OSPF区域 认证和接口认证
1.拓扑图
链接:https://pan.baidu.com/s/1PMB1a2RX2tE9rli1s8Dr5Q
提取码:8888
eNSP
链接:https://pan.baidu.com/s/1wP0vHim4yqVV0bc0wmzhFw
提取码:8888
2.网络需求
a. R1、R2、R3及R4运行OSPF;
b. 为保证骨干区域area0的安全性,需在area0开启区域认证,使用MD5的认证方式,密码为ht123123;
c. R3与R4之间开启OSPF接口认证,使用明文的认证方式,密码为ht123123;
3配置
在R1上开启area0区域认证:
[R1] ospf 1
[R1-ospf-1 ] area 0
[R1-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher ht123123
在R2上开启area0区域认证:
[R2] ospf 1
[R2-ospf-1 ] area 0
[R2-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher ht123123
在R3上开启area0区域认证:
[R3] ospf 1
[R3-ospf-1 ] area 0
[R3-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher ht123123
在R3上开启接口认证:
[R3] interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1] ospf authentication-mode simple cipher ht123123
在R4上开启接口认证:
[R4] interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0] ospf authentication-mode simple cipher ht123123
3.1R1的配置
[R1]display current-configuration
sysname R1
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 1.1.1.1
area 0.0.0.0
authentication-mode md5 1 cipher eMOYUK3q%IECB7Ie7’/)*{W#
network 192.168.12.0 0.0.0.255
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
3.2 R2的配置
[R2]display current-configuration
sysname R2
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.12.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.23.2 255.255.255.0
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 2.2.2.2
area 0.0.0.0
authentication-mode md5 1 cipher {>faE’2%[email protected]_G-B0Y2F|b#
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
3.3R3的配置
[R3]display current-configuration
sysname R3
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.23.3 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.34.3 255.255.255.0
ospf authentication-mode simple cipher I""Z~([email protected])'ani>"qh;&}_#
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 3.3.3.3
area 0.0.0.0
authentication-mode md5 1 cipher {>faE’2%o3ZypQCee$t3F|x#
network 192.168.23.0 0.0.0.255
network 192.168.34.0 0.0.0.255
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
3.4 R4的配置
[R4]display current-configuration
sysname R4
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
firewall zone Local
priority 16
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Serial0/0/0
link-protocol ppp
interface Serial0/0/1
link-protocol ppp
interface Serial0/0/2
link-protocol ppp
interface Serial0/0/3
link-protocol ppp
interface GigabitEthernet0/0/0
ip address 192.168.34.4 255.255.255.0
ospf authentication-mode simple cipher ;VXiQKc>-.ajUn1vMEIBP}P#
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
wlan
interface NULL0
ospf 1 router-id 4.4.4.4
area 0.0.0.1
network 192.168.34.0 0.0.0.255
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
return
4.配置完成后,可以做一下查看
5、R3、R4即可基于接口认证建立邻居关系