IP第五次作业

1.拓扑及要求：

2.分析：

先配置各网段及环回IP，并使用RIP和OSPF以及双向路由引入使得全网通；

使用路由过滤实现3.4；

要求五使用静默接口；

3.实验开始：

首先进行IP配置：
R1:

<Huawei>sys
Apr 23 2024 19:37:28-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt
hernet0/0/0 has turned into UP state.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 100.1.1.1 24
Apr 23 2024 19:38:40-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip add 192.168.0.1 24
[R1-LoopBack0]int l1
[R1-LoopBack1]ip add 192.168.1.1 24
R2:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 100.1.1.2 24
Apr 23 2024 19:39:23-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 100.2.2.1 24
Apr 23 2024 19:39:42-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
R3:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
[R3]
[R3]
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 100.2.2.2 24
Apr 23 2024 19:40:17-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 100.3.3.1 24
Apr 23 2024 19:40:33-08:00 R3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R3-GigabitEthernet0/0/1]int l0
[R3-LoopBack0]ip add 192.168.2.1 24
[R3-LoopBack0]int l1
[R3-LoopBack1]ip add 192.168.3.1 24
R4:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R4
[R4]
[R4]
[R4]
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 100.3.3.2 24
Apr 23 2024 19:41:34-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R4-GigabitEthernet0/0/0]int l0
[R4-LoopBack0]ip add 192.168.4.1 24
[R4-LoopBack0]int l1
[R4-LoopBack1]ip add 192.168.5.1 24
使用dis ip int b查看配置情况（以R1为例）：

接口成功刷出up，配置成功

接下来是使用RIP和OSPF以及双向路由引入使得全网通：

R1:

[R1]rip 1
[R1-rip-1]v 2
[R1-rip-1]net 100.0.0.0
[R1-rip-1]net 192.168.0.0
R2:

[R2]ospf 1 rou    
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 100.2.2.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]q
[R2]rip 1
[R2-rip-1]v 2
[R2-rip-1]net 100.0.0.0
R3:

[R3]ospf 1 r    
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 100.2.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]a 1
[R3-ospf-1-area-0.0.0.1]net 100.3.3.0 0.0.0.255
 R4:
[R4]ospf 1 r    
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]a 1
[R4-ospf-1-area-0.0.0.1]net 100.3.3.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]net 192.168.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]net 192.168.5.0 0.0.0.255
路由引入，在R2上：

[R2]rip 1
[R2-rip-1]im    
[R2-rip-1]import-route ospf
[R2-rip-1]q
[R2]ospf 1
[R2-ospf-1]im    
[R2-ospf-1]import-route rip
接下来ping一个，我这里直接使用R1的环回ping的R4的环回：

已经实现了ip配置和全网通，接下来是路由过滤，双向引入时不能引入R4的业务网段即R4的环回：
同样的在R2上：

[R2]acl 2000

[R2-acl-basic-2000]rule d    
[R2-acl-basic-2000]rule deny s    
[R2-acl-basic-2000]rule deny source 192.168.4.0 0.0.1.255
[R2-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000   
 rule 10 deny source 192.168.4.0 0.0.1.255 
#
return
[R2-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000  
 rule 10 deny source 192.168.4.0 0.0.1.255 
#
return
[R2-acl-basic-2000]rule p    
[R2-acl-basic-2000]rule permit s    
[R2-acl-basic-2000]rule permit source 0.0.0.0 255.255.255.255
[R2-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000  
 rule 10 deny source 192.168.4.0 0.0.1.255 
 rule 15 permit 
#
return
[R2-acl-basic-2000]q
[R2]route-p    
[R2]route-policy aa p    
[R2]route-policy aa permit node 10
Info: New Sequence of this List.
[R2-route-policy]if-ma    
[R2-route-policy]if-match acl 2000
[R2-route-policy]q
[R2]rip    
[R2]rip 1
[R2-rip-1]dis th
[V200R003C00]
#
rip 1
 version 2
 network 100.0.0.0
 import-route ospf 1
#
return
[R2-rip-1]im    
[R2-rip-1]import-route 
[R2-rip-1]import-route ospf 1 rou    
[R2-rip-1]import-route ospf 1 route-policy aa
[R2-rip-1]q
[R2]dis th
[V200R003C00]
#
 sysname R2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
return
[R2]rip 1
[R2-rip-1]dis th
[V200R003C00]
#
rip 1
 version 2
 network 100.0.0.0
 import-route ospf 1 route-policy aa
#
return

注意，需要在RIP下重新引入：import-route ospf 1 route-policy aa

还是在R1上，刚才可以pingR4业务网段，那么现在：

成功，接下来，要让R4无法学习R1的业务网段，要用prefix-list：
在R4上：
[R4]ip ip-pre    
[R4]ip ip-prefix aa index 10 deny 192.168.0.0 23 l    
[R4]ip ip-prefix aa index 10 deny 192.168.0.0 23 less-equal 32
[R4]ip ip-    
[R4]ip ip-prefix aa index 20 p    
[R4]ip ip-prefix aa index 20 permit 0.0.0.0 l    
[R4]ip ip-prefix aa index 20 permit 0.0.0.0 less    
[R4]ip ip-prefix aa index 20 permit 0.0.0.0 0 les     
[R4]ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32
[R4]fi    
[R4]fib
[R4]file
[R4]firewall
[R4]firewall-nat
[R4]ospf 1
[R4-ospf-1]fil    
[R4-ospf-1]filter-lsa-out
[R4-ospf-1]filter-policy ip    
[R4-ospf-1]filter-policy ip-prefix aa i    
[R4-ospf-1]filter-policy ip-prefix aa import 

观察路由表：

过滤成功；
最后，是OSPF中不能出现RIP协议报文，我们只需要在RIP出口，即R2 g0/0/1上配置静默接口即可：

[R2]rip 1
[R2-rip-1]sil    
[R2-rip-1]silent-interface g0/0/1

实验完成