OSPF 认证

OSPF 认证

1.实验目的

通过本实验可以掌握：

（1）OSPF 认证的类型和意义

（2）基于区域的OSPF 简单口令认证的配置和调试

2实验环境

如下图所示

3.实验步骤

（1）步骤1：配置路由器R1

R1(config)#router ospf 1

R1(config-router)#router-id 1.1.1.1

R1(config-router)#network 192.168.12.0 255.255.255.0 area 0

R1(config-router)#network 1.1.1.0 255.255.255.0 area 0

R1(config-router)#area 0 authentication //区域0 启用简单口令认证

R1(config)#interface s0/0/0

R1(config-if)#ip ospf authentication-key cisco //配置认证密码

（2）步骤2：配置路由器R2

R2(config)#router ospf 1

R2(config-router)#router-id 2.2.2.2

R2(config-router)#network 2.2.2.0 255.255.255.0 area 0

R2(config-router)#network 192.168.12.0 255.255.255.0 area 0

R2(config-router)#area 0 authentication

R2(config)#interface s0/0/0

R2(config-if)#ip ospf authentication-key cisco

4.实验调试

（1）show ip ospf interface

R1#show ip ospf interface s0/0/0

Serial0/0/0 is up, line protocol is up

Internet Address 192.168.12.1/24, Area 0

Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 781

Transmit Delay is 1 sec, State POINT_TO_POINT

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:02

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 0, maximum is 1

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 0, Adjacent neighbor count is 0

Suppress hello for 0 neighbor(s)

Simple password authentication enabled

以上输出最后一行信息表明该接口启用了简单口令认证。

（2）show ip ospf

R1#show ip ospf

Routing Process "ospf 1" with ID 1.1.1.1

Supports only single TOS(TOS0) routes

......

Area BACKBONE(0)

Number of interfaces in this area is 2 (1 loopback)

Area has simple password authentication

SPF algorithm last executed 00:00:01.916 ago

SPF algorithm executed 5 times

Area ranges are

Number of LSA 2. Checksum Sum 0x010117

Number of opaque link LSA 0. Checksum Sum 0x000000

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Flood list length 0

以上输出表明区域0 采用简单口令认证。

（3）如果R1 区域0 没有启动认证，而R2 区域0 启动简单口令认证，则R2 上出现下面

的信息：

*Feb 10 11:03:03.071: OSPF: Rcv pkt from 192.168.12.1, Serial0/0/0 : Mismatch

Authentication type. Input packet specified type 0, we use type 1

（4）如果R1 和R2 的区域0 都启动简单口令认证，但是R2 的接口下没有配置密码或密

码错误，则R2 上出现下面的信息：

*Feb 10 10:55:53.071: OSPF: Rcv pkt from 192.168.12.1, Serial0/0/0 : Mismatch

Authentication Key - Clear Text