1.使用172.16.0.0/16划分网络
172.16.0.0/27 area 0
172.16.0.64/27 area 1
172.16.0.128/27 area 2
172.16.0.192/27 area 3
2.使用ospf协议合理规划区域保证更新安全
1.使用ospf协议合理规划区域
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
2.保证更新安全
[r3]in
[r3]info-center
[r3]interface g0/0/0
[r3-GigabitEthernet0/0/0]os
[r3-GigabitEthernet0/0/0]ospf a
[r3-GigabitEthernet0/0/0]ospf authentication-mode s
[r3-GigabitEthernet0/0/0]ospf authentication-mode simple c
[r3-GigabitEthernet0/0/0]ospf authentication-mode simple cipher 123
[r3-GigabitEthernet0/0/0]os
[r3-GigabitEthernet0/0/0]ospf a
[r3-GigabitEthernet0/0/0]ospf authentication-mode m
[r3-GigabitEthernet0/0/0]ospf authentication-mode md5
[r3]os
[r3]ospf 1
[r3-ospf-1]a
[r3-ospf-1]arp-ping
[r3-ospf-1]asbr-summary
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]a
[r3-ospf-1-area-0.0.0.0]arp-ping
[r3-ospf-1-area-0.0.0.0]authentication-mode s
[r3-ospf-1-area-0.0.0.0]authentication-mode simple c
[r3-ospf-1-area-0.0.0.0]authentication-mode simple cipher 123
[r3]os
[r3]ospf 1
[r3-ospf-1]a
[r3-ospf-1]arp-ping
[r3-ospf-1]asbr-summary
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]a
[r3-ospf-1-area-0.0.0.0]arp-ping
[r3-ospf-1-area-0.0.0.0]authentication-mode s
[r3-ospf-1-area-0.0.0.0]authentication-mode simple c
[r3-ospf-1-area-0.0.0.0]authentication-mode simple cipher 123
[r3-ospf-1-area-0.0.0.0]a
[r3-ospf-1-area-0.0.0.0]abr-summary
[r3-ospf-1-area-0.0.0.0]arp-ping
[r3-ospf-1-area-0.0.0.0]authentication-mode md
[r3-ospf-1-area-0.0.0.0]authentication-mode md5
3.加快收敛速度
[r3-GigabitEthernet0/0/0]os
[r3-GigabitEthernet0/0/0]ospf t
[r3-GigabitEthernet0/0/0]ospf trans-delay
[r3-GigabitEthernet0/0/0]ospf timer h
[r3-GigabitEthernet0/0/0]ospf timer hello 5
[r3-GigabitEthernet0/0/0]ospf timer dead 20
4.router1为DR没有BDR
[r3]interface g0/0/0
[r3-GigabitEthernet0/0/0]os
[r3-GigabitEthernet0/0/0]ospf d
[r3-GigabitEthernet0/0/0]ospf dr-priority 0
5.pc2345自动获取ip地址
pc打开dhcp自动获取ip
r1]interface l
[r1]interface LoopBack 0
[r1-LoopBack0]ip ad
[r1-LoopBack0]ip address 1.1.1.1 32
[r1-LoopBack0]in
[r1-LoopBack0]quit
[r1]int
[r1]interface g0/0/1
[r1-GigabitEthernet0/0/1]ip ad
[r1-GigabitEthernet0/0/1]ip address 11.1.1.1 24
[r1]dhcp en
[r1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[r1]ip p
[r1]ip policy-based-route
[r1]ip pool 1
Info: It's successful to create an IP address pool.
[r1-ip-pool-1]ne
[r1-ip-pool-1]netbios-type
[r1-ip-pool-1]network 11.1.1.0 mas
[r1-ip-pool-1]network 11.1.1.0 mask 255.255.255.0
[r1-ip-pool-1]ga
[r1-ip-pool-1]gateway-list 11.1.1.1
[r1-ip-pool-1]dns
[r1-ip-pool-1]dns-list 8.8.8.8 114.114.114.144
6.router7为运营商只能配置ip地址
7.pc4可以ping通router6但不能登录router6
[r7]acl 3000
[r7-acl-adv-3000]rule deny tcp source 192.168.3.2 0.0.0.0 destination 172.16.0.1
destination-port eq 23
[r7]interface g0/0/1
[r7-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[r7-acl-adv-3000]rule deny icmp source 192.168.3.2 0.0.0.0 destination 172.16.0.1
0.0.0.0 icmp-type echo-reply
8.pc3可以ping通pc5但pc5不能ping通pc3
[r5]acl 3000
[r5-acl-adv-3000]ru
[r5-acl-adv-3000]rule d
[r5-acl-adv-3000]rule deny i
[r5-acl-adv-3000]rule deny icmp s
[r5-acl-adv-3000]rule deny icmp source 192.168.2.2 0.0.0.0 d
[r5-acl-adv-3000]rule deny icmp source 192.168.2.2 0.0.0.0 destination 192.168.4
.2 0.0.0.0 ic
[r5-acl-adv-3000]rule deny icmp source 192.168.2.2 0.0.0.0 destination 192.168.4
.2 0.0.0.0 icmp-type e
[r5-acl-adv-3000]rule deny icmp source 192.168.2.2 0.0.0.0 destination 192.168.4
.2 0.0.0.0 icmp-type echo
[r5-acl-adv-3000]rule deny icmp source 192.168.2.2 0.0.0.0 destination 192.168.4
.2 0.0.0.0 icmp-type echo-reply
[r5-acl-adv-3000]quit
[r5]in
[r5]info-center
[r5]interface g0/0/1
[r5-GigabitEthernet0/0/1]tr
[r5-GigabitEthernet0/0/1]tracert
[r5-GigabitEthernet0/0/1]traffic-filter in
[r5-GigabitEthernet0/0/1]traffic-filter inbound a
[r5-GigabitEthernet0/0/1]traffic-filter inbound acl 3000