实验拓扑
二.实验需求
1.R4为ISP,其上只能配置I地址 R4与其他所有直连设备间均使用公有IP
2.R3-R5,R6,R7为MGRE环境,R3为中心站点;
3.整个OSPF环境IP基于172.16.0.0/16划分;
4.所有设备均可访问R4的环回;(需要做NAT)
5.减少LSA的更新量,加快收敛,保障更新安全;
1.(OSPF优化:特殊区域)
2.减少Hello时间与死亡时间,网络接口P2P/P2MP
3.设备间做认证
6.全网可达
三.IP划分
首先划分IP地址,整个OSPF环境IP基于172.16.0.0/16划分;划分6个区域,借三位。每个区域内又分为P2P骨干链路、MA骨干链路、末梢链路。
172.16.0.0/16
172.16.0000 0000.0 172.16.0.0 19区域0
P2P 172.16.0.0 24
172.16.0.0 30
172.16.0.4 30
172.16.0.8 30
MA 172 16 1 0 24
172.16.1.0 29
172.16.1.8 29
172.16.1.16 29
STUB
172.16.2.0 24
172.16.3.0 24
172.16.0010 0000.0 172.16.32.0 19区域1
P2P 172.16.32.0 24 172.16.32.0 30
172.16.32.4 30
172.16.32.8 30
MA 172.16.33.0 24 172.16.33.0 29
172.16.33.8 29
172.16.33.16 29
STUB 172.16.34.0 24 172.16.35.0 24
172.16.0100 0000.0 172.16.64.019 区域2
P2P 172.16.64.0 24 172.16.64.0 30 MA 172.16.65.0 24 172.16.65.0 29
STUB 172.16.66.0 24
172.16.0110 0000.0 172.16.96.019 区域 3
P2P 172.16.96.0 24 172.16.96.0 30
МА 172.16.97.0 24 172.16.97.0 29
STUB 172.16.98.0 24
172.16.1000 0000.0 172.16.128.0 19 rip P2P 172.16.128.0 24 172.16.128.0 30
МА 172.16.129.0 24 172.16.129.0 29
STUB 172.16.130.0 24
172.16.1010 0000.0 172.16.160.0 19 rip
P2P 172.16.160.0 24 172.16.160.0 30
МА 172.16.161.0 24 172.16.161.0 29
STUB 172.16.162.0 24
备用
172.16.11000000.0
172.16.11100000.0
R3 - R4之间划分的共有网段为 --- 34.0.0.0/24
R4 - R5之间划分的共有网段为 --- 45.0.0.0/24
R4 - R6之间划分的共有网段为 --- 46.0.0.0/24
R4 - R7之间划分的共有网段为 --- 47.0.0.0/24
R4的环回网段为 --- 4.4.4.0/24
实验步骤
1.配置IP地址
[r1]int GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 172.16.33.1 29
[r1]int LoopBack 0
[r1-LoopBack0]ip address 172.16.34.1 24
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[r2]int LoopBack 0
[r2-LoopBack0]ip address 172.16.35.1 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 172.16.33.3 29
[r3]int LoopBack 0
[r3-LoopBack0]ip address 172.16.36.1 24
[r3]int Serial 4/0/0
[r3-Serial4/0/0]ip address 34.0.0.1 24
[r4]int s4/0/0
[r4-Serial4/0/0]ip address 34.0.0.2 24
[r4]int s4/0/1
[r4-Serial4/0/1]ip address 45.0.0.2 24
[r4]int s3/0/0
[r4-Serial3/0/0]ip address 46.0.0.2 24
[r4-Serial3/0/0]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 47.0.0.2 24
[r4]int LoopBack 0
[r4-LoopBack0]ip address 4.4.4.4 24
[r5]int s4/0/0
[r5-Serial4/0/0]ip address 45.0.0.1 24
[r5]int LoopBack 0
[r5-LoopBack0]ip address 172.16.2.1 24
[r6]int s4/0/0
[r6-Serial4/0/0]ip address 46.0.0.1 24
[r6]int LoopBack 0
[r6-LoopBack0]ip address 172.16.3.1 24
[r6]int GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 172.16.65.1 29
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip address 47.0.0.1 24
[r7]int g0/0/1
[r7-GigabitEthernet0/0/1]ip address 172.16.97.1 29
[r7]int LoopBack 0
[r7-LoopBack0]ip address 172.16.4.1 24
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ip address 172.16.97.2 29
[r8]int g0/0/1
[r8-GigabitEthernet0/0/1]ip address 172.16.97.9 29
[r8]int LoopBack 0
[r8-LoopBack0]ip address 172.16.98.1 24
[r9]int g0/0/0
[r9-GigabitEthernet0/0/0]ip address 172.16.97.10 29
[r9]int g0/0/1
[r9-GigabitEthernet0/0/1]ip address 172.16.129.1 29
[r9]int LoopBack 0
[r9-LoopBack0]ip address 172.16.130.1 24
[r10]int g0/0/0
[r10-GigabitEthernet0/0/0]ip address 172.16.129.2 29
[r10]int LoopBack 0
[r10-LoopBack0]ip address 172.16.131.1 24
[r11]int g0/0/0
[r11-GigabitEthernet0/0/0]ip address 172.16.65.2 29
[r11]int g0/0/1
[r11-GigabitEthernet0/0/1]ip address 172.16.65.9 29
[r11]int LoopBack 0
[r11-LoopBack0]ip address 172.16.66.1 24
[r12]int g0/0/0
[r12-GigabitEthernet0/0/0]ip address 172.16.65.10 29
[r12]int LoopBack 0
[r12-LoopBack0]ip address 172.16.162.1 24
[r12]int LoopBack 1
[r12-LoopBack1]ip address 172.16.163.1 24
2.配置缺省使公网全通
[r3]ip route-static 0.0.0.0 0 34.0.0.2
[r7]ip route-static 0.0.0.0 0 47.0.0.2
[r6]ip route-static 0.0.0.0 0 46.0.0.2
[r5]ip route-static 0.0.0.0 0 45.0.0.2
3.R3-R5/6/7为MGRE环境,R3为中心站点;
隧道接口改为p2mp
[r3-Tunnel0/0/0]ospf network-type p2mp
[r5-Tunnel0/0/0]ospf network-type p2mp
[r6-Tunnel0/0/0]ospf network-type p2mp
[r7-Tunnel0/0/0]ospf network-type p2mp
4.配置OSPF和RIP
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]net
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]net
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.7.255
[r3-ospf-1-area-0.0.0.1]q
[r3-ospf-1]a 0
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]a 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[r6-ospf-1-area-0.0.0.0]q
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r7-ospf-1-area-0.0.0.0]q
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]net
[r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9-ospf-1-area-0.0.0.3]q
[r9-ospf-1]q
[r9]ospf 2
[r9-ospf-2]a 4
[r9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.3.255
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]a 4
[r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[r12-ospf-1-area-0.0.0.2]q
[r12-ospf-1]q
[r12]rip
[r12-rip-1]v 2
[r12-rip-1]net
[r12-rip-1]network 172.16.0.0
重发布
将rip和area 4重发布到ospf中
[r9]ospf 1
[r9-ospf-1]import-route ospf 2
[r12]ospf 1
[r12-ospf-1]import-route rip 1
[r9-ospf-2]default-route-advertise-----在R9上下发一条5类缺省
5.OSPF路由汇总
[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r9]ospf 1
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[r12]ospf 1
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
6.做特殊区域
1、area1的完全末梢区域
[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]stub
[r2]ospf 1
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]stub
[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]stub no-summary
查看area1的lsdb表
查看路由表:
2、area2的完全的非完全末梢
[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary
[r11]ospf 1
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]nssa
[r12]ospf 1
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]nssa
查看area2的lsdb表:
查看路由表:
3、area3的完全的非完全末梢区域
[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]nssa no-summary
[r8]ospf 1
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]nssa
[r9]ospf 1
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]nssa
查看area3的lsdb表
查看路由表:
7.防环设计
[r3]ip route-static 172.16.32.0 19 NULL 0
[r6]ip route-static 172.16.64.0 19 NULL 0
[r7]ip route-static 172.16.96.0 19 NULL 0
[r9]ip route-static 172.16.128.0 19 NULL 0
[r12]ip route-static 172.16.160.0 19 NULL 0
8.配置NAT
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-acl-basic-2000]q
[r3]int Serial 4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]q
[r6]int Serial 4/0/0
[r6-Serial4/0/0]nat outbound 2000
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7-acl-basic-2000]q
[r7]int GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
测试全网
9.加快收敛
[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ospf timer hello 10
[r5]int t 0/0/0
[r5-Tunnel0/0/0]ospf timer hello 10
[r6]int t 0/0/0
[r6-Tunnel0/0/0]ospf timer hello 10
[r7]int t 0/0/0
[r7-Tunnel0/0/0]ospf timer hello 10
10.OSPF认证
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
[r3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[r5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[r6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[r6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huawei
[r7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[r7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huawei
[r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huawei
[r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huawei
[r9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher huawei
[r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher huawei
[r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huawei
[r12-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei