OSPF综合实验+认证+缺省路由发布

拓扑

要求

1. 配置主机名与地址
2. 配置OSPF
3. 手动配置RID
4. 要求R1位DR、R2位BDR
5. R3与R4之间启用MD5认证
6. 验证R1到4.4.4.4的开销
7. R8模拟运营商网络
8. 全网通

实现过程

R1配置

1. 命令

sys
sys R1

#配置接口
int g0/0/0
ip add 192.168.0.1 24

#配置OSPF
ospf 1 router-id 1.1.1.1
a 0
network 192.168.0.0 0.0.0.255

R2配置

1. 命令

sys
sys R2

#配置接口
int g0/0/0
ip add 192.168.0.2 24

#配置OSPF
ospf 1 router-id 2.2.2.2
a 0
network 192.168.0.0 0.0.0.255

R3配置

1. 命令

sys
sys R3

#配置接口
int g0/0/0
ip add 192.168.0.3 24

#配置OSPF
ospf 1 router-id 3.3.3.3
a 0
network 192.168.0.0 0.0.0.255

R6配置

1. 命令

sys
sys R6

#配置接口
int g0/0/0
ip add 192.168.0.6 24
int s4/0/0
ip add 34.0.0.3 8

#配置OSPF
ospf 1 router-id 6.6.6.6
a 0
network 192.168.0.0 0.0.0.255
network 34.0.0.0 0.255.255.255

R4配置

1. 命令

sys
sys R4

#配置接口
int s4/0/0
ip add 34.0.0.4 8
int g0/0/1
ip add 48.0.0.4 8
import protocol direct
int lo 1
ip add 4.4.4.4 32

#配置OSPF
ospf 1 router-id 4.4.4.4
a 0
network 34.0.0.0 0.255.255.255
net 4.4.4.4 0.0.0.0

R8配置

1. 命令

sys
sys R8
int g0/0/0
ip add 48.0.0.8 8

验证R1到4.4.4.4的Cost值

1. R1出口Cost值

   

2. R3出口Cost值

   

3. R1到4.4.4.4Cost值

   

配置R1为DR、R2为BDR

1. R1配置命令

   <R1>sys
   Enter system view, return user view with Ctrl+Z.
   [R1]int g0/0/0
   [R1-GigabitEthernet0/0/0]ospf dr-pri	
   [R1-GigabitEthernet0/0/0]ospf dr-priority 200

2. R2配置命令

   <R2>sys
   Enter system view, return user view with Ctrl+Z.
   [R2]int g0/0/0	
   [R2-GigabitEthernet0/0/0]ospf dr-pri	
   [R2-GigabitEthernet0/0/0]ospf dr-priority 100

缺省路由发布

配置方法

配置方式	备注
静态配置	使用命令： ip route-static 0.0.0.0 0 下一跳地址
动态配置	使用动态路由协议进行发布

图示

命令

[R4]ip route-s	
[R4]ip route-static 0.0.0.0 0 48.0.0.8
[R4]ospf 1
[R4-ospf-1]def	
[R4-ospf-1]default-rout	
[R4-ospf-1]default-route-advertise   #配置动态缺省路由

解析

1. 缺省路由发布步骤1

   

2. 步骤2

   

3. 步骤3

   

路由认证

技术背景

攻击演示

拓扑

命令

1. 通过抓包找到OSPF的网段

   

2. R10配置

   <Huawei>sys
   Enter system view, return user view with Ctrl+Z.
   [Huawei]sys R10
   [R10]int g0/0/0
   [R10-GigabitEthernet0/0/0]ip add 192.168.0.10 24
   Apr 15 2021 18:26:48-08:00 R10 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
    on the interface GigabitEthernet0/0/0 has entered the UP state. 
   [R10-GigabitEthernet0/0/0]int lo 1
   [R10-LoopBack1]ip add 4.4.4.4 32
   [R10-LoopBack1]
   [R10-GigabitEthernet0/0/0]ospf 1
   [R10-ospf-1]a 0
   [R10-ospf-1-area-0.0.0.0]net 192.168.0.10 0.0.0.0
   [R10-ospf-1-area-0.0.0.0]net 4.4.4.4 0.0.0.0

结果展示

1. 到4.4.4.4的路由

   

2. 出现新的邻居

   

认证

命令

1. 命令

命令	备注
int g0/0/0 ospf authentication-mode md5 1 cipher wuchao	配置接口认证
a 0 authentication-mode md5 1 cipher wuchao	配置区域认证
PS:如果上面的同时配置，接口配置优先生效 配置时候 MD5的id必须一致

2. 配置

   #R1
   <R1>sys
   Enter system view, return user view with Ctrl+Z.
   [R1]int g0/0/0
   [R1-GigabitEthernet0/0/0]ospf au	
   [R1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cip	
   [R1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher wuchao
   
   #R2
   <R2>sys
   Enter system view, return user view with Ctrl+Z.
   [R2]int g0/0/0
   [R2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher wuchao
   
   #R3
   <R3>sys
   Enter system view, return user view with Ctrl+Z.
   [R3]int g0/0/0
   [R3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher wuchao
   
   #R6
   <R6>sys
   Enter system view, return user view with Ctrl+Z.
   [R6]int g0/0/0
   [R6-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher wuchao

3. 开启认证，阻止攻击

   

   

解析

1. 认证

   

2. OSPF认证方式