Разлика между версии на „OSPFv2 aвтентификация с MD5“

от БАРЗИКТ Wiki
Направо към: навигация, търсене
 
(3 intermediate revisions by the same user not shown)
Ред 1: Ред 1:
[[Category::Cisco]]
+
[[Category:Cisco]]
 +
[http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13697-25.html Sample Configuration for Authentication in OSPF]
 +
 
 
=Примерна топология=
 
=Примерна топология=
 
[[Файл:OSPF_MD5.png]]
 
[[Файл:OSPF_MD5.png]]
Ред 73: Ред 75:
 
ip ospf message-digest-key 1 md5 class
 
ip ospf message-digest-key 1 md5 class
 
ip ospf authentication message-digest
 
ip ospf authentication message-digest
 +
</pre>
 +
=Проверка на автентификацията=
 +
За да се провери автентификацията на даден интерфейс може да се използва командата '''show ip ospf interface''' ''interface''.
 +
 +
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-wrap; word-wrap: break-word">
 +
R1#sh ip ospf interface serial 0/0/0
 +
 +
Serial0/0/0 is up, line protocol is up
 +
  Internet address is 10.0.0.1/8, Area 0
 +
  Process ID 1, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64
 +
  Transmit Delay is 1 sec, State POINT-TO-POINT, Priority 0
 +
  No designated router on this network
 +
  No backup designated router on this network
 +
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
 +
    Hello due in 00:00:01
 +
  Index 1/1, flood queue length 0
 +
  Next 0x0(0)/0x0(0)
 +
  Last flood scan length is 1, maximum is 1
 +
  Last flood scan time is 0 msec, maximum is 0 msec
 +
  Neighbor Count is 1 , Adjacent neighbor count is 1
 +
    Adjacent with neighbor 10.0.0.2
 +
  Suppress hello for 0 neighbor(s)
 +
  Message digest authentication enabled
 +
    Youngest key id is 1
 +
</pre>
 +
=Ctrl+C/Ctrl+V=
 +
==R1==
 +
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-wrap; word-wrap: break-word">
 +
enable
 +
conf t
 +
hostname R1
 +
interface serial 0/0/0
 +
clock rate 4000000
 +
ip add 10.0.0.1 255.0.0.0
 +
ip ospf message-digest-key 1 md5 cisco
 +
ip ospf authentication message-digest
 +
no shut
 +
interface gigabitethernet 0/0
 +
ip address 172.16.0.1 255.255.0.0
 +
ip ospf message-digest-key 2 md5 class
 +
ip ospf authentication message-digest
 +
no shut
 +
router ospf 1
 +
router-id 1.1.1.1
 +
network 10.0.0.0 0.255.255.255 area 0
 +
network 172.16.0.0 0.0.255.255 area 0
 +
end
 +
</pre>
 +
==R2==
 +
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-wrap; word-wrap: break-word">
 +
enable
 +
conf t
 +
hostname R2
 +
interface serial 0/0/0
 +
ip address 10.0.0.2 255.0.0.0
 +
ip ospf message-digest-key 1 md5 cisco
 +
ip ospf authentication message-digest
 +
no shut
 +
exit
 +
router ospf 1
 +
router-id 2.2.2.2
 +
network 10.0.0.0 0.255.255.255 area 0
 +
end
 +
</pre>
 +
==R3==
 +
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap;white-space: -pre-wrap;white-space: -o-pre-wrap; word-wrap: break-word">
 +
enable
 +
conf t
 +
hostname R3
 +
interface gigabitethernet 0/0
 +
ip address 172.16.0.2 255.255.0.0
 +
ip ospf message-digest-key 1 md5 class
 +
ip ospf authentication message-digest
 +
no shut
 +
exit
 +
router ospf 1
 +
router-id 3.3.3.3
 +
network 172.16.0.0 0.0.255.255 area 0
 +
end
 
</pre>
 
</pre>

Текуща версия към 16:21, 23 юли 2015

Sample Configuration for Authentication in OSPF

Примерна топология

OSPF MD5.png

Първоначална конфигурация на устройствата

R1

hostname R1
interface serial 0/0/0
clock rate 4000000
ip add 10.0.0.1 255.0.0.0
no shut
interface gigabitethernet 0/0
ip address 172.16.0.1 255.255.0.0
exit
router ospf 1
router-id 1.1.1.1
network 10.0.0.0 0.255.255.255 area 0
network 172.16.0.0 0.0.255.255 area 0

R2

hostname R2
interface serial 0/0/0
ip address 10.0.0.2 255.0.0.0
no shut
exit
router ospf 1
router-id 2.2.2.2
network 10.0.0.0 0.255.255.255 area 0

R3

hostname R3
interface gigabitethernet 0/0
ip address 172.16.0.2 255.255.0.0
no shut
exit
router ospf 1
router-id 3.3.3.3
network 172.16.0.0 0.0.255.255 area 0

Конфигуриране на MD5 автентификация за OSPFv2

За да се активира MD5 автентификация за определен интерфейс при OSPFv2 се използват следните две команди:

  1. ip ospf message-digest-key номер md5 парола
  2. ip ospf authentication message-digest

Важно е да се отбележи, че след активирането на автентификацията, ако съседът не поддържа тази функционалност съседството се разпада. 

00:15:44: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.2 on Serial0/0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

MD5 автентификацията разчита на споделена парола, което означава, че съседите трябва да използват еднакъв ключ.

R1

interface serial 0/0/0
ip ospf message-digest-key 1 md5 cisco
ip ospf authentication message-digest

interface gigabitethernet0/0
ip ospf message-digest-key 2 md5 class
ip ospf authentication message-digest

R2

interface serial 0/0/0
ip ospf message-digest-key 1 md5 cisco
ip ospf authentication message-digest

R3

interface gigabitethernet0/0
ip ospf message-digest-key 1 md5 class
ip ospf authentication message-digest

Проверка на автентификацията

За да се провери автентификацията на даден интерфейс може да се използва командата show ip ospf interface interface. 

R1#sh ip ospf interface serial 0/0/0

Serial0/0/0 is up, line protocol is up
  Internet address is 10.0.0.1/8, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT-TO-POINT, Priority 0
  No designated router on this network
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:01
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1 , Adjacent neighbor count is 1
    Adjacent with neighbor 10.0.0.2
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

Ctrl+C/Ctrl+V

R1

enable
conf t
hostname R1
interface serial 0/0/0
clock rate 4000000
ip add 10.0.0.1 255.0.0.0
ip ospf message-digest-key 1 md5 cisco
ip ospf authentication message-digest
no shut
interface gigabitethernet 0/0
ip address 172.16.0.1 255.255.0.0
ip ospf message-digest-key 2 md5 class
ip ospf authentication message-digest
no shut
router ospf 1
router-id 1.1.1.1
network 10.0.0.0 0.255.255.255 area 0
network 172.16.0.0 0.0.255.255 area 0
end

R2

enable
conf t
hostname R2
interface serial 0/0/0
ip address 10.0.0.2 255.0.0.0
ip ospf message-digest-key 1 md5 cisco
ip ospf authentication message-digest
no shut
exit
router ospf 1
router-id 2.2.2.2
network 10.0.0.0 0.255.255.255 area 0
end

R3

enable
conf t
hostname R3
interface gigabitethernet 0/0
ip address 172.16.0.2 255.255.0.0
ip ospf message-digest-key 1 md5 class
ip ospf authentication message-digest
no shut
exit
router ospf 1
router-id 3.3.3.3
network 172.16.0.0 0.0.255.255 area 0
end
Взето от „http://wiki.ict.academy/index.php?title=OSPFv2_aвтентификация_с_MD5&oldid=292“.