华为基于区域和接口的OSPF的认证方式
华为基于区域和接口的OSPF的认证方式一、基本OSPF 区域的认证配置方法R1<Huawei>system-viewsysnamer1routerid 1.1.1.1interfaceloopback 0ipaddress 1.1.1.1 32quitinterface GigabitEthernet 0/0/0ipaddress 192.168.12.1 24quitospf1area0network 1.1.1.1 0.0.0.0network192.168.12.0 0.0.0.255authentication-modemd5 1 cipher admin1234//基于区域的认证,认证模式为md5加密,KEY ID密钥编号一般写1,密码为admin1234;习惯性先宣告网络,再配置认证;return
R2<Huawei>system-viewsysnamer2routerid 2.2.2.2interfaceloopback 0ipaddress 2.2.2.2 32quitinterface GigabitEthernet 0/0/0ipaddress 192.168.12.2 24quitospf1area0network2.2.2.2 0.0.0.0network192.168.12.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r2>system-viewinterface GigabitEthernet 0/0/1ip address 192.168.23.2 24ospf1area1network192.168.23.0 0.0.0.255authentication-modemd5 1 cipher admin2345return
R3<Huawei>system-viewsysnamer3routerid 3.3.3.3interfaceloopback 0ipaddress 3.3.3.3 32quitinterfaceGigabitEthernet 0/0/0ipaddress 192.168.23.3 24 quitospf1area1network3.3.3.3 0.0.0.0network192.168.23.0 0.0.0.255authentication-modemd5 1 cipher admin2345return<r3>system-viewinterfaceGigabitEthernet 0/0/1ipaddress 192.168.34.3 24 quitospf1area2network192.168.34.0 0.0.0.255authentication-modemd5 1 cipher admin3456return
R4sysname r4router id 4.4.4.4interfaceloopback 0ipaddress 4.4.4.4 32quitinterface GigabitEthernet 0/0/0ip address 192.168.34.4 24quitnetwork4.4.4.4 0.0.0.0network192.168.34.0 0.0.0.255authentication-modemd5 1 cipher admin3456return
R2(配置Vlink虚连接)ospf1vlink-peer3.3.3.3return
R3ospf1area1vlink-peer2.2.2.2return<r3>display ospf vlink OSPF Process 1 with Router ID 3.3.3.3 Virtual Links Virtual-link Neighbor-id-> 2.2.2.2, Neighbor-State: Down Interface: 192.168.23.3 (GigabitEthernet0/0/0) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: Normal因为骨干区域配置了认证,导致Vlink的邻居状态是Down!假设区域2与骨干区域相连,则同样在R3区域0中配配置认证;区域2与骨干区域相连,R3路由会扮演ABR(其它区域与骨干区域相连的边界路由)的角色,那么配置认证就在R3配置的Vlink区域1中进行。ospf1area0authentication-modemd5 1 cipher admin1234return再次显示vlink邻居状态<r3>displayospf vlink OSPF Process 1 with Router ID 3.3.3.3 Virtual Links Virtual-link Neighbor-id-> 2.2.2.2, Neighbor-State: Full Interface: 192.168.23.3 (GigabitEthernet0/0/0) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: Normal<r2>displayospf vlink OSPF Process 1 with Router ID 2.2.2.2 Virtual Links Virtual-link Neighbor-id-> 3.3.3.3, Neighbor-State: Full Interface: 192.168.23.2 (GigabitEthernet0/0/1) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: NormalR3与R2的Vlink邻居状态为FULL!!说明邻居建立成功;再看路由表:<r1>display ip routing-table
<r4>display ip routing-table
路由表全部学习完成;二、基于接口OSPF认证的配置方法R1area0undoauthentication-mode// undo原有的区域认证return<r1>system-viewinterfaceGigabitEthernet 0/0/0ospfauthentication-mode md5 1 cipher admin1234
R2ospf1area0undoauthentication-modereturn<r2>system-viewinterface GigabitEthernet 0/0/0ospfauthentication-mode md5 1 cipher admin1234此时看一下VLink的邻居状态displayospf vlink OSPF Process 1 with Router ID 2.2.2.2 Virtual Links Virtual-link Neighbor-id-> 3.3.3.3, Neighbor-State: Down Interface: 192.168.23.2 (GigabitEthernet0/0/1) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: Normal邻居又成为了Down状态;尝试关闭区域2边界路由R3的区域0认证;ospf1area0undoauthentication-mode区域0认证方式被取消,VLink邻居再次成为FULL状态;displayospf vlink OSPF Process 1 with Router ID 2.2.2.2 Virtual Links Virtual-link Neighbor-id-> 3.3.3.3, Neighbor-State: Full Interface: 192.168.23.2 (GigabitEthernet0/0/1) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: Normaldisplayospf vlink OSPF Process 1 with Router ID 3.3.3.3 Virtual Links Virtual-link Neighbor-id-> 2.2.2.2, Neighbor-State: Full Interface: 192.168.23.3 (GigabitEthernet0/0/0) Cost:1State: P-2-PType: Virtual Transit Area: 0.0.0.1 Timers: Hello 10 , Dead 40 , Retransmit 5 ,Transmit Delay 1 GR State: Normal 其他接口认证不再赘述,方法相同。最终测试一下互通:<r1>ping-a 1.1.1.1 2.2.2.2PING 2.2.2.2: 56data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=110 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms---2.2.2.2 ping statistics --- 5packet(s) transmitted 5packet(s) received 0.00% packet lossround-trip min/avg/max =10/38/110 ms<r1>ping-a 1.1.1.1 3.3.3.3PING3.3.3.3: 56data bytes, press CTRL_C tobreak Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=100 ms Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=20 ms Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms---3.3.3.3 ping statistics --- 5packet(s) transmitted 5packet(s) received 0.00% packet lossround-trip min/avg/max =20/42/100 ms<r1>ping-a 1.1.1.1 4.4.4.4PING 4.4.4.4: 56data bytes, press CTRL_C to break Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=180 ms Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=40 ms Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=40 ms Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=50 ms Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=40 ms---4.4.4.4 ping statistics --- 5packet(s) transmitted 5packet(s) received 0.00% packet loss round-trip min/avg/max = 40/70/180 ms
页:
[1]
