配置点到点链路OSPF及认证(6)
4、MD5认证:调试RA#sh ip route ospf
2.0.0.0/24 is subnetted, 1 subnets
O 2.2.2.0 via 10.0.0.2, 00:00:35, Serial1/0
3.0.0.0/24 is subnetted, 1 subnets
O 3.3.3.0 via 12.0.0.2, 00:00:35, Serial1/2
11.0.0.0/24 is subnetted, 1 subnets
O 11.0.0.0 via 12.0.0.2, 00:00:35, Serial1/2
via 10.0.0.2, 00:00:35, Serial1/0
RA#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/- 00:00:37 12.0.0.2 Serial1/2
2.2.2.2 0 FULL/- 00:00:37 10.0.0.2 Serial1/0
RA#sh ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Start time: 00:16:37.616, Time elapsed: 01:00:13.356
……
Cisco NSF helper support enabled
Area BACKBONE(0) -----区域0信息
Number of interfaces in this area is 3
Area has message digest authentication ----MD5认证
……
Flood list length 0
配置点到点链路OSPF及认证(6)
</p>RA#sh ip ospf int s1/2 -----查看接口信息Serial1/2 is up, line protocol is up
Internet Address 12.0.0.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
……
Suppress hello for 0 neighbor(s)
Message digest authentication enabled ----MD5认证信息
Youngest key id is 1
-----------------------------------------------------------------------------
(一)基于链路的认证
基于链路的认证也分为明文和MD5验证。其配置过程同基于区域的配置过程基本相同,但需要在各个路由器配置中去掉启用区域认证这一句(以RA为例):
RA(config)#router ospf 1
RA(config-router)#no area 0 auth message-digest -----去掉区域0启用MD5验证
调试方法也参考基于区域的认证。
====================================================
实验总结:在点到点链路上配置OSPF,邻居关系自动创建,没有DR/BDP选举。OSPF的验证分为基于区域和基于链路的认证两种,其中基于链路的认证优于基于区域的认证。
页:
[1]