Pada lab ini kita akan belajar mengkonfigurasi authentikasi pada jaringan OSPF. Berikut topologi yang akan kita gunakan pada lab ini
 |
| Gambar 1 Topologi jaringan OSPF |
Diasumsikan kita telah mengkonfigurasi OSPF di R1, R2, dan R3. Tujuan kita pada lab ini adalah agar komunikasi OSPF antara R1 dan R2 dilindungi dengan authentikasi. Berikut konfig yang perlu kita lakukan di R1 dan R2
R1(config)#int e0/0R1(config-if)#ip ospf authentication message-digest R1(config-if)#ip ospf message-digest-key 1 md5 P4ssword
Sesaat setelah mengkonfigurasi authentikasi di R1, maka akan ada peringatan bahwa neighbor telah dihapus
R1(config-if)#*Oct 24 06:32:31.815: %OSPF-5-ADJCHG: Process 1, Nbr 23.23.23.2 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired R1(config-if)#do sh ip os nei R1(config-if)#
Untuk itu kita harus konfigurasi authentikasi juga di R2. Perlu diketahui bahwa konfigurasi authentikasi di R2 harus memiliki key id dan string yang sama dengan yang kita konfigurasikan di R1
R2(config)#int e0/0R2(config-if)#ip ospf authentication message-digest R2(config-if)#ip ospf message-digest-key 1 md5 P4ssword
Setelah mengkonfigurasi authentkasi di R2, akan ada peringatan bawah adjacency sudah up kembali dan tabel OSPF neighbor pun sudah terbentuk lagi
R1(config-if)#*Oct 24 06:33:27.303: %OSPF-5-ADJCHG: Process 1, Nbr 23.23.23.2 on Ethernet0/0 from LOADING to FULL, Loading Done R1(config-if)#do sh ip os nei Neighbor ID Pri State Dead Time Address Interface 23.23.23.2 1 FULL/DR 00:00:31 12.12.12.2 Ethernet0/0
Oke sip kita sudah berhasil. Untuk melihat apakah OSPF menggunakan authentikasi atau tidak, kita bisa menggunakan perintah berikut
R1(config-if)#do sh ip ospf int e0/0Ethernet0/0 is up, line protocol is up Internet Address 12.12.12.1/24, Area 0 Process ID 1, Router ID 11.11.11.6, Network Type BROADCAST, Cost: 10 Topology-MTID Cost Disabled Shutdown Topology Name 0 10 no no Base Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 23.23.23.2, Interface address 12.12.12.2 Backup Designated router (ID) 11.11.11.6, Interface address 12.12.12.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 23.23.23.2 (Designated Router) Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1
R2(config-if)#do sh ip os int e0/0 Ethernet0/0 is up, line protocol is up Internet Address 12.12.12.2/24, Area 0 Process ID 1, Router ID 23.23.23.2, Network Type BROADCAST, Cost: 10 Topology-MTID Cost Disabled Shutdown Topology Name 0 10 no no Base Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 23.23.23.2, Interface address 12.12.12.2 Backup Designated router (ID) 11.11.11.6, Interface address 12.12.12.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 11.11.11.6 (Backup Designated Router) Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1
Tidak ada komentar:
Posting Komentar
Komentar