OSPF Lab2 – Configuring OSPF Authentication

Ensurepass

Objectives

Learn configuration methods of interface authentication and area authentication.

Lab Topology

7

Lab Steps

1. Configure IP addresses of every router, and use ping command to confirm the direct interface connectivity of every router.

2. Configure OSPF protocol, and use related commands to confirm that it can cork normally

3. Check routing table of R1 and R2.

R1#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets

O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:02, Serial1/1

O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:02, Serial1/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.2.0 is directly connected, Loopback0

C 10.1.1.0 is directly connected, Loopback1

192.168.1.0/30 is subnetted, 3 subnets

O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:12, Serial1/1

C 192.168.1.0 is directly connected, Serial1/1

O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:05:47, Serial1/1

R1#

R2#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets

O IA 172.16.1.0 [110/129] via 192.168.1.6, 00:09:16, Serial1/1

O IA 172.16.2.0 [110/129] via 192.168.1.6, 00:09:16, Serial1/1

10.0.0.0/24 is subnetted, 2 subnets

O 10.1.2.0 [110/65] via 192.168.1.1, 00:14:00, Serial1/0

O 10.1.1.0 [110/65] via 192.168.1.1, 00:14:00, Serial1/0

192.168.1.0/30 is subnetted, 3 subnets

O IA 192.168.1.8 [110/128] via 192.168.1.6, 00:09:26, Serial1/1

C 192.168.1.0 is directly connected, Serial1/0

C 192.168.1.4 is directly connected, Serial1/1

R2#

4. Enable OSPF plain text authentication on R1 with the following configurations:

R1(config)#interface serial 1/1

R1(config-if)#ip ospf authentication

R1(config-if)#ip ospf authentication-key cisco

R1(config-if)#exit

5. Open debug to observe system prompt after configuration

00:30:33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead

00:30:33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead, state DOWN

00:30:33: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from FULL to DOWN, Neighbor Down: Dead timer expired

00:30:35: OSPF: Rcv pkt from 192.168.1.2, Serial1/1 : Mismatch type. Input packet specified type 0, we use type 1

00:54:45: OSPF: Rcv pkt from 192.168.1.2, Serial1/1 : Mismatch Authentication Key – Clear Text

6. Enable OSPF authentication on R2

R2(config)#interface s1/0

R2(config-if)#ip ospf authentication

R2(config-if)#ip ospf authentication-key cisco

R2(config-if)#exit

R2(config)#exit

7. Check debug information and route information of R1.

00:54:55: OSPF: 2 Way Communication to 192.168.1.5 on Serial1/1, state 2WAY

00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0×2154 opt 0×42 flag 0×7 len 32

00:54:55: OSPF: Rcv DBD from 192.168.1.5 on Serial1/1 seq 0×182 opt 0×42 flag 0×7 len 32 mtu 1500 state EXSTART

00:54:55: OSPF: NBR Negotiation Done. We are the SLAVE

00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0×182 opt 0×42 flag 0×2 len 152

00:54:55: OSPF: Rcv DBD from 192.168.1.5 on Serial1/1 seq 0×183 opt 0×42 flag 0×3 len 152 mtu 1500 state EXCHANGE

00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0×183 opt 0×42 flag 0×0 len 32

00:54:55: OSPF: Database request to 192.168.1.5

00:54:55: OSPF: sent LS REQ packet to 192.168.1.2, length 60

00:54:55: OSPF: Rcv DBD from 192.168.1.5 on Serial1/1 seq 0×184 opt 0×42 flag 0×1 len 32 mtu 1500 state EXCHANGE

00:54:55: OSPF: Exchange Done with 192.168.1.5 on Serial1/1

00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0×184 opt 0×42 flag

R1#0×0 len 32

00:54:55: OSPF: Synchronized with 192.168.1.5 on Serial1/1, state FULL

00:54:55: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from LOADING to FULL, Loading Done

00:54:56: OSPF: Build router LSA for area 1, router ID 10.1.2.1, seq 0x8000000C

R1#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets

O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:53, Serial1/1

O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:53, Serial1/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.2.0 is directly connected, Loopback0

C 10.1.1.0 is directly connected, Loopback1

192.168.1.0/30 is subnetted, 3 subnets

O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:53, Serial1/1

C 192.168.1.0 is directly connected, Serial1/1

O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:01:53, Serial1/1

R1#

8. Configure key interface authentication based on MD5 as follows. Please check by yourself after configuration, we will not repeat confirmation here.

R1(config)#interface serial 1/1

R1(config-if)#ip ospf authentication message-digest

R1(config-if)#ip ospf message-digest-key 1 md5 cisco

R1(config-if)#exit

R1(config)#

R2(config)#interface serial 1/0

R2(config-if)#ip ospf authentication message-digest

R2(config-if)#ip ospf message-digest-key 1 md5 cisco

R2(config-if)#exit

R2(config)#

9. NO the plain text configured before or the interface authentication. Check routing table of R1 and confirm OSPF protocol is processing normally:

R1#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets

O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:00:05, Serial1/1

O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:00:05, Serial1/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.2.0 is directly connected, Loopback0

C 10.1.1.0 is directly connected, Loopback1

192.168.1.0/30 is subnetted, 3 subnets

O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:00:05, Serial1/1

C 192.168.1.0 is directly connected, Serial1/1

O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:00:05, Serial1/1

R1#

10. Enable area plain text authentication on R1 with the following configuration:

R1(config)#router ospf 1

R1(config-router)#area 1 authentication

R1(config-router)#exit

R1(config)#interface serial 1/1

R1(config-if)#ip ospf authentication-key cisco

R1(config-if)#exit

R1(config)#exit

11. after configuration on R1. Wait for a minute and we will see the following information on R1:

01:10:25: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from FULL to DOWN, Neighbor Down: Dead timer expired

The status is DOWN because R2 is not configured correct authentication. Meanwhile check routing table of R1, and find that the route that has learnt before is lost.

R1#show ip route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.2.0 is directly connected, Loopback0

C 10.1.1.0 is directly connected, Loopback1

192.168.1.0/30 is subnetted, 1 subnets

C 192.168.1.0 is directly connected, Serial1/1

R1#

12. Enable area plain text authentication on R2, with the following configuration:

R2(config)#router ospf 1

R2(config-router)#area 1 authentication

R2(config-router)#exit

R2(config)#interface serial 1/0

R2(config-if)#ip ospf authentication-key cisco

R2(config-if)#exit

13. After configuring OSPF area plain text authentication on R2, it will prompt on R1 the following message:

01:15:35: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from LOADING to FULL, Loading Done

This shows that OSPF authentication succeeds now, and R1 has learnt route of other areas. The routing table shows as follows:

R1#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets

O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1

O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.1.2.0 is directly connected, Loopback0

C 10.1.1.0 is directly connected, Loopback1

192.168.1.0/30 is subnetted, 3 subnets

O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:19, Serial1/1

C 192.168.1.0 is directly connected, Serial1/1

O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:01:19, Serial1/1

R1#

14. The following is an example of configuring key area authentication based on MD5. Please conduct self-check after configuration, because we will not repeat confirmation here:

R1(config)#router ospf 1

R1(config-router)#area 1 authentication message-digest

R1(config-router)#exit

R1(config)#interface serial 1/1

R1(config-if)#ip ospf message-digest-key 1 md5 cisco

R1(config-if)#exit

R1(config)#

R2(config)#router ospf 1

R2(config-router)#area 1 authentication message-digest

R2(config-router)#exit

R2(config)#interface serial 1/0

R2(config-if)#ip ospf message-digest-key 1 md5 cisco

R2(config-if)#exit

R2(config)#

15. Configure instance of changing MD5 key; this configuration is mainly used to discard old key, and enable new key (also used for area MD5 authentication)

R2(config)#interface serial 1/1

R2(config-if)#ip ospf authentication message-digest

R2(config-if)#ip ospf message-digest-key 1 md5 cisco1

R2(config-if)#ip ospf message-digest-key 2 md5 cisco2

R2(config-if)#exit

R2(config)#exit

16. Lab finished.

Hope to helpful for you!





[Report Dead Link] Please leave a comment or send email to report dead links, so that we will update new links within 24 hours.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.