1. 启用OSPF动态路由协议


router ospf 进程号

进程号可以随意设置，只标识ospf为本路由器内的一个进程

2. 定义参与ospf的子网.该子网属于哪一个OSPF路由信息交换区域。


network ip 子网号 通配符 area 区域号

路由器将限制只能在相同区域内交换子网信息，不同区域间不交换路由信息。另外，区域0为主干OSPF区域。不同区域交换路由信息必须经过区域0。一般地，某一区域要接入OSPF0路由区域，该区域必须至少有一台路由器为区域边缘路由器，即它既参与本区域路由又参与区域0路由。

3. OSPF区域间的路由信息总结 


如果区域中的子网是连续的，则区域边缘路由器向外传播给路由信息时，采用路由总结功能后，路由器就会将所有这些连续的子网总结为一条路由传播给其它区域，则在其它区域内的路由器看到这个区域的路由就只有一条。这样可以节省路由时所需网络带宽。

设置对某一特定范围的子网进行总结：area 区域号 range 子网范围掩码

4. 指明网络类型 在需要进行OSPF路由信息的端口中，设置：


ip ospf network broadcast或non-broadcast或point-to -mutlipoint

一般地，对于 DDN，帧中继和X.25属于非广播型的网络，即non-broadcast

5. 对于非广播型的网络连接，需指明路由器的相邻路由器

通过以上配置，路由器之间就可以完成交换路由信息了，其它设置，为了防止路由信息被窃取，可以对OSPF进行安全设置，只有合法的同一区域的路由器之间才能交换路由信息。

设置步骤 

1. 设置某区域使用安全设置MD5方式


area 区域标号 autherfication message-digest

可以采用明文方式 ，但建议采用MD5方式，较安全。

2. 设置某端口验证其相邻路由器相邻端口时的MD5口令，在端口设置模式下

实例1 无安全，无路由总结的OSPF设置 

2511－1的设置

Current configuration：

！

version 11.3

no service password-encryption

!

hostname 2511-1

!

enable password cisco

!

interface Ethernet0

ip address 192.4.1.1 255.255.255.0

!

interface Serial0

ip address 192.3.1.1 255.255.255.0

encapsulation frame-relay IETF

no ip mroute-cache

bandwidth 2000

frame-relay map ip 192.3.1.2 100 broadcast

frame-relay lmi-type cisco

!

interface Serial1

ip address 192.1.1.1 255.255.255.0

encapsulation ppp

bandwidth 64

!

router ospf 1 

passive-interface Ethernet0

network 192.1.1.0 0.0.0.255 area 0

network 192.3.1.0 0.0.0.255 area 0

network 192.4.1.0 0.0.0.255 area 0

neighbor 192.1.1.2 priority 1

neighbor 192.3.1.2 priority 1

!

ip classless

!

line con 0

line 1 8

line aux 0

line vty 0 4 

!

end

2505的设置

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname 2505

!

enable secret 5 $1$GbYT$OR05giiLZxI4hEAO0F8kV1

!

hub ether 0 1

link-test

auto-polarity

!

hub ether 0 2

link-test

auto-polarity

!

hub ether 0 3

link-test

auto-polarity

!

hub ether 0 4

link-test

auto-polarity

!

hub ether 0 5

link-test

auto-polarity

!

hub ether 0 6

link-test

auto-polarity

!

hub ether 0 7

link-test

auto-polarity

!

hub ether 0 8

link-test

auto-polarity

!

interface Ethernet0

ip address 192.1.4.1 255.255.255.0

!

interface Serial0

ip address 192.1.2.1 255.255.255.0

ip ospf network non-broadcast

bandwidth 2000

clockrate 2000000

!

interface Serial1

ip address 192.1.1.2 255.255.255.0

enpsuration ppp

ip ospf network non-broadcast

bandwidth 64

clockrate 64000

!

router ospf 1

passive-interface Ethernet0

network 192.1.1.0 0.0.0.255 area 0

network 192.1.2.0 0.0.0.255 area 2

network 192.1.4.0 0.0.0.255 area 2

neighbor 192.1.1.1 priority 1 

neighbor 192.1.2.2 priority 1

!

no ip classless

ip ospf name-lookup

!

line con 0

line aux 0

line vty 0 4 

login 

!

end 

internal -2的设置

Current configuration :

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname internal-2

!

enable secret 5 $1$KX00$rTI/2TvDokWxT4xC6wvmi/

!

interface Ethernet0

no ip address 

shutdown

!

interface Serial0

ip address 192.1.2.2 255.255.255.0

ip ospf network non-broadcast

!

interface Serial1

no ip address 

shutdown

!

router ospf 1

network 192.1.2.0 0.0.0.255 area 2

neighbor 192.1.2.1 priority 1

!

no ip classless

!

line con 0

line 1 16

line aux 0

line vty 0 4 

!

end 

2514的设置

Current configuration :

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname 2514

!

enable secret 5 $1$uoHU$Vks/lY CRi33z4TXs4qekI0

!

frame-relay switching

!

interface Ethernet0

ip address 192.5.1.1 255.255.255.0 

!

interface Ethernet1

no ip address

shutdown

!

interface Serial0

ip address 192.3.1.2 255.255.255.0

encapsulation frame-relay IETF

bandwidth 2000

clockrate 2000000

frame-relay map ip 192.3.1.1 100 broadcast 

frame-relay intf-type dce

!

interface Serial1

ip address 192.2.1.1 255.255.255.0

no ip mroute-cache

encapsulation X25 dce

bandwidth 64

x25 address 1234

x25 htc 16

x25 nvc 4

x25 map ip 192.2.1.2 5678 broadcast

clockrate 64000

!

router ospf 1

passive-interface Ethernet0

network 192.3.1.0 0.0.0.255 area 0

network 192.2.1.0 0.0.0.255 area 0

network 192.5.1.0 0.0.0.255 area 0

neighbor 192.2.1.2 priority 1

neighbor 192.3.1.1 priority 1

!

no ip classless

!

line con 0

line aux 0

line vty 0 4 

login 

!

end 

2511-2的设置

Building configuration ...

Current configuration:

!

version 11.3

no service password-encryption

!

hostname 2511-2

!

enable secret 5 $1$7o5F$MSyFWzVf6JBgnjLJghHSB.

!

interface Ethernet0

ip address 192.2.4.1 255.255.255.0 

!

interface Serial0

ip address 192.2.1.2 255.255.255.0

encapsulation x25

no ip mroute-cache

x25 address 5678

x25 htc 16

x25 nvc 4

x25 map ip 192.2.1.1 1234 broadcast

!

interface Serial1

ip address 192.2.2.1 255.255.255.0

ip ospf network non-broadcast

no ip mroute-cache

bandwidth 2000

clockrate 2000000

!

router ospf 1

passive-interface Ethernet0

network 192.2.2.0 0.0.0.255 area 1

network 192.2.4.0 0.0.0.255 area 1

network 192.2.1.0 0.0.0.255 area 0

neighbor 192.2.1.1 piority 1

neighbor 192.2.2.2 piority 1

!

ip classless

!

line con 0

line 1 8

line aux 0

line vty 0 4 

!

end 

internal -1的设置

Building configuration...

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname internal-1

!

enable secret 5 $1$cF2M$z2T8Ohij5q/yn2RsiVaGE/

!

interface Ethernet0

no ip address 

shutdown

!

interface Serial0

ip address 192.2.2.2 255.255.255.0

ip ospf network non-broadcast

!

interface Serial1

no ip address 

shutdown

!

router ospf 10

network 192.2.2.0 0.0.0.255 area 1

neighbor 192.2.2.1 priority 1

!

no ip classless

!

line con 0

line 1 16

line aux 0

line vty 0 4 

login 

!

end 

实例2 有安全，路由总结的OSPF设置

　internal-2的设置

Current configuration :

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname internal-2

!

enable secret 5 $1$KX00$rTI/2TvDokWxT4xC6wvmi/

!

interface Ethernet0

no ip address 

shutdown

!

interface Serial0

ip address 192.1.2.2 255.255.255.0

ip ospf message-digest-key 1 md5 cisco

ip ospf network non-broadcast

!

interface Serial1

no ip address 

shutdown

!

router ospf 1

network 192.1.2.0 0.0.0.255 area 2

neighbor 192.1.2.1 priority 1

area 2 authentication message-digest

!

no ip classless

!

line con 0

line 1 16

line aux 0

line vty 0 4 

login 

!

end 

2505的设置

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname 2505

!

enable secret 5 $1$b43o$CpEYSTC2EPwnR1QGvIm//

!

username 2511-1 password 7 104D000A0618

!

hub ether 0 1

link-test

auto-polarity

!

hub ether 0 2

link-test

auto-polarity

!

hub ether 0 3

link-test

auto-polarity

!

hub ether 0 4

link-test

auto-polarity

!

hub ether 0 5

link-test

auto-polarity

!

hub ether 0 6

link-test

auto-polarity

!

hub ether 0 7

link-test

auto-polarity

!

hub ether 0 8

link-test

auto-polarity

!

interface Ethernet0

ip address 192.1.4.1 255.255.255.0

!

interface Serial0

ip address 192.1.2.1 255.255.255.0

ip ospf message-digest –key 1 md5 cisco

ip ospf network non-broadcast

bandwidth 2000

clockrate 2000000

!

interface Serial1

ip address 192.7.1.2 255.255.255.0

enpsulation ppp

ip ospf message-digest -key 1 md5 kim

ip ospf network non-broadcast

bandwidth 64

clockrate 64000

ppp authentication chap

!

router ospf 1

passive-interface Ethernet0

network 192.1.2.0 0.0.0.255 area 2

network 192.1.4.0 0.0.0.255 area 2

network 192.7.1.0 0.0.0.255 area 0

neighbor 192.7.1.1 priority 1

neighbor 192.1.2.2 priority 1

area 0 authentication message-digest

area 2 authentication message-digest

area 2 range 192.1.0.0 255.255.0.0

!

no ip classless

ip ospf name-lookup

!

line con 0

line aux 0

line vty 0 4 

login 

!

end 

2511－1的设置

Current configuration：

！

version 11.3

no service password-encryption

!

hostname 2511-1

!

enable password cisco

!

username 2505 passweord 0 cisco

no ip domain-lookup

!

interface Ethernet0

ip address 192.4.1.1 255.255.255.0

!

interface Serial0

ip address 192.3.1.1 255.255.255.0

encapsulation frame-relay IETF

ip ospf message-digest-key 1 md5 kim

no ip mroute-cache

bandwidth 2000

frame-relay map ip 192.3.1.2 100 broadcast

frame-relay lmi-type cisco

!

interface Serial1

ip address 192.7.1.1 255.255.255.0

encapsulation ppp

ip ospf message-digest-key 1 md5 kim

ip ospf network non-broadcast

bandwidth 64

ppp authentication chap

!

router ospf 1 

passive-interface Ethernet0

network 192.3.1.0 0.0.0.255 area 0

network 192.4.1.0 0.0.0.255 area 0

network 192.7.1.0 0.0.0.255 area 0

neighbor 192.7.1.2 priority 1

neighbor 192.3.1.2 priority 1

area 0 authentication message-digest

!

no ip classless

!

line con 0

line 1 8

line aux 0

line vty 0 4 

login

!

end

2514的设置

Current configuration :

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname 2514

!

enable secret 5 $1$uoHU$Vks/lY CRi33z4TXs4qekI0

!

frame-relay switching

!

interface Ethernet0

ip address 192.5.1.1 255.255.255.0 

!

interface Ethernet1

no ip address

shutdown

!

interface Serial0

ip address 192.3.1.2 255.255.255.0

encapsulation frame-relay IETF

ip ospf message-digest-key 1 md5 kim

bandwidth 2000

clockrate 2000000

frame-relay map ip 192.3.1.1 100 broadcast 

frame-relay intf-type dce

!

interface Serial1

ip address 192.8.1.1 255.255.255.0

no ip mroute-cache

encapsulation X25 dce

ip ospf message-digest-key 2 md5 cisco

bandwidth 64

x25 address 1234

x25 htc 16

x25 nvc 4

x25 map ip 192.8.1.2 5678 broadcast

clockrate 64000

!

router ospf 1

network 192.3.1.0 0.0.0.255 area 0

network 192.5.1.0 0.0.0.255 area 0

network 192.8.1.0 0.0.0.255 area 0

neighbor 192.8.1.2 priority 1

neighbor 192.3.1.1 priority 1

area 0 authentication message-digest

!

no ip classless

!

line con 0

line aux 0

line vty 0 4 

login 

!

end 

2511-2的设置

Current configuration :

version 11.3

no service password-encryption

!

hostname 2511-2

!

enable secret 5 $1$7o5F$MSyFWzVf6JBgnjLJghHSB.

!

!

interface Ethernet0

ip address 192.2.4.1 255.255.255.0 

!

interface Serial0

ip address 192.8.1.2 255.255.255.0

encapsulation x25

ip ospf message-digest-key 2 md5 cisco

no ip mroute-cache

x25 address 5678

x25 htc 16

x25 nvc 4

x25 map ip 192.8.1.1 1234 broadcast

!

interface Serial1

ip address 192.2.2.1 255.255.255.0

ip ospf authentication-key kim 

ip ospf network non-broadcast

no ip mroute-cache

bandwidth 2000

clockrate 2000000

!

router ospf 1

passive-interface Ethernet0

network 192.2.2.0 0.0.0.255 area 1

network 192.2.4.0 0.0.0.255 area 1

network 192.8.1.0 0.0.0.255 area 0

neighbor 192.8.1.1 priority 1

neighbor 192.2.2.2 priority 1

area 0 authentication message-digest

area 1 authentication (疑应加上message-digest，但原文如此)

area 1 range 192.2.0.0 255.255.0.0

!

ip classless

!

line con 0

line 1 8

line aux 0

line vty 0 4 

login 

!

end

internal -1的设置

Building configuration...

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname internal-1

!

enable secret 5 $1$cF2M$z2T8Ohij5q/yn2RsiVaGE/

!

interface Ethernet0

no ip address 

shutdown

!

interface Serial0

ip address 192.2.2.2 255.255.255.0

ip ospf authentication-key kim 

ip ospf network non-broadcast

!

interface Serial1

no ip address 

shutdown

!

router ospf 1

network 92.2.2.0 0.0.0.255 area 1

neighbor 192.2.2.1 priority 1

area 1authentication 

!

no ip classless

!

line con 0

line 1 16

line aux 0

line vty 0 4 

login 

!

end