在OSPF协议里面开启MD5验证

实验拓扑图:

实验目的

在配置完OSPF协议以后,用show ip route 命令查看每个路由表都能学到各自的路由,

当在R3上先配置启用MD5认证以后,虽然R1上有到R3上的路由,但此时再到R1上来PING R3,你会发现是PING不通的,

只有在所有路由器上都启用了MD5认证以后彼此才能通信,这样就增加了路由的安全性.

1. 起用OSPF协议,进程号 100

2. 启用认证MD5

3. 启用R2做DR R3做BDR

4. 设R1的COST值为 40

实验命令

R1:	R2:	R3:
En Conf t Int s0/1 Ip add 150.17.232.1 255.255.254 No shutdown Int loop 1 Ip add 1.1.1.1 255.255.255.0 Exit 启用OSPF协议 Conf t Router ospf 100 Net 150.17.232.0 0.0.1.255 area 0 Net 1.1.1.1 0.0.0.0 area 0 exit 启用MD5认证 Conf t Router ospf 100 Area 0 authentication message-digest Exit Int s0/1 Ip ospf message-digest-key 1 md5 allan 设置R1的cost值为 40 Conf t Int s0/1 ip ospf cost 40	En Conf t Int s0/0 Ip add 150.17.232.2 255.255.254 No shutdown Int s0/1 Ip add 192.168.2.1 255.255.255.0 Int loop 1 Ip add 2.2.2.2 255.255.255.0 Exit 启用OSPF协议 Conf t Router ospf 100 Net 150.17.232.0 0.0.1.255 area 0 Net 192.168.2.0 0.0.0.255 area 0 Net 2.2.2.2 0.0.0.0 area 0 exit 启用MD5认证 Conf t Router ospf 100 Area 0 authentication message-digest Exit Int s0/0 Ip ospf message-digest-key 1 md5 allan Int s0/1 Ip ospf message-digest-key 1 md5 allan 设置R2为DR Int s0/0 ip ospf priority 100 Exit	En Conf t Int s0/0 Ip add 192.168.2.2 255.255.0 No shutdown Int loop 1 Ip add 3.3.3.3 255.255.255.0 Exit 启用OSPF协议 Conf t Router ospf 100 Net 192.168.2.0 0 0.0.0.255 area 0 Net 3.3.3.3 0.0.0.0 area 0 exit 启用MD5认证 Conf t Router ospf 100 Area 0 authentication message-digest Exit Int s0/0 Ip ospf message-digest-key 1 md5 allan 设置R3为BDR Conf t Int s0/0 Ip ospf priority 60

R1的配置:

R1#show run

Building configuration...

*Mar 1 01:18:13.415: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1155 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname R1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

ip cef

!

interface Loopback1

ip address 1.1.1.1 255.255.255.0

interface Serial0/0

no ip address

shutdown

serial restart-delay 0

interface Serial0/1

ip address 150.17.232.1 255.255.254.0

ip ospf message-digest-key 1 md5 cisco

ip ospf cost 40

serial restart-delay 0

interface Serial0/2

no ip address

shutdown

serial restart-delay 0

router ospf 100

log-adjacency-changes

area 0 authentication message-digest

network 1.1.1.1 0.0.0.0 area 0

network 150.17.232.0 0.0.1.255 area 0

ip http server

no ip http secure-server!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

!

End

R2的配置:

R2(config)#do show run

Building configuration...

Current configuration : 1385 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

interface Loopback1

ip address 2.2.2.2 255.255.255.0

!

interface Serial0/0

ip address 150.17.232.2 255.255.254.0

ip virtual-reassembly

ip ospf message-digest-key 1 md5 cisco

ip ospf priority 100

serial restart-delay 0

!

interface Serial0/1

ip address 192.168.2.1 255.255.255.0

ip virtual-reassembly

ip ospf message-digest-key 1 md5 cisco

serial restart-delay 0

!

interface Serial0/2

no ip address

ip virtual-reassembly

serial restart-delay 0

!

router ospf 100

log-adjacency-changes

area 0 authentication message-digest

network 2.2.2.2 0.0.0.0 area 0

network 150.17.232.0 0.0.1.255 area 0

network 192.168.2.0 0.0.0.255 area 0

!

ip http server

no ip http secure-server

!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

End

R3的配置:

R3#show run

Building configuration...

Current configuration : 1164 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption!

hostname R3

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

interface Loopback1

ip address 3.3.3.3 255.255.255.0

!

interface Serial0/0

ip address 192.168.2.2 255.255.255.0

ip ospf message-digest-key 1 md5 cisco

ip ospf priority 60

serial restart-delay 0

!

interface Serial0/1

no ip address

shutdown

serial restart-delay 0

router ospf 100

log-adjacency-changes

area 0 authentication message-digest

network 3.3.3.3 0.0.0.0 area 0

network 192.168.2.0 0.0.0.255 area 0

!

ip http server

no ip http secure-server

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

     本文转自allanhi 51CTO博客，原文链接：http://blog.51cto.com/allanfan/217554，如需转载请自行联系原作者