HCNA-31 配置OSPF的认证

admin · 发表于 2021-2-5 17:12:03

HCNA-31 配置OSPF的认证

基本配置

<Huawei>system-view

[Huawei]sysnamer1

[r1]interfaceloopback 0 //创建环回口环回接口号为0

[r1-LoopBack0]ipaddress 1.1.1.1 32

[r1-LoopBack0]quit

[r1]interfaceGigabitEthernet 0/0/0

[r1-GigabitEthernet0/0/0]ipaddress 172.16.12.1 24

[r1-GigabitEthernet0/0/0]quit

<Huawei>system-view

[Huawei]sysnamer2

[r2]interfaceloopback 0

[r2-LoopBack0]ipaddress 2.2.2.2 32

[r2-LoopBack0]quit

[r2]interfaceGigabitEthernet 0/0/0

[r2-GigabitEthernet0/0/0]ipaddress 172.16.12.2 24

[r2-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r2-GigabitEthernet0/0/1]ipaddress 172.16.24.2 24

[r2-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2

[r2-GigabitEthernet0/0/2]ipaddress 172.16.23.2 24

[r2-GigabitEthernet0/0/2]quit

[r2]displayip interface brief

<Huawei>system-view

[Huawei]sysnamer3

[r3]interfaceloopback 0

[r3-LoopBack0]ipaddress 3.3.3.3 32

[r3-LoopBack0]quit

[r3]interfaceGigabitEthernet 0/0/0

[r3-GigabitEthernet0/0/0]ipaddress 172.16.35.3 24

[r3-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r3-GigabitEthernet0/0/1]ipaddress 172.16.36.3 24

[r3-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2

[r3-GigabitEthernet0/0/2]ipaddress 172.16.23.3 24

[r3-GigabitEthernet0/0/2]quit

[r3]displayip interface brief

<Huawei>system-view

[Huawei]sysnamer4

[r4]interfaceloopback 0

[r4-LoopBack0]ipaddress 4.4.4.4 32

[r4-LoopBack0]interfaceGigabitEthernet 0/0/0

[r4-GigabitEthernet0/0/0]ipaddress 172.16.24.4 24

[r4-GigabitEthernet0/0/0]quit

<Huawei>system-view

[Huawei]sysnamer5

[r5]interfaceloopback 0

[r5-LoopBack0]ipaddress 5.5.5.5 32

[r5-LoopBack0]interfaceGigabitEthernet 0/0/0

[r5-GigabitEthernet0/0/0]ipaddress 172.16.35.5 24

[r5-GigabitEthernet0/0/0]quit

<Huawei>system-view

[Huawei]sysnamer6

[r6]interfaceloopback 0

[r6-LoopBack0]ipaddress 6.6.6.6 32

[r6-LoopBack0]interfaceGigabitEthernet 0/0/0

[r6-GigabitEthernet0/0/0]ipaddress 172.16.36.6 24

[r6-GigabitEthernet0/0/0]quit

配置OSPF及区域认证

[r1]ospf1 //创建OSPF 进程ID为1

[r1-ospf-1]area1 //创建非骨干区域1

[r1-ospf-1-area-0.0.0.1]network1.1.1.1 0.0.0.0 //宣告参与OSPF网段

[r1-ospf-1-area-0.0.0.1]network172.16.12.0 0.0.0.255

[r1-ospf-1-area-0.0.0.1]authentication-modesimple plain admin //身份验证模式简单的明文（区域认证）

[r1-ospf-1-area-0.0.0.1]displaythis

[V200R003C00]

#

area 0.0.0.1

authentication-mode simple plain admin

network 1.1.1.1 0.0.0.0

network 172.16.12.0 0.0.0.255

[r2]ospf1

[r2-ospf-1]area1

[r2-ospf-1-area-0.0.0.1]network172.16.12.0 0.0.0.255

[r2-ospf-1-area-0.0.0.1]network172.16.24.0 0.0.0.255

[r2-ospf-1-area-0.0.0.1]authentication-modesimple plain admin

[r2-ospf-1-area-0.0.0.1]quit

[r2-ospf-1]area0 //创建骨干区域 0

[r2-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255

[r2-ospf-1-area-0.0.0.0]network2.2.2.2 0.0.0.0

[r2-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234 //身份验证模式 MD5 加密

[r3]ospf1

[r3-ospf-1]area0

[r3-ospf-1-area-0.0.0.0]network3.3.3.3 0.0.0.255

[r3-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255

[r3-ospf-1-area-0.0.0.0]network172.16.35.0 0.0.0.255

[r3-ospf-1-area-0.0.0.0]network172.16.36.0 0.0.0.255

[r3-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r4]ospf1

[r4-ospf-1]area1

[r4-ospf-1-area-0.0.0.1]network4.4.4.4 0.0.0.0

[r4-ospf-1-area-0.0.0.1]network172.16.24.0 0.0.0.255

[r4-ospf-1-area-0.0.0.1]authentication-modesimple plain admin

[r5]ospf1

[r5-ospf-1]area0

[r5-ospf-1-area-0.0.0.0]network5.5.5.5 0.0.0.0

[r5-ospf-1-area-0.0.0.0]network172.16.35.0 0.0.0.255

[r5-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r6]ospf1

[r6-ospf-1]area0

[r6-ospf-1-area-0.0.0.0]network6.6.6.6 0.0.0.0

[r6-ospf-1-area-0.0.0.0]network172.16.36.0 0.0.0.255

[r6-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

配置OSPF R2与R3之间的链路认证

[r2]interfaceGigabitEthernet 0/0/2

[r2-GigabitEthernet0/0/2]ospfauthentication-mode md5 1 cipher zurkj.com

[r2-GigabitEthernet0/0/2]displayospf peer //显示OSPF 邻居状态

OSPF Process 1 with Router ID 2.2.2.2

Neighbors

Area 0.0.0.1 interface172.16.12.2(GigabitEthernet0/0/0)'s neighbors

Router ID: 1.1.1.1 Address: 172.16.12.1

State: Full Mode:Nbr is Slave Priority: 1

DR: 172.16.12.2 BDR: 172.16.12.1 MTU: 0

Dead timer due in 38 sec

Retrans timer interval: 5

Neighbor is up for 00:30:11

Authentication Sequence: [ 0 ]

Neighbors

Area 0.0.0.1 interface172.16.24.2(GigabitEthernet0/0/1)'s neighbors

Router ID: 4.4.4.4 Address: 172.16.24.4

State: Full Mode:Nbr is Master Priority: 1

DR: 172.16.24.2 BDR: 172.16.24.4 MTU: 0

Dead timer due in 40 sec

Retrans timer interval: 5

Neighbor is up for 00:15:43

Authentication Sequence: [ 0 ]

R3不在OSPF邻居之中了。

需要把R3的GE 0/0/2同样配置成接口认证

[r3]interfaceGigabitEthernet 0/0/2

[r3-GigabitEthernet0/0/2]ospfauthentication-mode md5 1 cipher zurkj.com

再次看R2的OSPF邻居状态

[r2-GigabitEthernet0/0/2]displayospf peer

OSPF Process 1 with Router ID 2.2.2.2

Neighbors

Area 0.0.0.0 interface172.16.23.2(GigabitEthernet0/0/2)'s neighbors

Router ID: 3.3.3.3 Address: 172.16.23.3

State: Full Mode:Nbr is Master Priority: 1

DR: 172.16.23.3 BDR: 172.16.23.2 MTU: 0

Dead timer due in 34 sec

Retrans timer interval: 5

Neighbor is up for 00:01:12

Authentication Sequence: [ 4963]

Neighbors

Area 0.0.0.1 interface172.16.12.2(GigabitEthernet0/0/0)'s neighbors

Router ID: 1.1.1.1 Address: 172.16.12.1

State: Full Mode:Nbr is Slave Priority: 1

DR: 172.16.12.2 BDR: 172.16.12.1 MTU: 0

Dead timer due in 34 sec

Retrans timer interval: 5

Neighbor is up for 00:33:29

Authentication Sequence: [ 0 ]

Neighbors

Area 0.0.0.1 interface172.16.24.2(GigabitEthernet0/0/1)'s neighbors

Router ID: 4.4.4.4 Address: 172.16.24.4

State: Full Mode:Nbr is Master Priority: 1

DR: 172.16.24.2 BDR: 172.16.24.4 MTU: 0

Dead timer due in 37 sec

Retrans timer interval: 5

Neighbor is up for 00:19:01

Authentication Sequence: [ 0 ]

R3又回来了，完成了OSPF链路认证。

[r2]display ospf peer brief //查看OSPF 邻居简要信息

OSPF Process 1 with Router ID 3.3.3.3

Peer Statistic Information

----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full

0.0.0.0 GigabitEthernet0/0/1 6.6.6.6 Full

0.0.0.0 GigabitEthernet0/0/2 2.2.2.2 Full

----------------------------------------------------------------------------

[r3]displayospf peer brief

OSPF Process 1 with Router ID 3.3.3.3

Peer Statistic Information

----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full

0.0.0.0 GigabitEthernet0/0/1 6.6.6.6 Full

0.0.0.0 GigabitEthernet0/0/2 2.2.2.2 Full

----------------------------------------------------------------------------

Ping 测试：

<r1>ping -a 1.1.1.1 172.16.36.6

PING 172.16.36.6: 56 data bytes, press CTRL_C to break

Reply from 172.16.36.6: bytes=56 Sequence=1ttl=253 time=30 ms

Reply from 172.16.36.6: bytes=56 Sequence=2ttl=253 time=30 ms

Reply from 172.16.36.6: bytes=56 Sequence=3ttl=253 time=50 ms

Reply from 172.16.36.6: bytes=56 Sequence=4ttl=253 time=40 ms

Reply from 172.16.36.6: bytes=56 Sequence=5ttl=253 time=30 ms

--- 172.16.36.6 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 30/36/50 ms

		自动登录	找回密码
密码			立即注册

HCNA-31 配置OSPF的认证

本帖子中包含更多资源