基于链路的OSPF认证＋小结

R1(config)#router ospf 1
R1(config-router)#rou
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 1.1.1.0 0.0.0.255 a 0
R1(config-router)#net 192.168.12.0 0.0.0.255 a 0
R1(config-router)#
*Sep 21 21:36:37.807: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial2/0 from LOADING to FULL, Loading Done
R1(config-router)#exit
R1(config)#do sh ip route

CCNP
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial2/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 192.168.12.2, 00:01:35, Serial2/0
R1(config)#int s2/0
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
R1(config-if)#
*Sep 21 21:44:27.683: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial2/0 from LOADING to FULL, Loading Done
R1(config-if)#

--------------------------------------

思科视频下载

R2(config)#router ospf 1
R2(config-router)#router
R2(config-router)#router-id 2.2.2.2
R2(config-router)#net 2.2.2.0 0.0.0.255 a 0
R2(config-router)#net 192.168.12.0 0.0.0.255 a 0
R2(config-router)#exit
R2(config)#
*Sep 21 21:36:30.995: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial2/0 from LOADING to FULL, Loading Done
R2(config)#
*Sep 21 21:40:50.527: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial2/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R2(config)#int s2/0
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#^Z
R2#sh ip ospf int－－－－－－－显示结果
Serial2/0 is up, line protocol is up
Internet Address 192.168.12.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
Message digest authentication enabled----------说明启用了MD5认证
    Youngest key id is 1－－－－－－－－－－－－－且密钥ID是1
Loopback0 is up, line protocol is up
Internet Address 2.2.2.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
R2#

 ccie认证

 

小结：
在OSPF基于区域和基于链路的认证中，
1、链路验证优先于区域认证
2、区域认证在OSPF进程中宣告，而链路验证在接口下宣告
3、三种认证类型:0－－－表示不认证，默认此项；1－－－表示用简单口令认证；2－－－表示采用MD5认证

 

但没有见到配置不匹配时书中所说的提示

文章转载至思科网络技术论坛