"Experimental purposes" OSPF authentication has 2 aspects one is the area authentication, the other is the interface authentication; The two must be combined to work. In the experiment, demonstrate how to use the
OSPF authentication. In the experiment we do the authentication in the area 0, and cooperate the attestation on the interface.
"Configure Steps"
(1) The specific configuration will be given at the end of the experiment, the topology is as follows
(2) Regional authentication configuration:
[R1-ospf-1-area-0.0.0.0]authentication-mode Simple
[R2-ospf-1-area-0.0.0.0]authentication-mode Simple
(3)
[R1-S0/6/0]OSPF Authentication-mode Simple Plain 123
[R2-S0/6/0]OSPF Authentication-mode Simple Plain 123
"Test Results"
(1) Before using authentication technology, let's look at the relationship between R1 and R2.
[R1]dis OSPF peer
OSPF Process 1 with Router ID 10.1.1.2
Neighbor Brief Information
area:0.0.0.0
Router ID address Pri dead-time Interface state
10.1.1.3 3.3.3.2 1 s0/6/0 full/-
[R2]dis OSPF peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
area:0.0.0.0
Router ID address Pri dead-time Interface state
10.1.1.2 3.3.3.1 1 s0/6/0 full/-
(2) in the R1 use of certification, and R2 did not use the certification time
[R1]dis OSPF peer
OSPF Process 1 with Router ID 10.1.1.2
Neighbor Brief Information
[R1]
[R2]dis OSPF peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
respectively on the R1 and R2 on the debugging OSPF packet found that they are constantly in the contract, R1 sent the Autype in the package is the 01,R2 of the package in the packet Autype
field is filled with the field is 00, after the Data autype field filled 00 means no certification, 01 fill for simple authentication, 02 fill for MD5 certification.
R1:*jan 21:44:26:62 2013 R1 RM/6/RMDEBUG:OSPF 1:send.
*jan 21:44:26:62 2013 R1 Rm/6/rmdebug:source address:3.3.3.1
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:destination address:224.0.0.5
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:ver# 2, Type:1, length:44.
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:router:10.1.1.2, area:0.0.0.0, checksum:61598.
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:autype:01, Key (ASCII): 31 32 33 0 0 0 0 0.
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:net mask:255.255.255.252, Hello int:10, Option: _e_.
*jan 21:44:26:62 2013 R1 rm/6/rmdebug:rtr priority:1, Dead int:40, dr:0.0.0.0, bdr:0.0.0.0.
R2:
*jan 21:45:11:484 2013 R2 RM/6/RMDEBUG:OSPF 1:send.
*jan 21:45:11:484 2013 R2 Rm/6/rmdebug:source address:3.3.3.2
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:destination address:224.0.0.5
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:ver# 2, Type:1, length:44.
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:router:10.1.1.3, area:0.0.0.0, checksum:61598.
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:autype:00, Key (ASCII): 0 0 0 0 0 0 0 0.
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:net mask:255.255.255.252, Hello int:10, Option: _e_.
*jan 21:45:11:484 2013 R2 rm/6/rmdebug:rtr priority:1, Dead int:40, dr:0.0.0.0, bdr:0.0.0.0.
(3) 2 devices have been used simple authentication, the two neighbors are normal
(4) Next we will change their certification mode to MD5 and then look at
[R1-ospf-1-area-0.0.0.0]authentication-mode MD5
[R2-ospf-1-area-0.0.0.0]authentication-mode MD5
(3)
[R1-S0/6/0]OSPF authentication-mode MD5 1 cipher ABCDE
[R2-S0/6/0]OSPF authentication-mode MD5 1 cipher ABCDE
You can still build a neighbor after the configuration is complete.
Additional Instructions:
When the passwords on both sides are not the same:
debugging OSPF packet discovery has been the contract
debugging OSPF event reported the following error: OSPF 1:OSPF received packet with mismatch authentication key.
If the R1 is configured with MD5 authentication, and R2 configures the
Then debugging OSPF event can be seen
R1 OSPF 1:OSPF received packet with mismatch authentication type:0.
R2 OSPF 1:OSPF received packet with mismatch authentication type:2.
R1 Debugging Information Display: to the end is not verified, I have no way to negotiate with him!