实验要求
实验分析
1、浅蓝色区域作为一个公网环境
2、以R3为hub,R5、R7、R6为spoke
3、边界路由NAT操作
4、减少LSA的更新量,特殊区域,域间路由汇总
5、area1完全末梢 area2可以做NSSA
6、更新安全:区域认证,接口认证。
子网划分
OSPF----172.16.0.0/17
172.16.0 000 0000/20 0 ---area0
172.16.0 001 0000/20 16 ---area1
172.16.0 010 0000/20 32 ---area2
172.16.0 011 0000/20 48 ---area3
172.16.0 100 0000/20 68 ---area4
172.16.0 101 0000/20 80
172.16.0 110 0000/20 96
172.16.0 111 0000/20 112
RIP----172.16.128.0/17
实操拓扑图
配IP
AR1
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 172.16.19.1 29
[AR1-GigabitEthernet0/0/0]q
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 172.16.16.1 24
[AR1-LoopBack0]ospf network-type broadcast
AR2
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 172.16.19.2 29
[AR2-GigabitEthernet0/0/0]q
[AR2]interface LoopBack 0
[AR2-LoopBack0]ip address 172.16.17.1 24
[AR2-LoopBack0]ospf network-type broadcast
AR3
[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0]ip address 172.16.19.3 29
[AR3-GigabitEthernet0/0/0]q[AR3]interface Serial 4/0/0
[AR3-Serial4/0/0]ip address 34.0.0.3 24[AR3-Serial4/0/0]q
[AR3]interface LoopBack 0
[AR3-LoopBack0]ip address 172.16.18.1 24
[AR3-LoopBack0]ospf network-type broadcast
AR4
[AR4]interface GigabitEthernet 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 47.0.0.4 24
[AR4-GigabitEthernet0/0/0]q
[AR4]interface Serial 4/0/0
[AR4-Serial4/0/0]ip address 34.0.0.4 24[AR4-Serial4/0/0]q
[AR4]interface Serial 4/0/1
[AR4-Serial4/0/1]ip address 45.0.0.4 24
[AR4-Serial4/0/1]q
[AR4]interface Serial 3/0/0
[AR4-Serial3/0/0]ip address 46.0.0.4 24
[AR4-Serial3/0/0]q
[AR4]interface LoopBack 0
[AR4-LoopBack0]ip address 4.4.4.4 24
AR5
[AR5]interface Serial 4/0/0
[AR5-Serial4/0/0]ip address 45.0.0.5 24
[AR5-Serial4/0/0]q
[AR5]interface LoopBack 0
[AR5-LoopBack0]ip address 172.16.1.1 24
[AR5-LoopBack0]ospf network-type broadcast
AR6
[AR6]interface GigabitEthernet 0/0/0
[AR6-GigabitEthernet0/0/0]ip address 172.16.33.1 30
[AR6-GigabitEthernet0/0/0]q
[AR6]interface Serial 4/0/0
[AR6-Serial4/0/0]ip address 46.0.0.6 24
[AR6-Serial4/0/0]q
[AR6]interface LoopBack 0
[AR6-LoopBack0]ip address 172.16.2.1 24
[AR6-LoopBack0]ospf network-type broadcast
AR7
[AR7]interface GigabitEthernet 0/0/0
[AR7-GigabitEthernet0/0/0]ip address 47.0.0.7 24
[AR7-GigabitEthernet0/0/0]q
[AR7]interface GigabitEthernet 0/0/1
[AR7-GigabitEthernet0/0/1]ip address 172.16.49.1 30
[AR7-GigabitEthernet0/0/1]q
[AR7]interface LoopBack 0
[AR7-LoopBack0]ip address 172.16.3.1 24
[AR7-LoopBack0]ospf network-type broadcast
AR8
[AR8]interface GigabitEthernet 0/0/0
[AR8-GigabitEthernet0/0/0]ip address 172.16.49.2 30
[AR8-GigabitEthernet0/0/0]q
[AR8]interface GigabitEthernet 0/0/1
[AR8-GigabitEthernet0/0/1]ip address 172.16.49.5 30
[AR8-GigabitEthernet0/0/1]q
[AR8]interface LoopBack 0
[AR8-LoopBack0]ip address 172.16.48.1 24
[AR8-LoopBack0]ospf network-type broadcast
AR9
[AR9]interface GigabitEthernet 0/0/0
[AR9-GigabitEthernet0/0/0]ip address 172.16.49.6 30
[AR9-GigabitEthernet0/0/0]q
[AR9]interface GigabitEthernet 0/0/1
[AR9-GigabitEthernet0/0/1]ip address 172.16.66.1 30
[AR9-GigabitEthernet0/0/1]q
[AR9]interface LoopBack 0
[AR9-LoopBack0]ip address 172.16.64.1 24
[AR9-LoopBack0]ospf network-type broadcast
AR10
[AR10]interface GigabitEthernet 0/0/0
[AR10-GigabitEthernet0/0/0]ip address 172.16.66.2 30
[AR10-GigabitEthernet0/0/0]q
[AR10]interface LoopBack 0
[AR10-LoopBack0]ip address 172.16.65.1 24
[AR10-LoopBack0]ospf network-type broadcast
AR11
[AR11]interface GigabitEthernet 0/0/0
[AR11-GigabitEthernet0/0/0]ip address 172.16.33.2 30
[AR11-GigabitEthernet0/0/0]q
[AR11]interface GigabitEthernet 0/0/1
[AR11-GigabitEthernet0/0/1]ip address 172.16.33.5 30[AR11-GigabitEthernet0/0/1]q
[AR11]interface LoopBack 0
[AR11-LoopBack0]ip address 172.16.32.1 24
[AR11-LoopBack0]ospf network-type broadcast
AR12
[AR12]interface GigabitEthernet 0/0/0
[AR12-GigabitEthernet0/0/0]ip address 172.16.33.6 30
[AR12-GigabitEthernet0/0/0]q
[AR12]interface LoopBack 0
[AR12-LoopBack0]ip address 172.16.128.1 18
[AR12-LoopBack0]q
[AR12]interface LoopBack 1
[AR12-LoopBack1]ip address 172.16.192.1 18
搭建MDRE环境
AR3
[AR3]interface Tunnel 0/0/0
[AR3-Tunnel0/0/0]ip address 172.16.0.1 24
[AR3-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR3-Tunnel0/0/0]source 34.0.0.3
[AR3-Tunnel0/0/0]nhrp entry multicast dynamic ----开启伪广播[AR3]ip route-static 0.0.0.0 0 34.0.0.4
AR5
[AR5]interface Tunnel 0/0/0
[AR5-Tunnel0/0/0]ip address 172.16.0.2 24
[AR5-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR5-Tunnel0/0/0]source Serial 4/0/0
[AR5-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.3 register
[AR5]ip route-static 0.0.0.0 0 45.0.0.4
AR6
[AR6]interface Tunnel 0/0/0
[AR6-Tunnel0/0/0]ip address 172.16.0.3 24
[AR6-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR6-Tunnel0/0/0]source Serial 4/0/0
[AR6-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.3 register
[AR6]ip route-static 0.0.0.0 0 46.0.0.4
AR7
[AR7]interface Tunnel 0/0/0
[AR7-Tunnel0/0/0]ip address 172.16.0.4 24
[AR7-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR7-Tunnel0/0/0]source GigabitEthernet 0/0/0
[AR7-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.3 register
[AR7]ip route-static 0.0.0.0 0 47.0.0.4
OSPF
AR1
[AR1]ospf 1 router-id 1.1.1.1
[AR1-ospf-1]area 1
[AR1-ospf-1-area-0.0.0.1]network 172.16.16.0 0.0.15.255
AR2
[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]network 172.16.16.0 0.0.15.255
AR3
[AR3]ospf 1 router-id 3.3.3.3
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]network 172.16.16.0 0.0.15.255[AR3]ospf 1
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0[AR3-Tunnel0/0/0]ospf network-type p2mp 解决AR3只有一个邻居状况
[AR3-Tunnel0/0/0]nhrp redirect
AR5
[AR5]ospf 1 router-id 5.5.5.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0[AR5-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.0
[AR5-Tunnel0/0/0]ospf network-type p2mp
[AR5-Tunnel0/0/0]nhrp shortcut
AR6
[AR6]ospf 1 router-id 6.6.6.6
[AR6-ospf-1]area 2
[AR6-ospf-1-area-0.0.0.2]network 172.16.32.0 0.0.15.255[AR6]ospf 1
[AR6-ospf-1]ar
[AR6-ospf-1]area 0
[AR6-ospf-1-area-0.0.0.0]ne
[AR6-ospf-1-area-0.0.0.0]network 172.16.0.3 0.0.0.0[AR6-Tunnel0/0/0]ospf network-type p2mp
[AR6-Tunnel0/0/0]nhrp shortcut
AR7
[AR7]ospf 1 router-id 7.7.7.7
[AR7-ospf-1]area 3
[AR7-ospf-1-area-0.0.0.3]network 172.16.48.0 0.0.15.255[AR7]ospf 1
[AR7-ospf-1]ar
[AR7-ospf-1]area 0
[AR7-ospf-1-area-0.0.0.0]ne
[AR7-ospf-1-area-0.0.0.0]network 172.16.0.4 0.0.0.0[AR7-Tunnel0/0/0]ospf network-type p2mp
[AR7-Tunnel0/0/0]nhrp shortcut ----实现分支独立建立隧道
AR8
[AR8]ospf 1 router-id 8.8.8.8
[AR8-ospf-1]area 3
[AR8-ospf-1-area-0.0.0.3]network 172.16.48.0 0.0.15.255
AR9
[AR9]ospf 1 router-id 9.9.9.9
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]network 172.16.49.6 0.0.0.0
[AR9-ospf-1]area 4
[AR9-ospf-1-area-0.0.0.4]network 172.16.64.0 0.0.15.255
AR10
[AR10]ospf 1 router-id 10.10.10.10
[AR10-ospf-1]area 4
[AR10-ospf-1-area-0.0.0.4]network 172.16.64.0 0.0.15.255
AR11
[AR11]ospf 1 router-id 11.11.11.11
[AR11-ospf-1]area 2
[AR11-ospf-1-area-0.0.0.2]network 172.16.32.0 0.0.15.255
AR12
[AR11]ospf 1 router-id 11.11.11.11
[AR11-ospf-1]area 2
[AR11-ospf-1-area-0.0.0.2]network 172.16.32.0 0.0.15.255
[AR12]rip 1
[AR12-rip-1]ver 2
[AR12-rip-1]undo summary
[AR12-rip-1]network 172.16.0.0
重发布
[AR9]ospf 1
[AR9-ospf-1]import-route ospf 2
[AR9-ospf-1]q
[AR9]ospf 2
[AR9-ospf-2]import-route ospf 1
引进RIP
[AR12]ospf 1
[AR12-ospf-1]im
[AR12-ospf-1]import-route r
[AR12-ospf-1]import-route rip 1
减少ACl更新
减少ACL更新:
[AR1]ospf 1
[AR1-ospf-1]area 1
[AR1-ospf-1-area-0.0.0.1]stub
[AR2]ospf 1
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]stub
[AR3]ospf 1
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]stub no-summary
[AR7]ospf 1
[AR7-ospf-1]area 3
[AR7-ospf-1-area-0.0.0.3]nssa no-summary
[AR6]ospf 1
[AR6-ospf-1]area 2
[AR6-ospf-1-area-0.0.0.2]nssa no-summary
[AR8]ospf 1
[AR8-ospf-1]area 3
[AR8-ospf-1-area-0.0.0.3]nssa
[AR9]ospf 1
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]nssa
[AR11]ospf 1
[AR11-ospf-1]area 2
[AR11-ospf-1-area-0.0.0.2]nssa
[AR12]ospf 1
[AR12-ospf-1]area 2
[AR12-ospf-1-area-0.0.0.2]nssa