CCNP之OSPF实验案例

最新推荐文章于 2023-05-17 15:50:48 发布

weixin_33698823

最新推荐文章于 2023-05-17 15:50:48 发布

阅读量338

点赞数

文章标签：网络

原文链接：http://blog.51cto.com/power1990/700821

版权

实验要求：
1、总部和分部之间通过帧中继实现互访，协议要求采用OSPF。要求帧中继不能动态获取映射，也不能静态配置映射
2、配置好OSPF协议，验证邻居建立
3、确保整个内网全网可达
4、确保骨干区域高安全性
5、尽量减少网关路由表条目
6、 R1、R3、R9性能不足，尽量减少其路由条目
7、确保总部和分部都只通过自己的ISP上网
8、不能出现主机路由
实验拓扑：

实验步骤：
1、帧中继的配置：
由于不能配置帧中继动态和静态映射，所以只能采用点对点子接口模式进行配置，在接口下声明自己的DLCI。其中R5的Route-ID是1.1.1.1，R6的Route-ID是2.2.2.2。由于是点对点连接
，所以不存在DR和BDR。
FR-SW：
FR-SW(config)#frame-relay switching
FR-SW(config)#int s0/0
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 102 int s0/1 201
FR-SW(config)#int s0/1
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 201 int s0/0 102
R5：
R5(config)#int s2/1
R5(config-if)#no shut
R5(config-if)#encapsulation frame-relay
R5(config)#int s2/1.1 point-to-point
R5(config-subif)#ip add 172.16.10.1 255.255.255.0
R5(config-subif)#frame-relay int-dlci 102
R5(config-subif)#no frame-relay inverse-arp
R6：
R6(config)#int s1/1
R6(config-if)#no shut
R6(config-if)#encapsulation frame-relay
R6(config-if)#ip add 172.16.10.2 255.255.255.0
R6(config-if)# frame-relay int-dlci 201
R6(config-if)#no frame-relay inverse-arp
测试帧中继连接情况：
FR-SW#show frame-relay rou
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 201 active
Serial0/1 201 Serial0/0 102 active

R6#show ip ospf int
Serial1/1.1 is up, line protocol is up
Internet Address 172.16.10.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:09
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 6
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
R5#show ip os nei detail
Neighbor 2.2.2.2, interface address 172.16.10.2
In the area 0 via interface Serial2/1.1
Neighbor priority is 0, State is FULL, 12 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:35
Neighbor is up for 00:35:14
Index 2/2, retransmission queue length 0, number of retransmission 3
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
2、全网启用 OSPF 协议（配置端口 IP 和环回口步骤省略）
R1：
R1(config)#router ospf 1
R1(config-router)#net 172.16.1.1 0.0.0.0 a 1
R1(config-router)#net 172.16.2.1 0.0.0.0 a 1
R1(config-router)#net 172.16.3.2 0.0.0.0 a 1
R1(config-router)#area 1 stub //配置区域 1 为末节路由
R2：
R2(config)#router ospf 1
R2(config-router)#net 172.16.3.1 0.0.0.0 a 1
R2(config-router)#net 172.16.8.2 0.0.0.0 a 0
R2(config-router)#area 1 stub
R3：
R3(config)#router ospf 1
R3(config-router)#net 172.16.4.1 0.0.0.0 a 2
R3(config-router)#net 172.16.5.1 0.0.0.0 a 2
R3(config-router)#net 172.16.6.2 0.0.0.0 a 2
R3(config-router)#area 2 stub //配置区域 2 为末节路由
R4：
R4(config)#router ospf 1
R4(config-router)#net 172.16.6.1 0.0.0.0 a 2
R4(config-router)#net 172.16.9.2 0.0.0.0 a 0
R4(config-router)#area 2 stub
R5：
R5(config)#router ospf 1
R5(config-router)#net 172.16.8.1 0.0.0.0 a 0
R5(config-router)#net 172.16.9.1 0.0.0.0 a 0
R5(config-router)#net 172.16.10.1 0.0.0.0 a 0
R5(config-router)#default-information originate //启用OSPF默认路由
R6：
R6(config)#router ospf 1
R6(config-router)#net 172.16.10.2 0.0.0.0 a 0
R6(config-router)#net 10.1.1.1 0.0.0.0 a 3
R6(config-router)#default-information originate //启用OSPF默认路由
R7：
R7(config)#router ospf 1
R7(config-router)#net 10.1.1.2 0.0.0.0 a 3
R7(config-router)#net 10.1.2.1 0.0.0.0 a 3
R7(config-router)#net 10.1.3.1 0.0.0.0 a 3
R8：
R8(config)#router ospf 1
R8(config-router)#net 10.1.3.2 0.0.0.0 a 3
R8(config-router)#net 10.1.4.1 0.0.0.0 a 4
R8(config-router)#area 4 stub //配置区域4为末节路由
R9：
R9(config)#router ospf 1
R9(config-router)#net 10.1.4.2 0.0.0.0 a 4
R9(config-router)#net 10.1.5.1 0.0.0.0 a 4
R9(config-router)#area 4 stub
因为不能出现主机路由，所以必须在每个环回口下配置OSPF点对点模式:
(config-if)#ip ospf network point-to-point
验证末节路由：
R1#show ip ospf
Area 1
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:08:53.436 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 8. Checksum Sum 0x048879
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

R3#show ip ospf
Area 2
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:28:33.156 ago
SPF algorithm executed 4 times
Area ranges are
Number of LSA 8. Checksum Sum 0x04C421
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

R5#show ip ospf
Area BACKBONE(0)
Number of interfaces in this area is 3
Area has no authentication
SPF algorithm last executed 00:46:27.944 ago
SPF algorithm executed 21 times
Area ranges are
Number of LSA 13. Checksum Sum 0x07169E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 4
Flood list length 0

R9#show ip ospf
Area 4
Number of interfaces in this area is 2
It is a stub area
Area has no authentication
SPF algorithm last executed 00:47:24.176 ago
SPF algorithm executed 16 times
Area ranges are
Number of LSA 8. Checksum Sum 0x041E9E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

R7#show ip ospf
Area 3
Number of interfaces in this area is 3
This area has transit capability
Area has no authentication
SPF algorithm last executed 00:47:41.596 ago
SPF algorithm executed 12 times
Area ranges are
Number of LSA 14. Checksum Sum 0x0D84E8
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
3、启用OSPF区域汇总：
因为R1、R3、R9性能不足，以及为了减少网关的路由条目，所以有必要在每个区域的ABR上进行汇总。R2属于Area 0和Area 1的ABR，R4属于Area 0和Area 2的ABR,R6属于Area 0和Area 3的ABR，R8属于Area 3、Area 4以及Area 0（通过虚链路相连）的ABR。
R2(config-router)#area 1 range 172.16.0.0 255.255.252.0
R2(config-router)#area 0 range 172.16.8.0 255.255.252.0
R4(config-router)#area 2 range 172.16.4.0 255.255.252.0
R4(config-router)#area 0 range 172.16.8.0 255.255.252.0
R6(config-router)#area 3 range 10.1.0.0 255.255.252.0
R6(config-router)#area 0 range 172.16.8.0 255.255.252.0
R8(config-router)#area 3 range 10.1.0.0 255.255.252.0
R8(config-router)#area 4 range 10.1.4.0 255.255.254.0
R8(config-router)#area 0 range 172.16.8.0 255.255.252.0
查看末节路由表：
R1#show ip route os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0
O IA 172.16.4.0/22 [110/4] via 172.16.3.1, 00:44:53, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.3.1, 00:26:21, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.3.1, 00:23:28, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0

R3#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.6.1, 00:56:56, FastEthernet0/0
O IA 172.16.0.0/22 [110/4] via 172.16.6.1, 00:46:05, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.6.1, 00:27:43, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.6.1, 00:24:50, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.6.1, 01:07:33, FastEthernet0/0

R9#show ip route os
172.16.0.0/22 is subnetted, 3 subnets
O IA 172.16.8.0 [110/67] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.4.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.0.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA 10.1.0.0/22 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
查看网关路由表：
R5#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.4.0/22 [110/2] via 172.16.9.2, 00:25:35, FastEthernet1/0
O IA 172.16.0.0/22 [110/2] via 172.16.8.2, 00:25:35, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/65] via 172.16.10.2, 00:25:35, Serial2/1.1
O IA 10.1.4.0/23 [110/67] via 172.16.10.2, 00:25:35, Serial2/1.1

R6#show ip rou os
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.8.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O 172.16.8.0/22 is a summary, 00:26:07, Null0
O 172.16.9.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.4.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.0.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O 10.1.3.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.2.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.0.0/22 is a summary, 00:26:07, Null0
O IA 10.1.4.0/23 [110/3] via 10.1.1.2, 00:26:07, FastEthernet0/0
由于虚链路的影响，R6和R7无法学到Area 0的汇总路由，只能学到详细路由。
4、配置Area 4与Area 0的虚链路
由于Area 4与Area 0未直接相连，所以必须依靠虚链路来学习路由，在虚链路两端进行配置(R8的Route-ID设为10.10.10.10)。
R6(config-router)#area 3 virtual-link 10.10.10.10
R8(config-router)#area 3 virtual-link 2.2.2.2
配置虚链路MD5身份验证：
R6(config-router)#area 3 virtual-link 10.10.10.10 authentication message-digest message-digest-key 1 md5 cisco
R8(config-router)#area 3 virtual-link 2.2.2.2 authentication message-digest message-digest-key 1 md5 cisco
验证虚链路：
R6#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.10.10.10 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet0/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1

R8#show ip ospf vir
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet1/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
5、配置OSPF的MD5身份验证
在每个启用了OSPF的路由器接口上配置一下命令：
ip ospf authentication message-digest
ip ospf message-digest-key (num) md5 (key-value)
6、在总部和分部网关上启用PAT
R5(config)#access-list 1 permit 172.16.0.0 0.0.15.255
R5(config)#ip nat inside source list 1 int s2/0 overload
R5(config)#ip route 0.0.0.0 0.0.0.0 s2/0
R5(config)#int s2/0
R5(config-if)#ip nat outside
在R5的f0/0、f1/0上配置
R5(config-if)#ip nat inside
查看外网ping通情况：
R5#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.1:4 172.16.3.2:4 210.1.1.1:4 210.1.1.1:4
icmp 200.1.1.1:1 172.16.6.2:1 210.1.1.1:1 210.1.1.1:1

R1#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms

R3#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/194/260 ms
R6(config)#access-list 1 permit 10.1.0.0 0.0.7.255
R6(config)#ip nat inside source list 1 int s1/0 overload
R6(config)#ip route 0.0.0.0 0.0.0.0 s1/0
R6(config)#int s1/0
R6(config-if)#ip nat outside
在R6的f0/0上配置
R6(config-if)#ip nat inside
查看外网ping通情况：
R6#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 202.1.1.1:1 10.1.1.2:1 210.1.1.1:1 210.1.1.1:1
icmp 202.1.1.1:2 10.1.4.2:1 210.1.1.1:1 210.1.1.1:2

R7#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms

R9#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
外网ping通成功！实验完成！

转载于:https://blog.51cto.com/power1990/700821

weixin_33698823

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
CCNP之OSPF实验案例

实验要求： 1、总部和分部之间通过帧中继实现互访，协议要求采用OSPF。要求帧中继不能动态获取映射，也不能静态配置映射 2、配置好OSPF协议，验证邻居建立 3、确保整个内网全网可达 4、确保骨干区域高安全性 5、尽量减少网关路由表条目 6、 R1、R3、R9性能不足，尽量减少其路由条目 7、确保总部和分部都只通过自己的ISP上网 ...
复制链接

扫一扫