ospf 虚链路配置

Authentication Over a Virtual Link

setp1 　接口下配置KEY
　　　　　ip ospf authentication-key cisco
setp2 　ospf进程下开启认证
router ospf 1

area 0 authentication
setp3 　在虚链路下开启认证
area 1 virtual-link 3.3.3.3 authentication-key bosco
setp4 查看是否成功
show ip ospf

一、使用简单验证
Router A

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Serial0/1

ip address 10.1.1.1 255.255.255.252

ip ospf authentication-key cisco

clockrate 64000

!

router ospf 1

area 0 authentication

network 10.1.1.0 0.0.0.3 area 0

network 1.1.1.1 0.0.0.0 area 0

Router B

router ospf 1

area 0 authentication

area 1 virtual-link 3.3.3.3 authentication-key bosco　// 这个KEY 和前面接口下的KEY没有关系
**********************************************************************************************
Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE Authentication key (8 chars)　　　　//这个KEY 和前面接口下的KEY没有关系
**********************************************************************************

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1

Router C

router ospf 1

area 0 authentication
*****************************************************************************
注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in
Area 0.
如果在area0 RA 上开启了验证，那么在RC上也要使用 area 0 authentication 命令，因为RC通过virtual-link连接到了　area 0
****************************************************************

二、 配置MD5 验证
Message Digest Authentication Over a Virtual Link

Router B

router ospf 1

area 1 virtual-link 3.3.3.3 authentication message-digest

area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1

Router C

router ospf 1

area 1 virtual-link 2.2.2.2 authentication message-digest //启用MD5认证

area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //设MD5KEY-1 为 cisco

network 3.3.3.3 0.0.0.0 area 2

network 10.1.1.4 0.0.0.3 area 1

验证:

rtrB#show ip ospf virtual-links

Virtual Link OSPF_VL3 to router 3.3.3.3 is up //VIR状态

Run as demand circuit

DoNotAge LSA allowed.

Transit area 1, via interface Serial1, Cost of using 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:01

Adjacency State FULL (Hello suppressed)

Message digest authentication enabled //此句说明MD5 验证已经启用

Youngest key id is 1 //说明的KEY-1

三、Configuration Example : Null Authentication 不启用VIR验证
Router B

router ospf 1

area 0 authentication

area 1 virtual-link 3.3.3.3 authentication null

network 2.2.2.2 0.0.0.0 area 0

network 10.1.1.0 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1

Router C

router ospf 1

area 1 virtual-link 2.2.2.2 authentication null

network 3.3.3.3 0.0.0.0 area 2

network 10.1.1.4 0.0.0.3 area 1
本文出自 “精湛的技术源于此” 博客，谢绝转载！