ospf 虚链路配置
2010-06-22 20:54
323 查看
Authentication Over a Virtual Link
setp1 接口下配置KEY
ip ospf authentication-key cisco
setp2 ospf进程下开启认证
router ospf 1
area 0 authentication
setp3 在虚链路下开启认证
area 1 virtual-link 3.3.3.3 authentication-key bosco
setp4 查看是否成功
show ip ospf
一、使用简单验证
Router A
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.252
ip ospf authentication-key cisco
clockrate 64000
!
router ospf 1
area 0 authentication
network 10.1.1.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0
Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bosco // 这个KEY 和前面接口下的KEY没有关系
**********************************************************************************************
Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE Authentication key (8 chars) //这个KEY 和前面接口下的KEY没有关系
**********************************************************************************
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 0 authentication
*****************************************************************************
注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in
Area 0.
如果在area0 RA 上开启了验证,那么在RC上也要使用 area 0 authentication 命令,因为RC通过virtual-link连接到了 area 0
****************************************************************
二、 配置MD5 验证
Message Digest Authentication Over a Virtual Link
Router B
router ospf 1
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication message-digest //启用MD5认证
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //设MD5KEY-1 为 cisco
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1
验证:
rtrB#show ip ospf virtual-links
Virtual Link OSPF_VL3 to router 3.3.3.3 is up //VIR状态
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Message digest authentication enabled //此句说明MD5 验证已经启用
Youngest key id is 1 //说明的KEY-1
三、Configuration Example : Null Authentication 不启用VIR验证
Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication null
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication null
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1
本文出自 “精湛的技术源于此” 博客,谢绝转载!
setp1 接口下配置KEY
ip ospf authentication-key cisco
setp2 ospf进程下开启认证
router ospf 1
area 0 authentication
setp3 在虚链路下开启认证
area 1 virtual-link 3.3.3.3 authentication-key bosco
setp4 查看是否成功
show ip ospf
一、使用简单验证
Router A
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.252
ip ospf authentication-key cisco
clockrate 64000
!
router ospf 1
area 0 authentication
network 10.1.1.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0
Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bosco // 这个KEY 和前面接口下的KEY没有关系
**********************************************************************************************
Router(config-router)#area 1 virtual-link 3.3.3.3 authentication-key ?
<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE Authentication key (8 chars) //这个KEY 和前面接口下的KEY没有关系
**********************************************************************************
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 0 authentication
*****************************************************************************
注意: Notice that the command area 0 authentication was used on Router C because the virtual link is in
Area 0.
如果在area0 RA 上开启了验证,那么在RC上也要使用 area 0 authentication 命令,因为RC通过virtual-link连接到了 area 0
****************************************************************
二、 配置MD5 验证
Message Digest Authentication Over a Virtual Link
Router B
router ospf 1
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication message-digest //启用MD5认证
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco //设MD5KEY-1 为 cisco
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1
验证:
rtrB#show ip ospf virtual-links
Virtual Link OSPF_VL3 to router 3.3.3.3 is up //VIR状态
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Message digest authentication enabled //此句说明MD5 验证已经启用
Youngest key id is 1 //说明的KEY-1
三、Configuration Example : Null Authentication 不启用VIR验证
Router B
router ospf 1
area 0 authentication
area 1 virtual-link 3.3.3.3 authentication null
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
Router C
router ospf 1
area 1 virtual-link 2.2.2.2 authentication null
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1
本文出自 “精湛的技术源于此” 博客,谢绝转载!
相关文章推荐
- 详解BSCI实验二、配置ospf验证,汇总,虚链路
- OSPF的虚链路配置
- OSPF虚链路配置:中转区域
- 配置OSPF的虚链路(详细配置)
- 配置ospf验证,汇总,虚链路
- ospf不连续区域的虚链路配置
- BSCI―6:OSPF链路状态通告(LSA)与虚链路(Virtual Links)配置
- 点到点多区域OSPF的安全认证和vritual-link(虚链路)的作用及配置.
- BSCI实验之十三:配置点到点链路OSPF及认证
- OSPF的高级应用之地址汇总与虚链路的配置
- 配置OSPF虚拟链路
- 点到点链路的ospf配置
- 详解BSCI实验二、配置ospf验证,汇总,虚链路
- RIPv2-EIGRP-BGP-OSPF[链路-区域-虚链路][明文-MD5]各认证配置
- 26、OSPF配置实验之不规则区域虚链路
- 配置ospf虚拟链路
- CCNP课堂练习二:OSpf配置路由的虚拟链路
- BSCI实验之十三:配置点到点链路OSPF及认证
- ospf中配置虚链路area0-area1-area0