OSPFv2 aвтентификация с MD5
от БАРЗИКТ Wiki
Sample Configuration for Authentication in OSPF
Съдържание
Примерна топология
Първоначална конфигурация на устройствата
R1
hostname R1 interface serial 0/0/0 clock rate 4000000 ip add 10.0.0.1 255.0.0.0 no shut interface gigabitethernet 0/0 ip address 172.16.0.1 255.255.0.0 exit router ospf 1 router-id 1.1.1.1 network 10.0.0.0 0.255.255.255 area 0 network 172.16.0.0 0.0.255.255 area 0
R2
hostname R2 interface serial 0/0/0 ip address 10.0.0.2 255.0.0.0 no shut exit router ospf 1 router-id 2.2.2.2 network 10.0.0.0 0.255.255.255 area 0
R3
hostname R3 interface gigabitethernet 0/0 ip address 172.16.0.2 255.255.0.0 no shut exit router ospf 1 router-id 3.3.3.3 network 172.16.0.0 0.0.255.255 area 0
Конфигуриране на MD5 автентификация за OSPFv2
За да се активира MD5 автентификация за определен интерфейс при OSPFv2 се използват следните две команди:
- ip ospf message-digest-key номер md5 парола
- ip ospf authentication message-digest
Важно е да се отбележи, че след активирането на автентификацията, ако съседът не поддържа тази функционалност съседството се разпада.
00:15:44: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.2 on Serial0/0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
MD5 автентификацията разчита на споделена парола, което означава, че съседите трябва да използват еднакъв ключ.
R1
interface serial 0/0/0 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest interface gigabitethernet0/0 ip ospf message-digest-key 2 md5 class ip ospf authentication message-digest
R2
interface serial 0/0/0 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest
R3
interface gigabitethernet0/0 ip ospf message-digest-key 1 md5 class ip ospf authentication message-digest
Проверка на автентификацията
За да се провери автентификацията на даден интерфейс може да се използва командата show ip ospf interface interface.
R1#sh ip ospf interface serial 0/0/0
Serial0/0/0 is up, line protocol is up
Internet address is 10.0.0.1/8, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64
Transmit Delay is 1 sec, State POINT-TO-POINT, Priority 0
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1 , Adjacent neighbor count is 1
Adjacent with neighbor 10.0.0.2
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Ctrl+C/Ctrl+V
R1
enable conf t hostname R1 interface serial 0/0/0 clock rate 4000000 ip add 10.0.0.1 255.0.0.0 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest no shut interface gigabitethernet 0/0 ip address 172.16.0.1 255.255.0.0 ip ospf message-digest-key 2 md5 class ip ospf authentication message-digest no shut router ospf 1 router-id 1.1.1.1 network 10.0.0.0 0.255.255.255 area 0 network 172.16.0.0 0.0.255.255 area 0 end
R2
enable conf t hostname R2 interface serial 0/0/0 ip address 10.0.0.2 255.0.0.0 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest no shut exit router ospf 1 router-id 2.2.2.2 network 10.0.0.0 0.255.255.255 area 0 end
R3
enable conf t hostname R3 interface gigabitethernet 0/0 ip address 172.16.0.2 255.255.0.0 ip ospf message-digest-key 1 md5 class ip ospf authentication message-digest no shut exit router ospf 1 router-id 3.3.3.3 network 172.16.0.0 0.0.255.255 area 0 end
