OSPF邻居认证实际案例（配图）＋详细验证过程

邻居认证使得路由器确认每次所收到的路由更新的源。如果关键字不匹配，就会拒绝路由更新。 Cisco使用两种类型的邻居认证：纯文本和MD5。 纯文本认证发一个关键字，这个关键字是明文传输，可被非法用户所窃取，所以不推荐使用。 MD5认证发一个报文摘要，而不是关键字。MD5被用来生成一个关键字的散列。这个散列是被发送的对象。MD5方式不易被非法用户所窃取。 这个案例中，我们在R1与R2之间使用明文认证，在R2与R3之间使用MD5认证。 // R1 // int e0/0 ip ad 192.1.1.1 255.255.255.0 ip ospf authentication-key cisco //明文认证，关键字为cisco router os 1 network 192.1.1.1 0.0.0.0 area 0 area 0 authentication // R2 // int e0/0 ip ad 192.1.1.2 255.255.255.0 ip ospf authentication-key cisco //明文认证，关键字为cisco int e1/0 ip ad 193.1.1.2 255.255.255.0 ip ospf message-digest-key 1 md5 cracker router os 1 network 192.1.1.2 0.0.0.0 area 0 network 193.1.1.2 0.0.0.0 area 1 area 0 authentication area 1 authentication message-digest // R3 // int e1/0 ip ad 193.1.1.3 255.255.255.0 ip ospf message-digest-key 1 md5 cracker router os 1 network 193.1.1.3 0.0.0.0 a 1 area 1 authentication message-digest 验证过程： r1#sh ip os int e0/0
Ethernet0/0 is up, line protocol is up
Internet Address 192.1.1.1/24, Area 0
Process ID 1, Router ID 192.1.1.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 193.1.1.2, Interface address 192.1.1.2
Backup Designated router (ID) 192.1.1.1, Interface address 192.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 193.1.1.2 (Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled r2#sh ip os int e0/0
Ethernet0/0 is up, line protocol is up
Internet Address 192.1.1.2/24, Area 0
Process ID 1, Router ID 193.1.1.2, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 193.1.1.2, Interface address 192.1.1.2
Backup Designated router (ID) 192.1.1.1, Interface address 192.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.1.1.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled r2#sh ip os int e1/0
Ethernet1/0 is up, line protocol is up
Internet Address 193.1.1.2/24, Area 1
Process ID 1, Router ID 193.1.1.2, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 193.1.1.2, Interface address 193.1.1.2
Backup Designated router (ID) 193.1.1.3, Interface address 193.1.1.3
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 193.1.1.3 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1 r3#sh ip os int e1/0
Ethernet1/0 is up, line protocol is up
Internet Address 193.1.1.3/24, Area 1
Process ID 1, Router ID 193.1.1.3, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 193.1.1.2, Interface address 193.1.1.2
Backup Designated router (ID) 193.1.1.3, Interface address 193.1.1.3
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 193.1.1.2 (Designated Router)
Suppress hello for 0 neighbor(s)

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!