题目
1.r4为LSP,只设置IP地址,与其直连设置地址设置公网IP
2.r3/r5/r6/r7设置MGRE环境,r3为中心站点
3.整个ospf环境IP地址为172.16.0.0/16
4.所有设备都可以ping通r4的环回
5.减少LSA更新量,加快收敛,保障更新安全
6.全网可达
7.telnet r6的公网地址,实际登录到r12各个设备配置
R1
sysname r1
interface GigabitEthernet0/0/0
ip address 172.16.1.1 255.255.248.0
interface LoopBack0
ip address 172.16.8.1 255.255.248.0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.1
authentication-mode md5 1 cipher %$%$SQ%u)~hUVX:T`0+Jd2vAb0~q%$%$
network 172.16.0.0 0.0.255.255 //ospf密码认证,同一区域密码不同不能
建立邻居关系
(1) stub // 设置区域1为末梢区域,并且同一区域的路由器必须都
要配置,否则无法建立邻居关系末梢区域,该区域拒绝4、5的LSA进入
而是由连接骨干区域的ABR设备,向该区域发布一条3类的缺省路由;
R2
sysname r2
interface LoopBack0
ip address 172.16.16.1 255.255.248.0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.1
authentication-mode md5 1 cipher %$%$6O3LVHNRwB%FGpNq"LsBb1np%$%$
network 172.16.0.0 0.0.255.255
stub
R3
sysname r3
acl number 2000 // 配置acl,允许哪些地址访问外网
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 30.1.1.1 255.255.255.0
nat outbound 2000 //把ACL应用在接口上访问外网时,转换为公网地址
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 172.16.1.3 255.255.248.0
#
interface LoopBack0
ip address 172.16.24.1 255.255.248.0
#
interface Tunnel0/0/0
ip address 172.16.32.3 255.255.248.0
tunnel-protocol gre p2mp //配置MGRE
source 30.1.1.1
ospf authentication-mode md5 1 cipher %$%$!|jP4u3NUMoQA'WT#d69b4`=%$%$
ospf network-type broadcast //Tunnel网络类型默认为p2p,需要改为
broadcast,p2p只允许二个之间建立邻接关系
nhrp entry multicast dynamic //设置可以组播发,实际是给每个人都发一份
nhrp network-id 100
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 172.16.32.3 0.0.0.0
area 0.0.0.1
abr-summary 172.16.0.0 255.255.0.0 //在abr上配置,区域路由汇总
authentication-mode md5 1 cipher %$%$<*#TL^A_4%:],{&(-2PVb2gg%$%$
network 172.16.1.3 0.0.0.0
network 172.16.24.1 0.0.0.0
(2) stub no-summary //完全末梢区域,在末梢区域的基础上进一步拒绝
3类的LSA,仅保留一条3类的缺省路由进入,
骨干区域自动产生一条缺省指向本区域
#
ip route-static 0.0.0.0 0.0.0.0 30.1.1.2
#
R4
sysname r4
#
interface Serial3/0/0
link-protocol ppp
ip address 30.1.1.2 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
ip address 50.1.1.2 255.255.255.0
#
interface Serial4/0/0
link-protocol ppp
ip address 60.1.1.2 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
ip address 70.1.1.2 255.255.255.0
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
#
R5
sysname r5
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 50.1.1.1 255.255.255.0
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
#
interface LoopBack0
ip address 172.16.40.1 255.255.248.0
#
interface Tunnel0/0/0
ip address 172.16.32.5 255.255.248.0
tunnel-protocol gre p2mp //建立MGRE网络
source Serial4/0/0
ospf authentication-mode md5 1 cipher %$%$=uD&>&&V9PC|P>C8'E`4b5VF%$%$
ospf network-type broadcast
ospf dr-priority 0 //优先值改为0,放弃DR选举
nhrp network-id 100
nhrp entry 172.16.32.3 30.1.1.1 register //向中心站点注册
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 172.16.0.0 0.0.255.255
#
ip route-static 0.0.0.0 0.0.0.0 50.1.1.2
R6
sysname r6
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 60.1.1.1 255.255.255.0
nat server protocol tcp global current-interface telnet inside 172.16.72.2 telnet
//配置nat,实现telnet 地址映射
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
ip address 172.16.64.1 255.255.248.0
interface LoopBack0
ip address 172.16.48.1 255.255.248.0
#
interface Tunnel0/0/0
ip address 172.16.32.6 255.255.248.0
tunnel-protocol gre p2mp
source Serial4/0/0
ospf authentication-mode md5 1 cipher %$%$`4/!5*fZ!GpPC,;tJP51b5lA%$%$
ospf network-type broadcast
ospf dr-priority 0
nhrp network-id 100
nhrp entry 172.16.32.3 30.1.1.1 register
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 172.16.32.6 0.0.0.0
network 172.16.48.1 0.0.0.0
area 0.0.0.2
network 172.16.64.1 0.0.0.0
nssa no-summary //完全NSSA – 在NSSA的基础上,进一步拒绝3类LSA;由连接骨
干区域的ABR向该区域发布一条3类的缺省路由;本NSSA区域内部ASBR的路由基于7
类传递,之后转换为5类进入骨干区域;abr上配置
#
ip route-static 0.0.0.0 0.0.0.0 60.1.1.2
R7
sysname r7
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 70.1.1.1 255.255.255.0
nat outbound 2000
interface Serial4/0/1
link-protocol ppp
ip address 172.16.98.1 255.255.248.0
interface LoopBack0
ip address 172.16.56.1 255.255.248.0
#
interface Tunnel0/0/0
ip address 172.16.32.7 255.255.248.0
tunnel-protocol gre p2mp
source Serial4/0/0
ospf authentication-mode md5 1 cipher %$%$:,+0GJ4EC&kc{v1j$Z{Mb6`I%$%$
ospf network-type broadcast
ospf dr-priority 0
nhrp network-id 100
nhrp entry 172.16.32.3 30.1.1.1 register
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 172.16.32.7 0.0.0.0
network 172.16.56.1 0.0.0.0
area 0.0.0.3
network 172.16.98.1 0.0.0.0
nssa no-summary
#
ip route-static 0.0.0.0 0.0.0.0 70.1.1.2
R8
sysname r8
interface Serial4/0/0
link-protocol ppp
ip address 172.16.98.2 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
ip address 172.16.106.1 255.255.248.0
#
interface LoopBack0
ip address 172.16.114.1 255.255.248.0
#
ospf 1 router-id 8.8.8.8
area 0.0.0.3
network 172.16.0.0 0.0.255.255
nssa
R9
sysname r9
#
interface Serial4/0/0
link-protocol ppp
ip address 172.16.106.2 255.255.248.0
#
interface Serial4/0/1
link-protocol ppp
ip address 172.16.128.1 255.255.248.0
#
interface LoopBack0
ip address 172.16.136.1 255.255.248.0
#
ospf 1 router-id 9.9.9.9
import-route ospf 2
area 0.0.0.1
area 0.0.0.3
network 172.16.106.2 0.0.0.0
nssa // NSSA – 非完全末梢区域 --- 该区域将拒绝4/5的LSA;本NSSA所在区域
ASBR产生的5类LSA,被7类传输,在通过该NSSA进入骨干区域时,被ARB转换回5
类;NSSA区域的作用不是抑制本地ASBR产生的信息,而是抑制该网络中其他区域
ASBR产生的4/5类LSA
area 0.0.0.4
#
ospf 2 router-id 9.9.9.0
default-route-advertise //把路由表中的其他协议或其他进程产生的缺省路由,
导入到本OSPF域
import-route ospf 1
area 0.0.0.4
network 172.16.128.1 0.0.0.0
network 172.16.136.1 0.0.0.0
R10
sysname r10
#
interface Serial4/0/0
link-protocol ppp
ip address 172.16.128.2 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
#
interface LoopBack0
ip address 172.16.144.1 255.255.248.0
#
ospf 1 router-id 10.10.10.10
area 0.0.0.4
network 172.16.0.0 0.0.255.255
R11
sysname r11
#
interface Serial4/0/0
link-protocol ppp
ip address 172.16.64.2 255.255.248.0
#
interface Serial4/0/1
link-protocol ppp
ip address 172.16.72.1 255.255.248.0
#
interface LoopBack0
ip address 172.16.80.1 255.255.248.0
#
ospf 1 router-id 11.11.11.11
area 0.0.0.2
network 172.16.0.0 0.0.255.255
nssa
R12
sysname r12
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default //配置telnet用户和密码
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user huawei password cipher %$%$Q>Tj-|+DC:;'=-0&(;F.bEu[%$%$
local-user huawei privilege level 12
local-user huawei service-type telnet
#
interface Serial4/0/0
link-protocol ppp
ip address 172.16.72.2 255.255.248.0
#
interface Serial4/0/1
link-protocol ppp
#
interface LoopBack0
ip address 172.16.160.1 255.255.240.0
#
interface LoopBack1
ip address 172.16.176.1 255.255.240.0
#
ospf 1 router-id 12.12.12.12
import-route ospf 2
area 0.0.0.2
network 172.16.72.2 0.0.0.0
nssa
#
ospf 2
import-route ospf 1
area 0.0.0.2
network 172.16.160.1 0.0.0.0
network 172.16.176.1 0.0.0.0
#
user-interface vty 0 4
authentication-mode aaa //允许telnet登录
兄弟姐妹们,开始学艺不精,后面慢慢补充哈
注意:在原有的基础上还可以进行优化
- r3,r5,r6,r7的tunnel口可以改为p2mp,不用选举dr,建邻快,但是会出现选路不好的问题,分支站点访问分支站点会先到中心站点再到目的分支。
改进办法:(在tunnel口敲)
中心站点 nhrp redirect
分支站点 nhrp shortcut
2.一个区域内,独立直连路由器的网络类型可以改为p2p(l例如图中的r7,r8),没有dr选举建邻快