Friday, 9 November 2012

IPV6: OSPFv3 authentication:


IPV6: OSPFv3 authentication:

 ·         Let me take 2 routers to configure OSPFv3 authentication.

 R1---fa0/0--------------------fa0/0---R2

 R1(config)#int fa0/0

R1(config-if)#ipv6 address 2001:12::1/64

R1(config-if)#


R2(config)#int fa0/0

R2(config-if)#ipv6 address 2001:12::2/64

R2(config-if)#

 

Configuring OSPF:

 

R1(config)#ipv6 router ospf 1

R1(config-rtr)#int fa0/0

R1(config-if)#ipv6 ospf 1 area 0

R1(config-if)#int loop0

R1(config-if)#ipv6 ospf 1 area 0

R1(config-if)#

 

R2(config)#ipv6 router ospf 1

R2(config-rtr)#int fa0/0

R2(config-if)#ipv6 ospf 1 area 0

R2(config-if)#int loop0

R2(config-if)#ipv6 ospf 1 area 0

R2(config-if)#

 

·         Let me configure OSPFv3 authentication:

 

R1(config)#ipv6 router ospf 1

R1(config-rtr)# area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF

 

R2(config)#ipv6 router ospf 1

R2(config-rtr)#area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF

R2(config-rtr)#

 

Now, let me see if authentication is working:

 

R1#show ipv6 ospf int fa0/0

FastEthernet0/0 is up, line protocol is up

  Link Local Address FE80::C000:FFF:FE58:0, Interface ID 4

  Area 0, Process ID 1, Instance ID 0, Router ID 1.1.1.1

  Network Type BROADCAST, Cost: 10

  MD5 Authentication (Area) SPI 500, secure socket state UP (errors: 0)

  Transmit Delay is 1 sec, State BDR, Priority 1

  Designated Router (ID) 2.2.2.2, local address FE80::C001:FFF:FE58:0

  Backup Designated router (ID) 1.1.1.1, local address FE80::C000:FFF:FE58:0

  Flush timer for old DR LSA due in 00:00:11

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    Hello due in 00:00:01

  Index 1/1/1, flood queue length 0

  Next 0x0(0)/0x0(0)/0x0(0)

  Last flood scan length is 1, maximum is 2

  Last flood scan time is 0 msec, maximum is 0 msec

  Neighbor Count is 1, Adjacent neighbor count is 1

    Adjacent with neighbor 2.2.2.2  (Designated Router)

  Suppress hello for 0 neighbor(s)

R1#show ipv6 ospf nei

 

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface

2.2.2.2           1   FULL/DR         00:00:34    4               FastEthernet0/0

R1#

 

R2#show ipv6 ospf int fa0/0

FastEthernet0/0 is up, line protocol is up

  Link Local Address FE80::C001:FFF:FE58:0, Interface ID 4

  Area 0, Process ID 1, Instance ID 0, Router ID 2.2.2.2

  Network Type BROADCAST, Cost: 10

  MD5 Authentication (Area) SPI 500, secure socket state UP (errors: 0)

  Transmit Delay is 1 sec, State DR, Priority 1

  Designated Router (ID) 2.2.2.2, local address FE80::C001:FFF:FE58:0

  Backup Designated router (ID) 1.1.1.1, local address FE80::C000:FFF:FE58:0

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    Hello due in 00:00:06

  Index 1/1/1, flood queue length 0

  Next 0x0(0)/0x0(0)/0x0(0)

  Last flood scan length is 0, maximum is 4

  Last flood scan time is 0 msec, maximum is 0 msec

  Neighbor Count is 1, Adjacent neighbor count is 1

    Adjacent with neighbor 1.1.1.1  (Backup Designated Router)

  Suppress hello for 0 neighbor(s)

R2#

R2#show ipv6 ospf nei

 

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface

1.1.1.1           1   FULL/BDR        00:00:32    4               FastEthernet0/0

R2#

 

Observations:

·         Authentication is working and the OSPFv3 neighbor relationship is up.

 

·         Now, let me see OSPFv3 routing table:

 

R1#show ipv6 route ospf

IPv6 Routing Table - 7 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

O   2002:202:202:1::2/128 [110/10]

     via FE80::C001:FFF:FE58:0, FastEthernet0/0

R1#

R1#ping 2002:202:202:1::2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2002:202:202:1::2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/16/56 ms

R1#

 

R2#show ipv6 route ospf

IPv6 Routing Table - 7 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

O   2002:101:101:1::1/128 [110/10]

     via FE80::C000:FFF:FE58:0, FastEthernet0/0

R2#

R2#ping 2002:101:101:1::1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2002:101:101:1::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/17/56 ms

R2#

 

Observation:

·         R1 and R2 are exchanging their loopback interfaces via OSPFv3 and ping is fine between them.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)