在OSPF協定裡面開啟MD5驗證

<b>實驗拓撲圖</b><b>:</b>

<a href="http://allanfan.blog.51cto.com/attachment/200910/27/520839_1256637832IWxA.png"></a>

實驗目的

在配置完OSPF協定以後,用show ip route 指令檢視每個路由表都能學到各自的路由,

當在R3上先配置啟用MD5認證以後,雖然R1上有到R3上的路由,但此時再到R1上來PING R3,你會發現是PING不通的,

隻有在所有路由器上都啟用了MD5認證以後彼此才能通信,這樣就增加了路由的安全性.

1. 起用OSPF協定,程序号 100

2. 啟用認證MD5

3. 啟用R2做DR R3做BDR

4. 設R1的COST值為 40

實驗指令

R1:

R2:

R3:

En

Conf t

Int s0/1

Ip add 150.17.232.1 255.255.254

No shutdown

Int loop 1

Ip add 1.1.1.1 255.255.255.0

Exit

啟用OSPF協定

Router ospf 100

Net 150.17.232.0 0.0.1.255 area 0

Net 1.1.1.1 0.0.0.0 area 0

exit

啟用MD5認證

Area 0 authentication message-digest

Ip ospf message-digest-key 1 md5 allan

設定R1的cost值為 40

ip ospf cost 40

Int s0/0

Ip add 150.17.232.2 255.255.254

Ip add 192.168.2.1 255.255.255.0

Ip add 2.2.2.2 255.255.255.0

Net 192.168.2.0 0.0.0.255 area 0

Net 2.2.2.2 0.0.0.0 area 0

設定R2為DR

ip ospf priority 100

Ip add 192.168.2.2 255.255.0

Ip add 3.3.3.3 255.255.255.0

Net 192.168.2.0 0 0.0.0.255 area 0

Net 3.3.3.3 0.0.0.0 area 0

設定R3為BDR

Ip ospf priority 60

R1的配置:

R1#show run

Building configuration...

*Mar 1 01:18:13.415: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1155 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname R1

boot-start-marker

boot-end-marker

no aaa new-model

memory-size iomem 5

ip cef

interface Loopback1

ip address 1.1.1.1 255.255.255.0

interface Serial0/0

no ip address

shutdown

serial restart-delay 0

interface Serial0/1

ip address 150.17.232.1 255.255.254.0

ip ospf message-digest-key 1 md5 cisco

interface Serial0/2

router ospf 100

log-adjacency-changes

area 0 authentication message-digest

network 1.1.1.1 0.0.0.0 area 0

network 150.17.232.0 0.0.1.255 area 0

ip http server

no ip http secure-server!

control-plane

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

End

R2的配置:

R2(config)#do show run

Current configuration : 1385 bytes

hostname R2

ip address 2.2.2.2 255.255.255.0

ip address 150.17.232.2 255.255.254.0

ip virtual-reassembly

ip address 192.168.2.1 255.255.255.0

network 2.2.2.2 0.0.0.0 area 0

network 192.168.2.0 0.0.0.255 area 0

no ip http secure-server

login

R3的配置:

R3#show run

Current configuration : 1164 bytes

no service password-encryption!

hostname R3

ip address 3.3.3.3 255.255.255.0

ip address 192.168.2.2 255.255.255.0

ip ospf priority 60

network 3.3.3.3 0.0.0.0 area 0

end

     本文轉自allanhi 51CTO部落格，原文連結：http://blog.51cto.com/allanfan/217554，如需轉載請自行聯系原作者