firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
ospf 1
area 0.0.0.1
network 192.168.0.0 0.0.0.255
R1配置
ospf 1
area 0.0.0.1
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
R2配置
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
[FW]display ospf peer
OSPF Process 1 with Router ID 192.168.0.1
Neighbors
Area 0.0.0.1 interface 192.168.0.1(GigabitEthernet1/0/0)'s neighbors
Router ID: 192.168.0.2 Address: 192.168.0.2
State: ExStart Mode:Nbr is Slave Priority: 1
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 0
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
display ospf peer
OSPF Process 1 with Router ID 192.168.0.2
Neighbors
Area 0.0.0.1 interface 192.168.0.2(GigabitEthernet0/0/1)'s neighbors
Router ID: 192.168.0.1 Address: 192.168.0.1
State: ExStart Mode:Nbr is Slave Priority: 1
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 33 sec
Retrans timer interval: 0
Neighbor is up for 00:00:00
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 192.168.1.1(GigabitEthernet0/0/2)'s neighbors
Router ID: 192.168.1.2 Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 04:01:10
Authentication Sequence: [ 0 ]
[FW]display firewall statistic system discard
Discard statistic information:
PACKET DEFAULT FILTER :192 //一直在增加
L3 PROTOCOL DOWN :5
INVALID RECEIVE ZONE :4
INVALID SEND ZONE :5
security-policy
rule name ospf
source-zone local
destination-zone untrust
action permit
允许local区域到untrust区域流量
display ospf peer
OSPF Process 1 with Router ID 192.168.0.1
Neighbors
Area 0.0.0.1 interface 192.168.0.1(GigabitEthernet1/0/0)'s neighbors
Router ID: 192.168.0.2 Address: 192.168.0.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.0.2 BDR: 192.168.0.1 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:33:11
Authentication Sequence: [ 0 ]
状态已变为Full,
display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 GigabitEthernet
1/0/0
192.168.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
1/0/0
192.168.1.0/24 OSPF 10 2 D 192.168.0.2 GigabitEthernet
1/0/0
查看路由表,已192.168.1.0/24网段的路由。