OSPF及路由引入實驗
阿新 • • 發佈:2020-08-16
1、按規劃配置OSPF 及宣告介面到相應區域裡 AR1 router-id 1.1.1.1 AR2 router-id 2.2.2.2 AR3 router-id 3.3.3.3 AR4 router-id 4.4.4.4 2、控制DR 選舉,讓AR3成為DR,AR2成為BDR,AR1不參加選舉;對區域1的172.16的路由進行精確彙總 3、修改COST 讓區域3優選s0/0/0鏈路,備用s0/0/1鏈路 4、區域0實現基於區域的MD5認證,密碼為hcda001,區域3實現基於介面的明文認證密碼為huawei 5、AR4和AR5配置RIP 互通(模擬的外網不宣告),在AR5手工寫靜態預設路由並引入RIP。 6、AR4上進行RIP 和OSPF 的雙向路由引入,併為OSPF 通告預設路由,實現全網全通。
一、實驗配置參考:
AR1配置
interface GigabitEthernet0/0/0 ip address 123.1.1.1 255.255.255.0 ospf dr-priority 0 //優先順序是0 不能參與DR 選舉,預設是1 interface LoopBack0 ip address 192.168.1.1 255.255.255.0 ospf network-type broadcast //迴環介面修改介面型別,為了讓其它路由器計算出/24 位掩碼的路由,不改是/32 掩碼的 路由 # interface LoopBack1 ip address 172.16.0.1 255.255.255.0 # interface LoopBack2 ip address 172.16.1.1 255.255.255.0 # interface LoopBack3 ip address 172.16.2.1 255.255.255.0 # interface LoopBack4 ip address 172.16.3.1 255.255.255.0 # ospf 1 router-id 1.1.1.1 //指定router-id 並進入OSPF 程序1 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 //基於區域進行MD5 認證 network 123.1.1.0 0.0.0.255 area 0.0.0.1 abr-summary 172.16.0.0 255.255.252.0 //在ABR 上對路由進行手工彙總 network 192.168.1.0 0.0.0.255 network 172.16.0.0 0.0.3.255 # return
AR2的配置
interface Ethernet0/0/0 ip address 123.1.1.2 255.255.255.0 ospf dr-priority 5 //修改DR 選舉的優先順序,這裡是次優的,故R2 是BDR # interface LoopBack0 ip address 192.168.2.1 255.255.255.0 ospf network-type broadcast # ospf 1 router-id 2.2.2.2 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 network 123.1.1.0 0.0.0.255 area 0.0.0.2 network 192.168.2.0 0.0.0.255 # AR3的
AR3的配置
# interface Ethernet0/0/0 ip address 123.1.1.3 255.255.255.0 ospf dr-priority 10 //修改DR 選舉的優先順序,這裡是最優的,故R3 是DR # interface Serial0/0/0 link-protocol ppp ip address 34.1.1.1 255.255.255.252 ospf authentication-mode simple plain huawei //配置基於介面的認證 ospf cost 800 //在介面下手工修改開銷,主用路徑 # interface Serial0/0/1 link-protocol ppp ip address 34.1.1.5 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 1000 //在介面下手工修改開銷,備用路徑 # interface LoopBack0 ip address 192.168.3.1 255.255.255.0 ospf network-type broadcast # ospf 1 router-id 3.3.3.3 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 network 123.1.1.0 0.0.0.255 area 0.0.0.3 network 192.168.3.0 0.0.0.255 network 34.1.1.0 0.0.0.7 # return
AR4的配置
# interface Ethernet0/0/0 ip address 45.1.1.1 255.255.255.0 # interface Serial0/0/0 link-protocol ppp ip address 34.1.1.2 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 800 # interface Serial0/0/1 link-protocol ppp ip address 34.1.1.6 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 1000 # interface LoopBack0 ip address 192.168.4.1 255.255.255.0 # ospf 1 router-id 4.4.4.4 default-route-advertise //在ASBR 上為其它OSPF 路由器通知預設路由,不改R1 上沒有0.0.0.0/0 的OSE 預設路 由 import-route rip 1 cost 2000 //引入RIP 路由域的路由進入OSPF 路由域(19.168.5.0、24 的路由) area 0.0.0.3 network 34.1.1.0 0.0.0.7 # rip 1 //RIP 的配置 undo summary version 2 network 192.168.4.0 network 45.0.0.0 import-route ospf 1 cost 5 //引入OSPF 的路由進入RIP 路由域 # return
AR5的配置
# interface Ethernet0/0/0 ip address 45.1.1.2 255.255.255.0 # interface LoopBack0 ip address 192.168.5.1 255.255.255.0 # interface LoopBack100 ip address 100.100.100.100 255.255.255.0 # interface LoopBack200 ip address 200.200.200.200 255.255.255.0 # rip 1 undo summary default-route originate cost 1 //RIP 通告預設路由 version 2 network 45.0.0.0 network 192.168.5.0 # ip route-static 0.0.0.0 0.0.0.0 LoopBack100 //模擬的去公網的路由 #
二、檢查配置
1、在AR1上可以驗證DR 選舉
<R1>dis ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 123.1.1.1(GigabitEthernet0/0/0)'s neighbors Router ID: 2.2.2.2 Address: 123.1.1.2 State: Full Mode:Nbr is Master Priority: 5 DR: 123.1.1.3 BDR: 123.1.1.2 MTU: 0 Dead timer due in 32 sec Retrans timer interval: 4 Neighbor is up for 01:03:15 Authentication Sequence: [ 3662] Router ID: 3.3.3.3 Address: 123.1.1.3 State: Full Mode:Nbr is Master Priority: 10 DR: 123.1.1.3 BDR: 123.1.1.2 MTU: 0 Dead timer due in 27 sec Retrans timer interval: 0 Neighbor is up for 01:03:16 Authentication Sequence: [ 3671] <R1>
2、在路由器上驗證區域認證
<R1>dis ospf brief OSPF Process 1 with Router ID 1.1.1.1 OSPF Protocol Information RouterID: 1.1.1.1 Border Router: AREA Multi-VPN-Instance is not enabled Global DS-TE Mode: Non-Standard IETF Mode Graceful-restart capability: disabled Helper support capability : not configured Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 12 RFC 1583 Compatible Retransmission limitation is disabled Area Count: 2 Nssa Area Count: 0 ExChange/Loading Neighbors: 0 Process total up interface count: 6 Process valid up interface count: 1 Area: 0.0.0.0 (MPLS TE not enabled) Authtype: MD5 Area flag: Normal SPF scheduled Count: 12 ExChange/Loading Neighbors: 0 Router ID conflict state: Normal
3、在AR1上檢查OSPF 路由表
<R1> dis ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 8 Routes : 8 OSPF routing table status : <Active> Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 123.1.1.3 GigabitEthernet 0/0/0 34.1.1.0/30 OSPF 10 801 D 123.1.1.3 GigabitEthernet 0/0/0 34.1.1.4/30 OSPF 10 1801 D 123.1.1.3 GigabitEthernet 0/0/0 45.1.1.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.2.0/24 OSPF 10 1 D 123.1.1.2 GigabitEthernet 0/0/0 192.168.3.0/24 OSPF 10 1 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.4.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.5.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
4、在AR4(ASBR)上檢查全域性路由表
<R4>dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 25 Routes : 25 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 RIP 100 2 D 45.1.1.2 GigabitEthernet 0/0/0 34.1.1.0/30 Direct 0 0 D 34.1.1.2 Serial1/0/0 34.1.1.1/32 Direct 0 0 D 34.1.1.1 Serial1/0/0 34.1.1.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0 34.1.1.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0 34.1.1.4/30 Direct 0 0 D 34.1.1.6 Serial1/0/1 34.1.1.5/32 Direct 0 0 D 34.1.1.5 Serial1/0/1 34.1.1.6/32 Direct 0 0 D 127.0.0.1 Serial1/0/1 34.1.1.7/32 Direct 0 0 D 127.0.0.1 Serial1/0/1 45.1.1.0/24 Direct 0 0 D 45.1.1.1 GigabitEthernet 0/0/0 45.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 45.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 123.1.1.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.0.0/22 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.1.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.2.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.3.0/24 OSPF 10 800 D 34.1.1.1 Serial1/0/0 192.168.4.0/24 Direct 0 0 D 192.168.4.1 LoopBack0 192.168.4.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 192.168.4.255/32 Direct 0 0 D 127.0.0.1 LoopBack0 192.168.5.0/24 RIP 100 1 D 45.1.1.2 GigabitEthernet 0/0/0
5、驗證全網聯通性
<R1>ping 192.168.3.1 PING 192.168.3.1: 56 data bytes, press CTRL_C to break Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=60 ms Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=50 ms Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 192.168.3.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=50 ms --- 192.168.3.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/50/60 ms <R1>ping 100.100.100.100 PING 100.100.100.100: 56 data bytes, press CTRL_C to break Reply from 100.100.100.100: bytes=56 Sequence=1 ttl=253 time=100 ms Reply from 100.100.100.100: bytes=56 Sequence=2 ttl=253 time=70 ms Reply from 100.100.100.100: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 100.100.100.100: bytes=56 Sequence=4 ttl=253 time=70 ms Reply from 100.100.100.100: bytes=56 Sequence=5 ttl=253 time=40 ms --- 100.100.100.100 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/66/100 ms <R1>
<R4>ping 172.16.1.1 PING 172.16.1.1: 56 data bytes, press CTRL_C to break Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=254 time=70 ms Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=254 time=60 ms Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=254 time=50 ms Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=254 time=50 ms --- 172.16.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/58/70 ms <R4>ping 200.200.200.200 PING 200.200.200.200: 56 data bytes, press CTRL_C to break Reply from 200.200.200.200: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 200.200.200.200: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 200.200.200.200: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 200.200.200.200: bytes=56 Sequence=4 ttl=255 time=10 ms Reply from 200.200.200.200: bytes=56 Sequence=5 ttl=255 time=20 ms --- 200.200.200.200 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/20/30 ms <R4>