H3C大型园区网络OSPF配置案例

normanhere

于 2024-05-24 15:49:19 发布

阅读量871

点赞数 11

文章标签：网络

本文链接：https://blog.csdn.net/normanhere/article/details/139176792

版权

在这里插入图片描述
--------------------------------------接入交换机---------------------------------
1、所有接入层交换机配置-边缘节点开启网关防护，终端使用手工分配IP地址方式

Sysname Acc

Ospf 1
Non-stop-routing
Log-peer-change
Silent-interface vlan-interface 114
Area 1
stub no-summary
authentication-mode md5 1 plain 12345

Interface Loopback 0
IP add 10.10.240.19 32
Ospf 1 area 1

Vlan 114
Des yewu
Quit

Interface vlan-interface 114
Ip add 10.0.114.254 24
Ospf 1 area 1

Interface range gi 1/0/1 – gi 1/0/46
Port link-type access
Port access vlan 114
Stp edge-port
Arp filter source 10.0.114.254
Storm-constrain enable log
Storm-constrain control block
Storm-constrain broadcast ratio 70

Interface router-agg 1
Des connect_to_Huiju
Ip add 172.16.0.1 30
Ospf 1 area 1
Ospf network-type p2p

Interface gi 1/0/47
Des connect_to_Huiju
Port link-mode route
Port link-agg group 1

Interface gi 1/0/48
Des connect_to_Huiju
Port link-mode route
Port link-agg group 1

Stp tc-prtotection
Stp root primary

-------------------------------汇聚交换机------------------------------------
2、汇聚层交换机配置 ABR 注意这里如果要使用abr-summary 使用路由汇总的时候汇总的IP地址必须包含三层邻居接口，否则会导致邻居中断

Sysname Huiju

Ospf 1
Non-stop-routing
Log-peer-change
Ara 1
stub
authentication-mode md5 1 plain 12345
Area 0
authentication-mode md5 1 plain 12345

Interface Loopback 0
IP add 10.10.240.29 32
Ospf 1 area 0

Interface router-agg 1
Des connect_to_Acc
Ip add 172.16.0.2 30
Ospf 1 area 1
Ospf network-type p2p

Interface gi 1/0/47
Des connect_to_Huiju
Port link-mode route
Port link-agg group 1

Interface gi 1/0/48
Des connect_to_Acc
Port link-mode route
Port link-agg group 1

Interface router-agg 2
Des connect_to_Core
Ip add 172.16.0.5 30
Ospf 1 area 0
Ospf network-type p2p

Interface gi 1/0/45
Des connect_to_Core
Port link-mode route
Port link-agg group 2

Interface gi 1/0/46
Des connect_to_Core
Port link-mode route
Port link-agg group 2

-------------------------------核心交换机----------------------------------
3、核心层交换机配置骨干交换机

Sysname Core

Ospf 1
Non-stop-routing
Log-peer-change
Silent-interface vlan-interface 222
Defualt-route-advertise always
Import-route static
Import-route direct
Area 0
authentication-mode md5 1 plain 12345

Interface Loopback 0
IP add 10.10.240.254 32
Ospf 1 area 0

Vlan 222
Des yewu
Quit

Interface vlan-interface 222
Ip add 10.22.0.0 23
Ospf 1 area 0

Interface router-agg 1
Ip add 172.16.0.6 30
Ospf 1 area 0
Ospf network-type p2p

Interface gi 1/0/47
Des connect_to_Huiju
Port link-mode route
Port link-agg group 1

Interface gi 1/0/48
Des connect_to_Huiju
Port link-mode route
Port link-agg group 1

----------------------排错和查询-----------------------
4、排错和查询
Ter mo
Ter deb
Debug ospf event
Debug ospf packet
Ctrl+o 关闭debug

Dis ospf peer
Dis ospf verbose
Dis ospf interface
Dis ospf routing
Dis ospf statistics
Dis ospf lsdb

-----------------------配置技术说明--------------------
5、配置技术说明

5.1 将OSPF3层互联口网络类型修改为p2p 避免了OSPF DR BDR选举过程加快邻居关系建立过程

5.2 NO-STOP-ROUTING 在OSPF进程重启的情况下，转发平面继续转发

5.3 LOG-PEEER-CHANGE 以日志的形式打印邻居关系变化

5.4 Silent-interface 针对业务VLAN口必须配置，这样可以避免OSPF HELLO 组播报文发给用户带来的安全风险

5.5 区域认证必须开启必须用户接入冒充OSPF路由器带来的风险或者错误配置带来的风险

5.6 建议在接口下宣告OSPF 这样子网更加精确

5.7 特别注意在接入层交换机开启 stp 防护网关防护和广播5.1报文防护

normanhere

关注

11
点赞
踩
16

收藏

觉得还不错? 一键收藏
0
评论
H3C大型园区网络OSPF配置案例

-------------------------------------接入交换机----------------------------------------------------------------汇聚交换机-------------------------------------------------------------------核心交换机----------------------------------3、核心层交换机配置骨干交换机。Ctrl+o 关闭debug。
复制链接

扫一扫