拓展OSPF

最新推荐文章于 2024-10-02 08:00:00 发布

睇��咩

最新推荐文章于 2024-10-02 08:00:00 发布

阅读量105

点赞数

文章标签：路由器交换机网络局域网

本文链接：https://blog.csdn.net/qq_54117476/article/details/117479371

版权

OSPF拓展

拓展图

划分IP地址

根据划分IP子网的条件和方式有四个子网网段需要划分4个子网，子网掩码往后推2位。分配在各个骨干网段

172.16.0.0/18 172.16.64.0/18 172.16.128.0/18 172.16.192.0/18

配置IP地址

以R6和R1为例子
R6:
[R6]interface g0/0/1
[R6]-GigabitEthernet0/0/1]ip address 172.16.64.1 18 		
[R6]interface LoopBack 0
[R6-LoopBack0]ip address 6.6.6.6 32
R1:	
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.64.2 18
[R1-GigabitEthernet0/0/0]quit 
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 172.16.0.1 18
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit

虚拟局域网VLAN配置

在交换机1上的配置，先创建2个虚拟局域网，在连接到接口中，交换机2同理
[SW1]vlan 2
[SW1-vlan2]quit
[SW1]vlan 3
[SW1-vlan3]quit
[SW1]interface Eth0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 2
[SW1-Ethernet0/0/3]port link-type access
[SW1-Ethernet0/0/3]port default vlan 3
[SW1-Ethernet0/0/1]port link-type trunk
[SW1-Ethernet0/0/1]port trunk allow-pass vlan all
在R8路由器上建立DHCP池分配地址
[R8]interface g0/0/1.2
[R8-GigabitEthernet0/0/1.2]dot1q termination vid 2
[R8-GigabitEthernet0/0/1.2]ip address 192.168.1.1 24
[R8-GigabitEthernet0/0/1.2]quit 
[R8]interface g0/0/1.3
[R8-GigabitEthernet0/0/1.3]dot1q termination vid 3
[R8-GigabitEthernet0/0/1.3]ip address 192.168.2.1 24
[R8-GigabitEthernet0/0/1.3]quit 
[R8]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R8]ip pool 1
Info: It's successful to create an IP address pool.
[R8-ip-pool-1]network 192.168.1.0 mask 255.255.255.0
[R8-ip-pool-1]gateway-list 192.168.1.1
[R8-ip-pool-1]dns-list 8.8.8.8
[R8]ip pool 2
Info: It's successful to create an IP address pool.
[R8-ip-pool-2]network 192.168.2.0 mask 255.255.255.0
[R8-ip-pool-2]gateway-list 192.168.2.1
[R8-ip-pool-2]dns-list 8.8.8.8
[R8]interface g0/0/1.2
[R8-GigabitEthernet0/0/1.2]dhcp select global 
[R8-GigabitEthernet0/0/1.2]arp broadcast enable
[R8]interface g0/0/1.3
[R8-GigabitEthernet0/0/1.3]dhcp select global 
[R8-GigabitEthernet0/0/1.3]arp broadcast enable

结果显示

OSPF宣告网络

以R8和R2为例子
R8：
[R8]ospf 100 router-id 8.8.8.8
[R8-ospf-100]area 2
[R8-ospf-100-area-0.0.0.2]network 0.0.0.0 255.255.255.255
[R2]ospf 100 ro	
R2
[R2]ospf 100 router-id 2.2.2.2
[R2-ospf-100]area 2
[R2-ospf-100-area-0.0.0.2]network 172.16.128.2 0.0.0.0//将接口宣告入区域中
[R2-ospf-100-area-0.0.0.2]network 2.2.2.2 0.0.0.0
[R2-ospf-100-area-0.0.0.2]quit 
[R2-ospf-100]area 0
[R2-ospf-100-area-0.0.0.0]network 172.16.0.2 0.0.0.0

保证区域安全并且加快收敛速度

[R6]interface GigabitEthernet 0/0/1
[R6-GigabitEthernet0/0/1]ospf timer hello 5
[R6-GigabitEthernet0/0/1]ospf authentication-mode simple cipher 123	
[R6-GigabitEthernet0/0/1]ospf authentication-mode md5

R1为老大路由没有BDR路由器

[R6]interface GigabitEthernet 0/0/1
[R6-GigabitEthernet0/0/1]ospf dr-priority 0

结果显示

PC都允许访问外网

在R6上配置缺省路由并且强制下放缺省路由，并抓取所有流量做NAT转换
[R6]ip route-static 0.0.0.0 0 11.1.1.1
[R6]ospf 100 ro	
[R6]ospf 100 router-id 6.6.6.6
[R6-ospf-100]default-route-advertise always
[R6]acl 2000	
[R6-acl-basic-2000]rule permit source any 
[R6-acl-basic-2000]quit 
[R6]interface GigabitEthernet 0/0/0
[R6-GigabitEthernet0/0/0]nat outbound 2000

结果显示

pc3可以ping通pc5但pc5不能ping通pc3

[R8]acl 3000
[R8-acl-adv-3000]rule deny icmp source 192.168.2.254 0.0.0.0 destination 192.168.4.254 0.0.0.0 icmp-type echo-reply
[R8-acl-adv-3000]rule permit ip source any destination any 
[R8-acl-adv-3000]quit
[R8]interface g0/0/1
[R8-GigabitEthernet0/0/1]traffic-filter inbound acl 3000//在靠近源路由器上调用

结果显示