OSPF综合实验（命令可直接复制应用）

hy22040303

于 2024-07-29 09:53:39 发布

阅读量378

点赞数 4

文章标签：网络智能路由器服务器

本文链接：https://blog.csdn.net/hy22040303/article/details/140756735

版权

一.实验要求 + 拓扑

二.实验思路
1.划分IP地址(基于172.16.0.0/16 -->按区域划分)
2.配置各个路由器的接口IP和环回口IP
3.配置路由(ospf -> 私网通, 缺省路由 ->公网通, mgre -> 私网之间通,路由引入-->域间通信 )
4.OSPF中使用路由聚合,划分特殊区域减少lsa条目,更改hello时间加快收敛,配置区域认证保障安全

三.实验代码

IP配置

sys

sysname R1

int g0/0/0

ip add 172.16.33.1 24

q

int l0

ip add 172.16.34.1 24

sys

sys R2

int g0/0/0

ip add 172.16.33.2 24

int l0

ip add 172.16.35.2 24

sys R3

int g0/0/0

ip add 172.16.33.3 24

int l0

ip add 172.16.36.3 24

q

int s4/0/0

ip add 34.0.0.3 24

sys R4

int s4/0/0

ip add 34.0.0.4 24

int s4/0/1

ip add 45.0.0.4 24

int s3/0/0

ip add 46.0.0.4 24

int g0/0/0

ip add 47.0.0.4 24

Int l0

ip add 172.16.2.4 24

q

sys R5

int s4/0/0

ip add 45.0.0.5 24

int l0

ip add 172.16.3.5 24

q

sys R6

int s4/0/0

ip add 46.0.0.6 24

int g0/0/0

ip add 172.16.65.1 30

int l0

ip add 172.16.4.6 24

q

sys R7

int g0/0/0

ip add 47.0.0.7 24

int g0/0/1

ip add 172.16.97.1 30

int l0

ip add 172.16.5.7 24

sys R8

int g0/0/0

ip add 172.16.97.2 30

int g0/0/1

ip add 172.16.97.5 30

int l0

ip add 172.16.98.8 24

q

sys R9

int g0/0/0

ip add 172.16.97.6 30

int g0/0/1

ip add 172.16.129.1 30

int l0

ip add 172.16.130.9 24

R10

sys R10

int g0/0/0

ip add 172.16.129.2 30

int l0

ip add 172.16.131.10 24

q

R11

sys R11

int g0/0/0

ip add 172.168.65.2 30

int g0/0/1

ip add 172.16.65.5 30

int l0

ip add 172.16.66.11 24

q

R12

sys R12

int g0/0/0

ip add 172.16.65.6 30

int l0

ip add 172.16.160.12 24

int l1

ip add 172.16.161.12 24

q

公网(缺省):

ip route-static 0.0.0.0 0 34.0.0.4

ip route-static 0.0.0.0 0 45.0.0.4

ip route-static 0.0.0.0 0 46.0.0.4

ip route-static 0.0.0.0 0 47.0.0.4

私网(OSPF/rip）

area 1

R1

ospf 1 router-id 1.1.1.1

a 1

network 172.16.34.0 0.0.0.255

network 172.16.33.0 0.0.0.255

q

ospf 1 router-id 2.2.2.2

a 1

network 172.16.35.0 0.0.0.255

network 172.16.33.0 0.0.0.255

ospf 1 router-id 3.3.3.3

a 1

network 172.16.33.0 0.0.0.255

network 172.16.36.0 0.0.0.255

area 0

R4

ospf 1 router-id 4.4.4.4
a 0
network 172.16.2.0 0.0.0.255

R5

ospf 1 router-id 5.5.5.5
a 0
network 172.16.3.0 0.0.0.255

R6

ospf 1 router-id 6.6.6.6
a 0
network 172.16.4.0 0.0.0.25

R7

ospf 1 router-id 7.7.7.7
a 0
net 172.16.5.0 0.0.0.255

area 2

R6

ospf 1 router-id 6.6.6.6
a 2
ne 172.16.65.0 0.0.0.3

R11

ospf 1 router-id 11.11.11.11

a 2

ne 172.16.65.0 0.0.0.3

ne 172.16.65.4 0.0.0.3

ne 172.16.66.0 0.0.0.255

R12

ospf 1 router-id 12.12.12.12
a 2
ne 172.16.65.4 0.0.0.3

area 3

R7

ospf 1 router-id 7.7.7.7

a 3

ne 172.16.97.0 0.0.0.3

R8

ospf 1 router-id 8.8.8.8

a 3

ne 172.16.97.0 0.0.0.3

ne 172.16.98.0 0.0.0.255

ne 172.16.97.4 0.0.0.3

ospf 1 router-id 9.9.9.9

a 3

ne 172.16.97.4 0.0.0.3

ne 172.16.130.0 0.0.0.255

area 4

非规则区域当作域外处理,所以这里用的ospf进程2

R9

ospf 2 router-id 9.9.9.9

a 4

ne 172.16.129.0 0.0.0.3

R10

ospf 2 router-id 10.10.10.10

a 4

ne 172.16.129.0 0.0.0.3

ne 172.16.131.0 0.0.0.255

rip

R12

rip 100
v 2
un summary
network 172.16.0.0

配置mgre

基础配置

R3

int t0/0/0

ip add 172.16.6.3 24

tunnel-protocol gre p2mp

source s4/0/0

nhrp network-id 200

nhrp entry multicast dynamic

R5

int t0/0/0

ip add 172.16.6.5 24

tunnel-protocol gre p2mp

source s4/0/0

nhrp network-id 200

nhrp entry 172.16.6.3 34.0.0.3 register

R6

int t0/0/0

ip add 172.16.6.6 24

tunnel-protocol gre p2mp

source s4/0/0

nhrp network-id 200

nhrp entry 172.16.6.3 34.0.0.3 register

R7

int t0/0/0

ip add 172.16.6.7 24

tunnel-protocol gre p2mp

source g0/0/0

nhrp network-id 200

nhrp entry 172.16.6.3 34.0.0.3 register

ospf配置

ospf 1

a 0

ne 172.16.6.0 0.0.0.255

更改隧道接口类型+关闭R5~R7的DR竞选优先级

int t0/0/0

ospf network-type broadcast

int t0/0/0

ospf network-type broadcast

ospf dr-priority 0

配置NAT(easy-IP)

(私网访问公网)

(私网到达公网的缺省路由在之后的特殊区域划分会自动下发)

acl 2000

rule permit source 172.16.0.0 0.0.255.255

q

int s4/0/0

nat outbound 2000

sys

acl 2000

rule permit source 172.16.0.0 0.0.255.255

q

int s4/0/0

nat outbound 2000

sys

acl 2000

rule permit source 172.16.0.0 0.0.255.255

q

int g0/0/0

nat outbound 2000

路由引入(ASBR)

area4属于非规则区域,和rip一起需要进行路由引入

ASBR:R9

ospf 1

import-route ospf 2

ASBR:R12

ospf 1
import-route rip 100

4.进行优化

根据实验要求,减少lsa的更新数量,加快收敛,保障安全

1.减少lsa更新量

A.路由聚合

(减少区域0的lsa更新数量)

1.abr路由聚合

area 1(R3进行abr聚合 area1的IP:172.16.32.0/19)

ospf 1

area 1

abr-summary 172.16.32.0 255.255.224.0

area 2(R6进行abr聚合 area2的IP:172.16.64.0/19)

ospf 1

a 2

abr-summary 172.16.64.0 255.255.224.0

area 3(R7进行abr聚合 area3的IP:172.16.96.0/19)

ospf 1

a 3

abr-summary 172.16.96.0 255.255.224.0

2.asbr路由聚合

rip ->R12上进行, rip区域的IP为: 172.16.160.0/19

ospf 1

asbr-summary 172.16.160.0 255.255.224.0

area4 ->R9上进行, area区域的IP为: 172.16.128.0/19

ospf 1

asbr-summary 172.16.128.0 255.255.224.0

B.特殊区域的划分

total-stub(完全末梢区域)

area1

R1~R3

ospf 1

a 1

[R1-ospf-1-area-0.0.0.1]stub no-summary

ospf 1

a 1

[R2-ospf-1-area-0.0.0.1]stub no-summary

ospf 1

a 1

[R3-ospf-1-area-0.0.0.1]stub no-summary

total-NSSA(完全非纯末梢区域)

area2

R6, R11~R2

[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1-area-0.0.0.2]nssa no-summary

[R12-ospf-1-area-0.0.0.2]nssa no-summary

area3

R7~R9

[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R8-ospf-1-area-0.0.0.3]nssa no-summary

[R9-ospf-1-area-0.0.0.3]nssa no-summary

因为area4没有设置特殊区域所以R9需要给R10下发一条默认缺省

要在进程2下配置

sys

ospf 2

default-route-advertise always

2.更改hello包的刷新时间

进入接口更改,区域零没改

area1

[R1-GigabitEthernet0/0/0]ospf timer hello 5

[R2-GigabitEthernet0/0/0]ospf timer hello 5

[R3-GigabitEthernet0/0/0]ospf timer hello 5

area2

[R6-GigabitEthernet0/0/0]ospf timer hello 5

[R11-GigabitEthernet0/0/0]ospf timer hello 5

[R11-GigabitEthernet0/0/1]ospf timer hello 5

[R12-GigabitEthernet0/0/0]ospf timer hello 5

area3

[R7-GigabitEthernet0/0/1]ospf timer hello 5

[R8-GigabitEthernet0/0/1]ospf timer hello 5

[R8-GigabitEthernet0/0/0]ospf timer hello 5

[R9-GigabitEthernet0/0/0]ospf timer hello 5

area4

[R9-GigabitEthernet0/0/1]ospf timer hello 5

[R10-GigabitEthernet0/0/0]ospf timer hello 5

3.配置区域认证(保证更新安全)

area0

[R3]ospf 1

[R3-ospf-1]a 0

[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huaiyu

[R5]ospf 1

[R5-ospf-1]a 0

[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huaiyu

R6

[R6]ospf 1

[R6-ospf-1]a 0

[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huaiyu

<R7>sys

Enter system view, return user view with Ctrl+Z.

[R7]ospf 1

[R7-ospf-1]a 0

[R7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huaiyu

area1

[R1]ospf 1

[R1-ospf-1]area 1

[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huaiyu

[R2]ospf 1

[R2-ospf-1]a 1

[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huaiyu

[R3]ospf 1

[R3-ospf-1]a 1

[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huaiyu

area2

[R6]ospf 1

[R6-ospf-1]a 2

[R6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huaiyu

R11

[R11]ospf 1

[R11-ospf-1]a 2

[R11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huaiyu

R12

[R12]ospf 1

[R12-ospf-1]a 2

[R12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher huaiyu

area3

[R7]ospf 1

[R7-ospf-1]a 3

[R7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huaiyu

[R8]ospf 1

[R8-ospf-1]a 3

[R8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huaiyu

[R9]ospf 1

[R9-ospf-1]a 3

[R9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher huaiyu

area4

[R9]ospf 2

[R9-ospf-2]a 4

[R9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher huaiyu

R10

[R10]ospf 2

[R10-ospf-2]a 4

[R10-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher huaiyu

全网通测试

R1 ping R4

R10 ping R5环回

R10 ping R1环回

hy22040303

关注

4
点赞
踩
5

收藏

觉得还不错? 一键收藏
0
评论
OSPF综合实验（命令可直接复制应用）

3.配置路由(ospf -> 私网通, 缺省路由 ->公网通, mgre -> 私网之间通,路由引入-->域间通信 )4.OSPF中使用路由聚合,划分特殊区域减少lsa条目,更改hello时间加快收敛,配置区域认证保障安全。1.划分IP地址(基于172.16.0.0/16 -->按区域划分)2.配置各个路由器的接口IP和环回口IP。一.实验要求 + 拓扑。
复制链接

扫一扫