OSPF虚链路认证
OSPF实验5:OSPF认证完整总结
OSPF实验5:OSPF认证完整总结实验等级:Expert实验拓扑:实验说明:OSPF的认证有2种类型(确切说是3种),其中type0表示无认证,type1表示明文认证,type2表示MD5认证。
明文认证发送密码进行认证,而MD5认证发送的是报文摘要。
有关MD5的详细信息,可以参阅RFC1321.OSPF的认证可以在链路上进行,也可以在整个区域内进行认证。
另外虚链路同样也可以进行认证。
实验基本配置:R1:interface Loopback0ip address 1.1.1.1 255.255.255.0!interface FastEthernet0/0ip address 21.1.1.1 255.255.255.0 duplex half!router ospf 10router-id 1.1.1.1log-adjacency-changesnetwork 10.1.1.0 0.0.0.255 area 0 network 21.1.1.0 0.0.0.255 area 0 R2:interface Loopback0ip address 2.2.2.2 255.255.255.0 !interface FastEthernet0/0ip address 21.1.1.2 255.255.255.0 duplex half!interface Serial1/0ip address 10.1.1.2 255.255.255.0 serial restart-delay 0!interface Serial1/1ip address 11.1.1.1 255.255.255.0 serial restart-delay 0!router ospf 10router-id 2.2.2.2log-adjacency-changesarea 1 virtual-link 3.3.3.3 network 10.1.1.0 0.0.0.255 area 0 network 11.1.1.0 0.0.0.255 area 1 network 21.1.1.0 0.0.0.255 area 0 R3:interface Loopback0ip address 3.3.3.3 255.255.255.0 !interface Serial1/0ip address 11.1.1.2 255.255.255.0 serial restart-delay 0!router ospf 10router-id 3.3.3.3log-adjacency-changesarea 1 virtual-link 2.2.2.2network 3.3.3.0 0.0.0.255 area 2network 11.1.1.0 0.0.0.255 area 1认证配置:1.在R1和R2的串行链路上进行OSPF明文认证:首先先在R1上做如下配置,看在R1配置完认证,R2还没有配置认证的时候的情况:R1(config)#int s1/0R1(config-if)#ip ospf authentication(启用认证)R1(config-if)#ip ospf authentication-key cisco(配置密码)通过debug工具我们可以看到如下信息:*Aug 15 22:51:54.275: OSPF: Rcv pkt from 10.1.1.2, Serial1/0 : MismatchAuthentication type. Input packet specified type 0, we use type 1这里的type0是指对方没有启用认证,type1是明文认证。
OSPF-五种网络类型(广播、NBMA、点到点等)
OSPF五种网络类型解说——————————————————————————————————————————OSPF链路类型有3种:点到点,广播型,NBMA。
在3种链路类型上扩展出5种网络类型:点到点,广播,NBMA,点到多点,虚链路。
其中虚链路较为特殊,不针对具体链路,而NBMA 链路对应NBMA和点到多点两种网络类型。
以上是RFC的定义,在Cisco路由器的实现上,我们应记为3种链路类型扩展出8种网络类型,其中NBMA链路就对应5种,即在RFC的定义基础上又增加了3种类型。
首先分析一下3种链路类型的特点:1. 点到点:一个网络里仅有2个接口,使用HDLC或PPP封装,不需寻址,地址字段固定为FF2. 广播型:广播型多路访问,目前而言指的就是以太网链路,涉及IP 和Mac,用ARP实现二层和三层映射。
3. NBMA:网络中允许存在多台Router,物理上链路共享,通过二层虚链路(VC)建立逻辑上的连接。
NBMA网络不是没有广播的能力,而是广播针对每一条VC发送,这样就使得一台路由器在不是Full-Mesh的NBMA拓扑中,发送的广播或组播分组可能无法到达其他所有路由器。
在点到点链路上运行OSPF没有必要选举DR,因为就是两点一线,简单得很;而在NBMA网络中运行OSPF由于是多路访问,DR可以存在,通过调整成手动发现邻居可以防止过多的Hello 开销。
下面具体分析一下RFC中定义的5种网络类型:1. 点到点串行封装HDLC或PPP,OSPF会自动检测接口类型(发现封装模式为PPP或HDLC,就认为是点到点),OSPF数据包使用224.0.0.5发送,不知道DR是什么东西,就知道对端是谁,OSPF hello间隔为10s,失效为40s。
2. 广播型选举DR/BDR,自动发现邻居。
Hello间隔为10s,失效为40s (这里比较一下,NBMA类型的 Hello和Dead 隔分别为30s 和120s。
OSPF虚链路(virtual-link)配置
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.0.0.0 [110/128] via 12.0.0.2, 00:00:13, Serial2/1
interface Serial2/1
ip address 34.0.0.4 255.255.255.0
router ospf 1
log-adjacency-changes
network 34.0.0.0 0.0.0.255 area 4
基本配置完成后,我们在每台路由器上分别来验证一下:
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.0.0.0 [110/128] via 12.0.0.2, 00:01:24, Serial2/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.0.0.0 is directly connected, Serial2/1
//注意R1上有关于23.0.0.0的路由条目,是属于IA类型(域间路由)
R2#show ip os nei
Neighbor ID Pri State Dead Time Address Interface
R4#show ip route
34.0.0.0/24 is subnetted, 1 subnets
OSPF的验证机制
实验目的:掌握OSPF协议的所有验证的类型和验证强度。
实验步骤:一、按照拓扑,将所有路由器的接口基本配置及ospf完成,使得整个OSPF全互联。
二、在R3和R4 之间进行链路验证。
(1)链路的明文验证首先在R3上查看邻居表,与R4的关系处于FULL状态R3#sh ip os neiNeighbor ID Pri State Dead Time Address Interface2.2.2.2 0 FULL/ - 00:00:38 192.168.23.2 Serial0/14.4.4.4 0 FULL/ - 00:00:35 192.168.34.4 Serial0/0R3(config)#int s0/0R3(config-if)#ip ospf authentication-key jhy //密钥R3(config-if)#ip ospf authentication //声明实验现象:R3(config-if)#*Mar 1 00:14:07.471: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Serial0/0 from FULL to DOWN,Neighbor Down: Dead timer expired //邻居关系DOWN了R3#sh ip os nei//查看邻居表Neighbor ID Pri State Dead Time Address Interface2.2.2.2 0 FULL/ - 00:00:34 192.168.23.2 Serial0/1R4(config)#int s0/0 //在R4的接口做相同的配置R4(config-if)#ip os authentication-key jhyR4(config-if)#ip os authentication实验现象:邻居关系重新建立R4#sh ip os neiNeighbor ID Pri State Dead Time Address Interface3.3.3.3 0 FULL/ - 00:00:34 192.168.34.3 Serial0/0(2)链路的密文验证R3(config-if)#ip os message-digest-key 1 md5 jhy//密钥R3(config-if)#ip os authentication message-digest //声明R4(config-if)#ip os message-digest-key 1 md5 jhyR4(config-if)#ip os authentication message-digest三、Area 0 的区域验证。
华为路由器OSPF虚链接的配置
华为路由器OSPF 虚链接的配置OSPf 虚链路(虚连接)的配置3.3.3.1ap ∈ai3・3・3・2R3I4.4.4.1GE 0/0/1 area51 I GEOooR44.4.4.2IoopbackO1.1.1.1目的:解决与骨干区域area0非直连区域的路由问题一、配置个端口地址Rl:<Huawei>sy[Huawei]undoinfo-centerenable[Huawei]sysnameRl[Rl]intIO[Rl-LoopBackO]ipaddl.l.l.l24[Rl-LoopBackO]intg0∕0∕0[Rl-GigabitEthernetO∕O∕O]ipadd2.2.2.124[Rl-GigabitEthernetO∕O∕O]quitR2:<Huawei>sy[Huawei]undoinfo-centerenable[Huawei]sysnameR2[R2]intg0∕0∕0[R2-GigabitEthernet0∕0∕0]ipadd2.2.2.224[R2-GigabitEthernetO∕O∕O]intgO/O/1[R2-GigabitEthernetO∕O∕l]ipadd33.3.124[R2-GigabitEthernetO∕O∕l]quitR3:<Huawei><Huawei>system-view[Huawei]undoinfo-centerenable[Huawei]sysnameR3[R3]intgO/O/O[R3-GigabitEthernetO∕O∕O]ipadd3.3.3.2[R3-GigabitEthernet O∕O∕O]intgO/O/1loopback05.5.5.1[R3-GigabitEthernetO∕O∕l]ipadd4.4.4.124[R3-GigabitEthernetO∕O∕l]quitR4:<Huawei>system-view[Huawei]undoinfo-centerenableInfo:Informationcenterisdisabled.[Huawei]sysnameR4[R4]intgO/O/O[R4-GigabitEthernet0∕0∕0]ipadd4.4.4.224[R4-GigabitEthernet0∕0∕0]intIO[R4-LoopBackO]ipadd5.5.5.124[R4-LoopBackO]quit二、配置多区域。
OSPF 的四种认证方式总结
OSPF 的四种认证方式OSPF的四种认证,基于区域的认证两种:简单口令认证,MD5。
基于链路的认证有两种:简单口令认证,MD5。
简单介绍一下:基于区域的简单口令认证:在R2上的配置如下:Router(config)#router ospf 100Router(config-router)#area 0 authenticationRouter(config)#int s1/3Router(config-if)#ip ospf authentication-key tyt在R3上的配置也是一样的,当你配置完一方时,邻居关系会断掉,另一方配置完后,邻居关系会重启,再者两边的密码一定要一样,不然不行。
基于区域的MD5认证:在R2上的配置如下:Router(config)#router ospf 100Router(config-router)#area 0 authentication message-digestRouter(config)#int s1/3Router(config-if)#ip ospf message-digest-key 1 md5 tyt在R3上的配置也是一样的,当你配置完一方时,邻居关系会断掉,另一方配置完后,邻居关系会重启,再者两边的密码一定要一样,不然不行。
基于链路的简单口令认证:在R2上的配置如下:Router(config)#int s1/3Router(config-if)#ip ospf authenticationRouter(config-if)#ip ospf authentication-key tyt这个很简单,在R3上的配置也是这样的基于链路的MD5认证的配置:在R2上的配置如下:Router(config)#int s1/3Router(config-if)#ip ospf authentication message-digestRouter(config-if)#ip ospf message-digest-key 1 md5 tyt其实在认证配置方面很简单!因为文档太小的话,文库会不认上传,所以在后面加些无关紧要的东西,可以删掉!实验 1-2:在NAT中使用Access List 和Route Maps【实验目的】:在本次实验中,你需要使用网络地址转换(NAT)去允许内网路由器(PxR3 和 PxR4)从TFTP服务器下载配置文件为了完成本次实验,你需要完成下列任务:•建立在NAT中需要使用的访问控制列表•在NAT中使用ROUTE-MAPS执行分开的并发地址转换。
红头发CCNP学习笔记
1.IGP(EIGRP/OSPF/IS-IS)2.EGP(BGP)3.policy4.IP multicast5.路由表:控制层和数据层(FIB)组成。
接入层:ACCESS LAYER端口密度汇聚层:DISTRIBUTION LAYER接入层流量的聚合点,高可用性(冗余+热备份)核心层:CORE LAYER高可用性+高吞吐量,快速转发数据。
Backbone+MAN层二:交换,(以太网)层三:路由可收敛的网络(可聚合的网络)的流量:--语音+视频流量--语音应用程序(IP电话)--办公性质--路由更新--网络管理流量(监控和日志)关键的需求:性能:带宽,延迟,抖动(jitter,到每个节点延迟的偏移量),语音和视频对延迟和抖动要求高。
Real-time 实时流量对延迟,抖动要求高,不可逆性安全:接入和转发。
SONA----语音,视频和数据的综合数据体系,是AVVID 的扩展。
目的是将网络朝IIN(智能信息网)方向推进,IIN 有三个阶段:集成传输,集成服务,集成应用。
SONA>>IIN网络放大效应效率=IT资产成本/ IT资产成本+运营成本使用率=所使用的资产/总资产(%)效能=效率*使用率网络放大效应=使用SONA的效能/不适用SONA的效能IS-IS用于超大型网络,而EIGRP,OSPF用于大型网络环境。
OSPF在NBMA网络上的运行模式:一.RFC:2328定义的:1.nonbroadcast(NBMA)非广播(不支持广播和组播)---- 默认模式(星型网络)必须在同一个子网内。
特点:1.要选举DR/BDR,所有接口处于同一子网,要确保中心路由器(hub)成为BD/BDR.2.边缘路由器(spoke)相互之间要作DLCI的映射(DLCI的复用)3.必须手动指定邻居(neighbor命令)把组播流量(hello包)已单播的形式传输出去2.point-to-multipoint(P2M)1.要选举DR/BDR,所有接口处于同一子网2.多点FR子接口要修改接口的网络类型3.SPOKE之间无需做DLCI复用二.CISCO定义的标准:1.broadcast1.要选DR/BDR,所有接口处于同一子网要确保中心路由器(hub)成为BD/BDR.2.边缘路由器(spoke)相互之间要作DLCI的映射(DLCI的复用)2.point-to-point(P2P)1.DR/BDR不选举,hello time 为10s2.hub要划分子接口,两个子接口在不同的子网3.point-to-multipoint nonbroadcast(P2M NBMA)1.要选举DR/BDR,所有接口处于同一子网2.多点FR子接口要修改接口的网络类型3.SPOKE之间无需做DLCI复用4.需要手动指定邻居。
OSPFV2知识要点-Nssa的纯ASBR(不能同时是ABR)向整个OSPF区域注入缺
OSPF V2知识要点OSPF 版本2路由器通过LSA来获悉其他路由器和网络,LSA被扩散到整个网络,它存储在拓扑表(LSDB)中。
区域内的路由器保存该区域中所有链路和路由器的详细信息,但只保存有关其他区域中路由器和链路的摘要信息。
Cisco建议每个区域中的路由器不应超过50~100台。
DR/BDR的选举接口上的优先级、Router-id。
Ospf的进程号OSPF 进程号只起本地标识作用,而无其他意义,类似于WINDOWS任务管理器中的进程号Router-id 的选取:1,路由器选取它所有的Loopback接口上最高的IP地址2,如果没有配置IP地址的Loopback接口,那么将选取它所有的物理接口上最高的IP 地址,注意是所有物理接口,子接口不参与选取在CISCO路由器上,即使作为Router-id 的物理接口DOWN掉了或被删除了,OSPF也会继续使用原来的物理接口做为Router-id ,所以使用loopback接口的好处仅在于更好的控制router-id正常情况下,在同一个区域内,OSPF database是完全一模一样的(包括顺序,内容)OSPF中重分布其它路由协议时,如果要修改重分布的内容,必须no掉重打,不支持覆盖功能。
Area 0.0.1.2= Area 258 ( 0.0.1.2 = 256+2 )OSPF区域特征:减少路由条目;将区域内拓扑变化的影响限制在本地;将LSA扩散限制在区域内;要求采取层次网络设计。
LSA刷新时间:为确保数据库的准确性,OSPF每隔30分钟对每条LSA记录扩散一次。
Router ID:用于标识路由器、通告路由器、确认主从关系、选举DR用等。
什么时候更改RID必须清除OSPF进程?RID是在OSPF域中用于标识自己的身份ID,所以在邻居关系还没形成之前更改RID 是不需要清除OSPF进程的。
当新加入一台设备到MA网络中时,该设备会将自己的DR和BDR的地址设为0.0.0.0 设置等待计时器为40秒,(超时后宣告自己为DR)如果一个网络中的所有路由器都不具有选举DR的资格,那么网络中的所有路由器都不会相互建立邻接,停留在TWO-W AY状态ABR/ASBR:ABR:ABR是连接多个区域的路由器,并且有一端在区域0上,而且至少有一端在其它区域上。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
OSPF域间汇总实验目的:了解并掌握域间汇总的配置实验拓扑图:基本配置R1(config)#int s2/1R1(config-if)#ip ad 12.0.0.1 255.255.255.0R1(config-if)#int lo 0R1(config-if)#ip ad 1.1.0.1 255.255.255.0R1(config-if)#int lo 1R1(config-if)#ip ad 1.1.1.1 255.255.255.0R1(config-if)#int lo 2R1(config-if)#ip ad 1.1.2.1 255.255.255.0R1(config-if)#int lo 3R1(config-if)#ip ad 1.1.3.1 255.255.255.0R1(config-if)#int s2/1R1(config-if)#no shR1(config-if)#00:02:54: %LINK-3-UPDOWN: Interface Serial2/1, changed state to upR1(config-if)#00:02:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to up R1(config-if)#router ospf 10R1(config-router)#net 12.0.0.0 0.0.0.255 a 0R1(config-router)#no net 12.0.0.0 0.0.0.255 a 0R1(config-router)#net 12.0.0.0 0.0.0.255 a 1R1(config-router)#net 1.1.0.0 0.0.0.255 a 1R1(config-router)#net 1.1.1.0 0.0.0.255 a 1R1(config-router)#net 1.1.2.0 0.0.0.255 a 1R1(config-router)#net 1.1.3.0 0.0.0.255 a 1R2(config)#int s2/1R2(config-if)#no shR2(config-if)#int s2/2R2(config-if)#00:02:53: %LINK-3-UPDOWN: Interface Serial2/1, changed state to upR2(config-if)#ip ad00:02:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to upR2(config-if)#ip ad 23.0.0.2 255.255.255.0R2(config-if)#no shR2(config-if)#int lo 000:03:05: %LINK-3-UPDOWN: Interface Serial2/2, changed state to upR2(config-if)#int lo 0R2(config-if)#ip ad00:03:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to upR2(config-if)#ip ad 2.2.2.2 255.255.255.0R2(config-if)#00:03:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to downR2(config-if)#00:03:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to upR2(config-if)#router ospf 10R2(config-router)#net 12.0.0.0 0.0.0.255 a 1R2(config-router)#net 2.2.2.2 0.0.0.0 a00:05:35: %OSPF-5-ADJCHG: Process 10, Nbr 1.1.3.1 on Serial2/1 from LOADING to FULL, Loading Done R2(config-router)#net 2.2.2.2 0.0.0.0 a 0R2(config-router)#net 23.0.0.0 0.0.0.255 a 0R3(config-if)#int s2/1R3(config-if)#ip ad 23.0.0.3 255.255.255.0R3(config-if)#no shR3(config-if)#00:03:41: %LINK-3-UPDOWN: Interface Serial2/1, changed state to upR3(config-if)#00:03:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to upR3(config-if)#int lo 0R3(config-if)#ip ad 3.3.3.3 255.255.255.0R3(config-if)#router ospf 10R3(config-router)#net 23.0.0.0 0.0.0.255 a 0R3(config-router)#int s/2^% Invalid input detected at '^' marker.R3(config)#00:07:07: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on Serial2/1 from LOADING to FULL, Loading Done R3(config)#int s2/2R3(config-if)#ip ad 34.0.0.03 255.255.255.0R3(config-if)#no sh00:07:23: %LINK-3-UPDOWN: Interface Serial2/2, changed state to upsoR3(config-if)#router oso00:07:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to upR3(config-if)#router ospf 10R3(config-router)#net 34.0.0.0 0.0.0.255 a 2R4(config)#int s2/1R4(config-if)#ip ad 34.0.0.4 255.255.255.0R4(config-if)#no shR4(config-if)#int lo 0R4(config-if)#ip ad 4.4.4.4 255.255.255.0R4(config-if)#router ospf 10R4(config-router)#net 34.0.0.0 0.0.0.255 a 2R4(config-router)#net 4.4.4.4 0.0.0.0 a 2在R3、R4之间搭建一条虚链路,R3(config-router)#area 2 virR3(config-router)#area 2 virtual-link 4.4.4.4 4.4.4.4为对端router-id,且在配之前双方都能ping通对端的router-id,这样虚链路就可以搭建起来。
R4(config)#router ospf 10R4(config-router)#area 2 virtual-link 3.3.3.3R3#show ip ospf virtual-linksVirtual Link OSPF_VL2 to router 4.4.4.4 is upRun as demand circuitDoNotAge LSA allowed.Transit area 2, via interface Serial2/2, Cost of using 64Transmit Delay is 1 sec, State POINT_TO_POINT,Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Hello due in 00:00:08Adjacency State FULL (Hello suppressed)Index 2/3, retransmission queue length 1, number of retransmission 1First 0x62C1C520(22)/0x0(0) Next 0x62C1C520(22)/0x0(0)Last retransmission scan length is 1, maximum is 1Last retransmission scan time is 0 msec, maximum is 0 msecLink State retransmission due in 1516 msecR4#show ip ospf virtual-linksVirtual Link OSPF_VL3 to router 3.3.3.3 is upRun as demand circuitDoNotAge LSA allowed.Transit area 2, via interface Serial2/1, Cost of using 64Transmit Delay is 1 sec, State POINT_TO_POINT,Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Hello due in 00:00:03Index 1/2, retransmission queue length 0, number of retransmission 0First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)Last retransmission scan length is 0, maximum is 0Last retransmission scan time is 0 msec, maximum is 0 msecR3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set34.0.0.0/24 is subnetted, 1 subnetsC 34.0.0.0 is directly connected, Serial2/21.0.0.0/22 is subnetted, 1 subnetsO IA 1.1.0.0 [110/129] via 23.0.0.2, 00:00:08, Serial2/12.0.0.0/32 is subnetted, 1 subnetsO 2.2.2.2 [110/65] via 23.0.0.2, 00:00:08, Serial2/13.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback04.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 [110/65] via 34.0.0.4, 00:00:18, Serial2/25.0.0.0/32 is subnetted, 1 subnetsO IA 5.5.5.5 [110/129] via 34.0.0.4, 00:00:08, Serial2/2 通过虚链路,可以把几个区域互通起来23.0.0.0/24 is subnetted, 1 subnetsC 23.0.0.0 is directly connected, Serial2/112.0.0.0/24 is subnetted, 1 subnetsO IA 12.0.0.0 [110/128] via 23.0.0.2, 00:00:09, Serial2/145.0.0.0/24 is subnetted, 1 subnetsO IA 45.0.0.0 [110/128] via 34.0.0.4, 00:00:09, Serial2/2我们在R3上给虚链路配置明文认证R3(config-router)#area 2 virtual-link 4.4.4.4 authentication-key ?<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)LINE Authentication key (8 chars)R3(config-router)#area 2 virtual-link 4.4.4.4 authentication-key shenduR3(config-router)#area 2 virtual-link 4.4.4.4 authentication ?authentication Set authentication typeauthentication-key Set authentication keydead-interval Dead router detection timehello-interval Hello packet intervalmessage-digest-key Set message digest keynull No authenticationretransmit-interval LSA retransmit intervaltransmit-delay LSA transmission delay<cr>R3(config-router)#area 2 virtual-link 4.4.4.4 authentication 启用认证,R4不配R3(config-router)#^ZR3#ping 4.4.4.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 180/339/536 msR3#debug ip ospf ajd^% Invalid input detected at '^' marker.R3#debug ip ospf adjOSPF adjacency events debugging is onR3#clear ip ospf proReset ALL OSPF processes? [no]: yR3#02:00:41: OSPF: Interface OSPF_VL2 going Down02:00:41: OSPF: 3.3.3.3 address 0.0.0.0 on OSPF_VL2 is dead, state DOWN02:00:41: OSPF: 4.4.4.4 address 34.0.0.4 on OSPF_VL2 is dead, state DOWN02:00:41: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on OSPF_VL2 from FULL to DOWN, Neighbor Down: Interface down or detached02:00:41: OSPF: Interface Loopback0 going Down02:00:41: OSPF: 3.3.3.3 address 3.3.3.3 on Loopback0 is dead, state DOWN02:00:41: OSPF: Interface Serial2/1 going Down02:00:41: OSPF: 3.3.3.3 address 23.0.0.3 on Serial2/1 is dead, state DOWN02:00:41: OSPF: 2.2.2.2 address 23.0.0.2 on Serial2/1 is dead, state DOWN02:00:41: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on Serial2/1 from FULL to DOWN, Neighbor Down: Interface down or detached02:00:41: OSPF: Interface Serial2/2 going Down02:00:41: OSPF: 3.3.3.3 address 34.0.0.3 on Serial2/2 is dead, state DOWN02:00:41: OSPF: 4.4.4.4 address 34.0.0.4 on Serial2/2 is dead, state DOWN02:00:41: %OSPF-5-ADJCHG: Process 10R3#, Nbr 4.4.4.4 on Serial2/2 from FULL to DOWN, Neighbor Down: Interface down or detached02:00:42: OSPF: Interface Loopback0 going Up02:00:42: OSPF: Interface Serial2/1 going Up02:00:42: OSPF: Interface Serial2/2 going Up02:00:42: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x8000000102:00:42: OSPF: Build router LSA for area 2, router ID 3.3.3.3, seq 0x8000000102:00:45: OSPF: 2 Way Communication to 4.4.4.4 on Serial2/2, state 2WAY02:00:45: OSPF: Send DBD to 4.4.4.4 on Serial2/2 seq 0x1174 opt 0x42 flag 0x7 len 3202:00:46: OSPF: Rcv DBD from 4.4.4.4 on Serial2/2 seq 0x2450 opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART02:00:46: OSPF: NBR Negotiation Done. We are the SLA VE02:00:46: OSPF: Send DBD to 4.4.4.4 on Serial2/2 seq 0x2450 opt 0x42 flag 0x2 len 5202:00:47: OSPF: Rcv DBD from 4.4.4.4 on Serial2/2 seq 0x2451 opt 0x42 flag 0x3 len 352 mtu 1500 state EXCHANGE02:00:47: OSPF: Send DBD to 4.4.4.4 on Serial2/2 seq 0x2451 opt 0x42 flag 0x0 len 3202:00:47: OSPF: Database request to 4.4.4.402:00:47: OSPF: sent LS REQ packet to 34.0.0.4, length 19202:00:47: OSPF: Rcv DBD from 4.4.4.4 on Serial2/2 seq 0x2452 opt 0x42 flag 0x1 len 32 mtu 1500 state EXCHANGE02:00:47: OSPF: Exchange Done with 4.4.4.4 on Serial2/202:00:47: OSPF: Send DBD to 4.4.4.4 on Serial2/2 seq 0x2452 opt 0x42 flag 0x0 len 3202:00:47: OSPF: Build rouR3#ter LSA for area 2, router ID 3.3.3.3, seq 0x8000000302:00:47: OSPF: Synchronized with 4.4.4.4 on Serial2/2, state FULL02:00:47: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Serial2/2 from LOADING to FULL, Loading DoneR3#02:00:48: OSPF: 2 Way Communication to 2.2.2.2 on Serial2/1, state 2WAY02:00:48: OSPF: Send DBD to 2.2.2.2 on Serial2/1 seq 0x14F8 opt 0x42 flag 0x7 len 3202:00:48: OSPF: Rcv DBD from 2.2.2.2 on Serial2/1 seq 0x2044 opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART02:00:48: OSPF: First DBD and we are not SLA VE02:00:48: OSPF: Rcv DBD from 2.2.2.2 on Serial2/1 seq 0x14F8 opt 0x42 flag 0x2 len 212 mtu 1500 state EXSTART02:00:48: OSPF: NBR Negotiation Done. We are the MASTER02:00:48: OSPF: Send DBD to 2.2.2.2 on Serial2/1 seq 0x14F9 opt 0x42 flag 0x3 len 5202:00:48: OSPF: Database request to 2.2.2.202:00:48: OSPF: sent LS REQ packet to 23.0.0.2, length 108R3#02:00:49: OSPF: Rcv DBD from 2.2.2.2 on Serial2/1 seq 0x14F9 opt 0x42 flag 0x0 len 32 mtu 1500 state EXCHANGE02:00:49: OSPF: Send DBD to 2.2.2.2 on Serial2/1 seq 0x14FA opt 0x42 flag 0x1 len 3202:00:50: OSPF: Rcv DBD from 2.2.2.2 on Serial2/1 seq 0x14FA opt 0x42 flag 0x0 len 32 mtu 1500 state EXCHANGE02:00:50: OSPF: Exchange Done with 2.2.2.2 on Serial2/102:00:50: OSPF: Synchronized with 2.2.2.2 on Serial2/1, state FULLR3#02:00:50: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on Serial2/1 from LOADING to FULL, Loading DoneR3#02:00:50: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000002R3#02:00:56: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000005R3#02:01:02: OSPF: Interface OSPF_VL2 going UpR3#02:01:04: OSPF: Rcv pkt from 34.0.0.4, OSPF_VL2 : Mismatch Authentication type. Input packet specified type 0, we use type 1 认证匹配不上R3#02:01:14: OSPF: Rcv pkt from 34.0.0.4, OSPF_VL2 : Mismatch Authentication type. Input packet specified type 0, we use type 1R3#02:01:23: OSPF: Rcv pkt from 34.0.0.4, OSPF_VL2 : Mismatch Authentication type. Input packet specified type 0, we use type 1R3#02:01:34: OSPF: Rcv pkt from 34.0.0.4, OSPF_VL2 : Mismatch Authentication type. Input packet specified type 0, we use type 1R4#ping 3.3.3.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 256/445/772 ms 在R4上ping依旧可以ping通。