口也必須配置認證。
在IOS12.0之後,容許在單獨在一個接口上配置認證,與area內其它路由器無關。
在IOS12.0之後,容許在單獨在一個接口上配置認證,與area內其它路由器無關。
命令語法:
ip ospf authentication-key
password
ip ospf message-digest-key key-id md5 password
ip ospf message-digest-key key-id md5 password
password:在特定接口、區域或Virtual Link上用於密碼認證。能夠是1-8個字符串。
key-id:用於加密密碼的密鑰。取值範圍1-255。
key-id:用於加密密碼的密鑰。取值範圍1-255。
key-id匹配檢測是從小的ID到大的ID的。 大的ID被稱爲youngest-id。
key-id是基於接口、Virtual-link的,每一個接口都有相應的一個key-id範圍,相互之間key-id是分別開來的。
key-id是基於接口、Virtual-link的,每一個接口都有相應的一個key-id範圍,相互之間key-id是分別開來的。
當ospf收到一個ospf packet時:
1>檢測packet中的認證類型與當前接口、鏈路或區域配置是否匹配。0爲無認證,1爲明文認證,2爲MD5認證。
2>檢測packet中的密碼是否匹配,若是是MD5認證則從key-id小的開始,找到一個匹配則結束。無匹配則不能創建Adjacency關係。
鏈路兩端必須配置相同的password和key-id。
Part I. AREA級明文認證
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication
!
--------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication
!
--------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication
!
++++++++++++++++++++++++++++++
service password-encryption
show ip ospf neighbor
debug ip ospf events
++++++++++++++++++++++++++++++
service password-encryption
show ip ospf neighbor
debug ip ospf events
++++++++++++++++++++++++++++++
Part II. AREA級md5認證
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
Part III. AREA級md5認證切換
由於md5認證在收到時是從認證密碼池中依次匹配密碼的(密碼ID從小到大),因此它能夠同時配置多個密碼,進而能夠實如今多個密碼中平滑的過分。
1>增長新密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
2>取消舊密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication message-digest
!
Part IV. 接口級明文認證
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
--------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
--------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
Part V.接口級md5認證
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
Part VI.接口級md5認證切換
由於md5認證在收到時是從認證密碼池中依次匹配密碼的(密碼ID從小到大),因此它能夠同時配置多個密碼,進而能夠實如今多個密碼中平滑的過分。
1>增長新密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
2>取消舊密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
1>增長新密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
2>取消舊密碼
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication message-digest
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
!
---------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication message-digest
no ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
!
Part IX. 取消一個接口的的認證(MD5/明文)
!
host r1
!
int s1/0
description conn_to_r2
ip add 192.168.1.1 255.255.255.0
ip ospf authentication-key cisco
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 0
area 0 authentication
!
--------------------------------------------
!
host r2
!
int s1/0
description conn_to_r1
ip add 192.168.1.2 255.255.255.0
ip ospf authentication-key cisco
!
int s1/1
description conn_to_r3
ip add 192.168.2.1 255.255.255.0
ip ospf authentication null
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 0
net 192.168.2.0 0.0.0.255 area 0
area 0 authentication
!
---------------------------------------------
!
host r3
!
int s1/0
description conn_to_r2
ip add 192.168.2.2 255.255.255.0
!
router ospf 100
router-id 10.0.0.3
net 192.168.2.0 0.0.0.255 area 0
!
Part X. Virtual Link上的認證
命令語法:
area transit-area-id virtual-link router-id message-digest-key key-id md5 password
!
host r3
!
int s1/0
description conn_to_area_0
ip add 192.168.0.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco0
!
router ospf 100
router-id 10.0.0.3
net 192.168.0.0 0.0.0.255 area 0
area 0 authentication message-digest
!
--------------------------------------------
!
host r1
!
int s1/0
dscription conn_to_area_1
ip add 192.168.1.1 255.255.255.0
!
int s1/1
description conn_to_area_0
ip add 192.168.0.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco0
!
router ospf 100
router-id 10.0.0.1
net 192.168.1.0 0.0.0.255 area 1
net 192.168.0.0 0.0.0.255 area 0
area 0 authentication message-digest
area 1 virtual-link 10.0.0.2 message-digest-key 1 md5 cisco1
!
++++++++++++++++++++++++++++++++++++++++++
此處只需配置一個用於驗證的密碼便可,由於此處是在area0經過area1創建virtual-link,area0已經默認配置好了須要md5認證了。
若是沒有最後的area 1 virtual-link 10.0.0.2 message-digest-key 1 md5 cisco1命令,則按規則應該是發送使用key-id爲0的packet,固然virtual-link對端不可能配置key-id爲0的密碼條目,由於key-id可用範圍是1-255。對端就會顯示:
*Mar 1 00:28:34.043: OSPF: Rcv pkt from 192.168.1.1, OSPF_VL0 : Mismatch Authentication Key - No message digest key 0 on interface
++++++++++++++++++++++++++++++++++++++++++
---------------------------------------------
!
host r2
!
int s1/0
ip add 192.168.1.2 255.255.255.0
!
int s1/1
ip add 192.168.2.1 255.255.255.0
!
router ospf 100
router-id 10.0.0.2
net 192.168.1.0 0.0.0.255 area 1
net 192.168.2.0 0.0.0.255 area 2
area 1 virtual-link 10.0.0.1 authentication message-digest area 1 virtual-link 10.0.0.1 message-digest-key 1 md5 cisco01 ! ----------------------------------------------
相關文章
- 1. 華爲OSPF詳解及配置
- 2. BGP詳解+配置
- 3. OSPF詳解之三:OSPF LSA詳解
- 4. ospf的配置
- 5. ospf配置
- 6. OSPF(1.OSPF單區域配置 2.配置ospf的認證)
- 7. OSPF詳解(一)
- 8. OSPF--LSA詳解
- 9. OSPF詳解
- 10. Cisco SSL ××× 配置詳解
- 更多相關文章...
- • MyBatis配置文件詳解 - MyBatis教程
- • Eclipse Debug 配置 - Eclipse 教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 安裝cuda+cuDNN
- 2. GitHub的使用說明
- 3. phpDocumentor使用教程【安裝PHPDocumentor】
- 4. yarn run build報錯Component is not found in path 「npm/taro-ui/dist/weapp/components/rate/index「
- 5. 精講Haproxy搭建Web集羣
- 6. 安全測試基礎之MySQL
- 7. C/C++編程筆記:C語言中的複雜聲明分析,用實例帶你完全讀懂
- 8. Python3教程(1)----搭建Python環境
- 9. 李宏毅機器學習課程筆記2:Classification、Logistic Regression、Brief Introduction of Deep Learning
- 10. 阿里雲ECS配置速記
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 華爲OSPF詳解及配置
- 2. BGP詳解+配置
- 3. OSPF詳解之三:OSPF LSA詳解
- 4. ospf的配置
- 5. ospf配置
- 6. OSPF(1.OSPF單區域配置 2.配置ospf的認證)
- 7. OSPF詳解(一)
- 8. OSPF--LSA詳解
- 9. OSPF詳解
- 10. Cisco SSL ××× 配置詳解