本文显示OSPF认证的示例配置。 OSPF 支持两纯文本和MD5认证。当您配置认证时,您 必须用认证的同样类型配置一个整个区域。开始在? Cisco IOS 12.0.8,认证在单个交换面基础上 在co.com/MT/eval/zh/nopage.html">RFC 2328 支持,如 被提及,附录D 。此功能在Bug CSCdk33792添 加了。如果是 注册的CCO用户 并且登录了,您能查看Bug详细信息。
请采取以下网络例如。
网络图
纯文本认证的配置
纯文本认证为安全是 有用的在执行OSPF重新配置,而不是。纯文本认证密码不必 须是相同在区域过程中,但是他们必须是同样在相邻之间。
--------------------------------------------------------
R4-4K
interface Loopback0
ip address 70.70.70.70 255.255.255.255
!
interface Serial2
ip address 192.16.64.2 255.255.255.0
ip ospf authentication-key kal
!
router ospf 10
network 192.16.64.0 0.0.0.255 area 0
network 70.0.0.0 0.255.255.255 area 0
area 0 authentication
---------------------------------------------------------------
R1-7010
interface Loopback0
ip address 172.16.10.36 255.255.255.240
!
interface Serial1/0
ip address 192.16.64.1 255.255.255.0
ip ospf authentication-key kal
!
router ospf 10
network 172.16.0.0 0.0.255.255 area 0
network 192.16.64.0 0.0.0.255 area 0
area 0 authentication
调试与验证提示
Here's debug output for R1-7010:
R1-7010#debug ip ospf adj
OSPF: Receive dbd from 70.70.70.70 seq 0x14B
OSPF: 2 Way Communication to neighbor 70.70.70.70
OSPF: send DBD packet to 192.16.64.2 seq 0x1797
OSPF: Receive dbd from 70.70.70.70 seq 0x1797
OSPF: NBR Negotiation Done We are the MASTER
OSPF: send DBD packet to 192.16.64.2 seq 0x1798
OSPF: Database request to 70.70.70.70
OSPF: sent LS REQ packet to 192.16.64.2, length 12
OSPF: Receive dbd from 70.70.70.70 seq 0x1798
OSPF: send DBD packet to 192.16.64.2 seq 0x1799
OSPF: Receive dbd from 70.70.70.70 seq 0x1799
OSPF: Exchange Done with neighbor 70.70.70.70
OSPF: Synchronized with neighbor 70.70.70.70, state:FULL
OSPF: Build router LSA, router ID 172.16.13.1
R1-7010#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
70.70.70.70 1 FULL/ - 00:00:36 192.16.64.2 Serial1/0
R1-7010#show ip route
O 70.70.70.70 [110/65] via 192.16.64.2, 00:01:27, Serial1/0
C 192.16.64.0/24 is directly connected, Serial1/0
