网络拓扑
要求:
配置IP
开启区域
R1:
[R1]ospf router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]dis this
[V200R003C00]
#
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
network 10.0.13.1 0.0.0.0
network 11.11.11.11 0.0.0.0
#
return
R2:
[R2]ospf router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]dis this
[V200R003C00]
#
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.23.2 0.0.0.0
#
return
[R2]ospf
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]dis this
[V200R003C00]
#
area 0.0.0.1
network 10.0.24.2 0.0.0.0
#
return
R3:
[R3]ospf router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]dis this
[V200R003C00]
#
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.13.3 0.0.0.0
network 10.0.23.3 0.0.0.0
#
return
[R3-ospf-1-area-0.0.0.0]area 2
[R3-ospf-1-area-0.0.0.2]dis this
[V200R003C00]
#
area 0.0.0.2
network 10.0.35.3 0.0.0.0
#
return
R4:
[R4]ospf router-id 4.4.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]dis this
[V200R003C00]
#
area 0.0.0.1
network 4.4.4.4 0.0.0.0
network 10.0.24.4 0.0.0.0
network 44.44.44.44 0.0.0.0
#
return
R5:
[R5]ospf router-id 5.5.5.5
[R5-ospf-1]area 2
[R5-ospf-1-area-0.0.0.2]dis this
[V200R003C00]
#
area 0.0.0.2
network 5.5.5.5 0.0.0.0
network 10.0.35.5 0.0.0.0
network 55.55.55.55 0.0.0.0
#
return
查看邻居
<R1>dis ospf peer brief
OSPF Process 1 with Router ID 1.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full
0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full
----------------------------------------------------------------------------
查看路由表
<R4>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 21 Routes : 21
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 2 D 10.0.24.2 Ethernet4/0/0
2.2.2.2/32 OSPF 10 1 D 10.0.24.2 Ethernet4/0/0
3.3.3.3/32 OSPF 10 3 D 10.0.24.2 Ethernet4/0/0
4.4.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
5.5.5.5/32 OSPF 10 4 D 10.0.24.2 Ethernet4/0/0
10.0.12.0/24 OSPF 10 2 D 10.0.24.2 Ethernet4/0/0
10.0.13.0/24 OSPF 10 3 D 10.0.24.2 Ethernet4/0/0
10.0.23.0/24 OSPF 10 49 D 10.0.24.2 Ethernet4/0/0
10.0.24.0/24 Direct 0 0 D 10.0.24.4 Ethernet4/0/0
10.0.24.4/32 Direct 0 0 D 127.0.0.1 Ethernet4/0/0
10.0.24.255/32 Direct 0 0 D 127.0.0.1 Ethernet4/0/0
10.0.35.0/24 OSPF 10 4 D 10.0.24.2 Ethernet4/0/0
11.11.11.11/32 OSPF 10 2 D 10.0.24.2 Ethernet4/0/0
44.44.44.0/24 Direct 0 0 D 44.44.44.44 LoopBack1
44.44.44.44/32 Direct 0 0 D 127.0.0.1 LoopBack1
44.44.44.255/32 Direct 0 0 D 127.0.0.1 LoopBack1
55.55.55.55/32 OSPF 10 4 D 10.0.24.2 Ethernet4/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以看到R4上面由公司总部的路由,表示可以通信
修改R1DR优先级为2,使R1成为10.0.12.0 /24的DR
[R1-GigabitEthernet0/0/1]ospf dr-priority 2
<R1>dis ospf interface
OSPF Process 1 with Router ID 1.1.1.1
Interfaces
Area: 0.0.0.0 (MPLS TE not enabled)
IP Address Type State Cost Pri DR BDR
10.0.12.1 Broadcast DR 1 2 10.0.12.1 10.0.12.2
10.0.13.1 Broadcast DR 1 1 10.0.13.1 10.0.13.3
1.1.1.1 P2P P-2-P 0 1 0.0.0.0 0.0.0.0
11.11.11.11 P2P P-2-P 0 1 0.0.0.0 0.0.0.0
配置OSPF接口开销
可以看到R2去往R3的下一条是10.0.12.1
可以看到R2 的 S接口开销为48,所以让G接口的开销更大就行
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ospf cost 2000
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ospf cost 2000
<R2>tracert 55.55.55.55
traceroute to 55.55.55.55(55.55.55.55), max hops: 30 ,packet length: 40,press
CTRL_C to break
1 10.0.23.3 20 ms 20 ms 10 ms
2 10.0.35.5 20 ms 10 ms 30 ms
配置ospf被动接口,让R2 e3/0/0变为被动接口(不会接收发送ospf报文)
[R2]ospf
[R2-ospf-1]silent-interface Ethernet 3/0/0
<R2>dis ospf peer brief
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full
0.0.0.0 Serial4/0/0 3.3.3.3 Full
----------------------------------------------------------------------------
可以看到R2与R4没有建立邻居关系,R1和R3正常;查看R2和R4的IP路由表(先恢复R2和R3的G0/0/0接口的cost 值为1)
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ospf cost 1
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ospf cost 1
<R4>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
4.4.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.24.0/24 Direct 0 0 D 10.0.24.4 Ethernet4/0/0
10.0.24.4/32 Direct 0 0 D 127.0.0.1 Ethernet4/0/0
10.0.24.255/32 Direct 0 0 D 127.0.0.1 Ethernet4/0/0
44.44.44.0/24 Direct 0 0 D 44.44.44.44 LoopBack1
44.44.44.44/32 Direct 0 0 D 127.0.0.1 LoopBack1
44.44.44.255/32 Direct 0 0 D 127.0.0.1 LoopBack1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
这样R4上面只有直连的路由
配置ospf认证功能
在R1基于area0 的认证,使用明文加密的方式
[R1]ospf
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]authentication-mode simple plain hongwei
<R1>dis ospf peer brief
OSPF Process 1 with Router ID 1.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
----------------------------------------------------------------------------
[R2]ospf
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode simple plain hongwei
[R3]ospf
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode simple plain hongwei
<R1>dis ospf peer brief
OSPF Process 1 with Router ID 1.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full
0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full
----------------------------------------------------------------------------
现在R2和R4没有建立邻居关系,是因为R4没有认证开启,所以开启它(用密文加密)
[R4]int e4/0/0
[R4-Ethernet4/0/0]ospf authentication-mode md5 24 cipher hongwei
<R2>dis ospf peer brief
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full
0.0.0.0 Serial4/0/0 3.3.3.3 Full
----------------------------------------------------------------------------
查看密码模式
<R4>dis current-configuration | include authentication-mode
ospf authentication-mode md5 24 cipher %$%$@17I~!44H1hSMdP+Fqa9[)xT%$%$
authentication-mode password
<R2>dis current-configuration | include authentication-mode
authentication-mode simple plain hongwei
authentication-mode password
看得出密文加密更安全。