OSPF Support 2 modes d’authentification :
- plain text
- MD5
L’authentification peut être activée
- sur une interface
- de façon globale
R2 active l’authentification de façon globale mode « plain text »
R2(config)#router ospf 1 R2(config-router)#area 0 authentication R2#conf t R2(config)#int s0/0.21 R2(config-subif)#ip ospf authentication-key CISCO
Vérifications
R2#show ip ospf int s0/0.21 Serial0/0.21 is up, line protocol is up Internet Address 10.1.12.2/24, Area 0 Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:04 Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.1 Suppress hello for 0 neighbor(s) Simple password authentication enabled
R2 active l’authentification de facon globale mode « md5 »
R2(config)#router ospf 1 R2(config-router)#area 0 authentication message-digest R2(config)#int s0/0.21 R2(config-subif)#ip ospf message-digest-key 1 md5 CISCO R2(config)#int fa0/0 R2(config-subif)#ip ospf message-digest-key 1 md5 CISCO
Vérifications
R2#show ip ospf int s0/0.21 Serial0/0.21 is up, line protocol is up Internet Address 10.1.12.2/24, Area 0 Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.1 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1
R3 active l’authentification « plaintext » et « md5 »
- sur l’interface s1/0.34 en mode « plain text »
- sur l’interface fa0/0 en mode « md5 »
R3(config)#int Serial1/0.34 R3(config-subif)#ip ospf authentication R3(config-subif)#ip ospf authentication-key CISCO R3(config)#int fa0/0 R3(config-if)#ip ospf authentication message-digest R3(config-if)#ip ospf message-digest-key 1 md5 CISCO
Vérifications:
R3#show ip ospf int s1/0.34 Serial1/0.34 is up, line protocol is up Internet Address 10.1.34.3/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type POINT_TO_POINT, Cost: 781 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 4.4.4.4 Suppress hello for 0 neighbor(s) Simple password authentication enabled R3#show ip ospf int fa0/0 FastEthernet0/0 is up, line protocol is up Internet Address 10.1.23.3/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 10.1.23.3 Backup Designated router (ID) 2.2.2.2, Interface address 10.1.23.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:01 Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1