OSPF实验

自律哥布林

于 2024-05-06 17:37:06 发布

阅读量150

点赞数 9

文章标签：网络运维

本文链接：https://blog.csdn.net/qq_74120587/article/details/138501913

版权

实验要求

1、R4为ISP，其上只能配盟IP地址:R4与其他所有直连设备间使用公有IP;
2、R3—RS/6/7为MGRE环境。R3为中心站点
3、整个OSPF环境IP地址为172.16.0.0/16
4、所有设备均可访问R4的环回:
5、减少LSA的更新量,加快收敛，保障更新安全
6、全网可达

实验地址IP划分

先对区域进行划分，共需要6个区域，然后在区域里面再进行IP地址划分：
先取3位划分8个网段，取前6个划分给6个区域，然后区域内划分IP地址（这里图简便就从19位借到了24位）

172.16.0.0/19 A0
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
172.16.3.0/24

172.16.32.0/19 A1
172.16.32.0/24

172.16.64.0/19 A2
172.16.64.0/24
172.16.65.0/24

172.16.96.0/19 A3
172.16.96.0/24
172.16.97.0/24

172.16.128.0/19 A4
172.16.128.0/24

172.16.160.0/19 RIP
172.16.160.0/24
172.16.161.0/24

172.16.192.0/19

172.16.224.0/19

实验配置

在R12这台ASBR上边进行多进程双向重发布域外路由汇总

[R12]rip 1
[R12-rip-1]import-route ospf 100
[R12-rip-1]qu
[R12]ospf 100
[R12-ospf-100]import-route rip 1

[R12-ospf-100]asbr-summary 172.16.160.0 255.255.224.0

域间路由汇总,对area 3 区域进行汇总，在两台BR上汇总(即R7和R9），以及在R3上对area 1进行汇总，R9上对area 4进行汇总

[R7-ospf-100-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R9-ospf-100-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R9-ospf-100-area-0.0.0.4]abr-summary 172.16.128.0 255.255.224.0

[R3-ospf-100-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

在R3、R5、R6、R7上面写缺省指向ISP

[R3]ip route-static 0.0.0.0 0 172.16.1.2

[R5]ip route-static 0.0.0.0 0 172.16.2.1

[R6]ip route-static 0.0.0.0 0 172.16.3.1

[R7]ip route-static 0.0.0.0 0 172.16.4.1

在R3、R5、R6、R7上边写MGRE，R3为中心站点，并且更改tunnel在OSPF中的工作类型为broadcast，让R5、R6、R7放弃参与DR、BDR选举

[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.1 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]source g0/0/1
[R3-Tunnel0/0/0]ospf network-type broadcast

[R5]interface Tunnel 0/0/0
[R5-Tunnel0/0/0]ip address 10.1.1.2 24
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source g0/0/0
[R5-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.1.1 register
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr-priority 0

[R6]interface Tunnel 0/0/0
[R6-Tunnel0/0/0]ip add 10.1.1.3 24
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]source g0/0/0
[R6-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.1.1 register
[R6-Tunnel0/0/0]ospf network-type broadcast
[R6-Tunnel0/0/0]ospf dr-priority 0

[R7]interface Tunnel 0/0/0
[R7-Tunnel0/0/0]ip address 10.1.1.4 24
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g0/0/0
[R7-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.1.1 register
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0

用虚链路解决area 4的不规则区域问题

[R9]ospf 100
[R9-ospf-100]area 3
[R9-ospf-100-area-0.0.0.3]vlink-peer 7.7.7.7

[R7]ospf 100
[R7-ospf-100]area 3
[R7-ospf-100-area-0.0.0.3]vlink-peer 9.9.9.9

area 0 区域认证

[R3]ospf 100
[R3-ospf-100]area 0
[R3-ospf-100-area-0.0.0.0]authentication-mode md5 2 cipher 234567

[R5]ospf 100
[R5-ospf-100]area 0
[R5-ospf-100-area-0.0.0.0]authentication-mode md5 2 cipher 234567

[R6]ospf 100
[R6-ospf-100]area 0
[R6-ospf-100-area-0.0.0.0]authentication-mode md5 2 cipher 234567

[R7]ospf 100
[R7-ospf-100]area 0
[R7-ospf-100-area-0.0.0.0]authentication-mode md5 2 cipher 234567

R3和R11间接口认证

[R11]interface GigabitEthernet 0/0/0
[R11-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456

[R6]interface GigabitEthernet 0/0/1
[R6-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456

R7和R9虚链路认证

[R9-ospf-100-area-0.0.0.3]vlink-peer 7.7.7.7 md5 3 cipher 345678

[R7-ospf-100-area-0.0.0.3]vlink-peer 9.9.9.9 md5 3 cipher 345678

R11和R12间更改hello时间，加快收敛

[R12-GigabitEthernet0/0/0]ospf timer hello 15

[R11-GigabitEthernet0/0/1]ospf timer hello 15

最后要让全网可以访问R4，需要做NAT以及在area 0的ABR的ospf下放缺省

[R3]acl 2000
[R3-acl-basic-2000]rule permit source any
[R3-acl-basic-2000]qu
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]nat outbound 2000
[R3-GigabitEthernet0/0/1]qu
[R3]ospf 100
[R3-ospf-100]default-route-advertise

[R5]acl 2000
[R5-acl-basic-2000]rule permit source any
[R5-acl-basic-2000]qu
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]nat outbound 2000
[R5]ospf 100
[R5-ospf-100]default-route-advertise

[R6]acl 2000
[R6-acl-basic-2000]rule permit source any
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]nat outbound 2000
[R6-GigabitEthernet0/0/0]qu
[R6]ospf 100
[R6-ospf-100]default-route-advertise

[R7]acl 2000
[R7-acl-basic-2000]rule permit source any
[R7-acl-basic-2000]qu
[R7]interface g0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000
[R7]ospf 100
[R7-ospf-100]default-route-advertise