一,实验拓扑
实验要求:
1、R4为ISP,其上只配置IP地址;R4与其他所直连设备间均使用公有IP;
2、R3-R5、R6、R7为MGRE环境,R3为中心站点;
3、整个OSPF环境IP基于172.16.0.0/16划分;除了R12有两个环回,其他路由器均有一个环回IP
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,加快收敛,保障更新安全;
6、全网可达;
实验配置
配置IP:
R1:
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]SYS R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 172.16.33.1 24
Apr 18 2024 18:12:35-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R1-GigabitEthernet0/0/0]
[R1-GigabitEthernet0/0/0]q
[R1]int l0
[R1-LoopBack0]ip add 172.34.1 24
^
Error: Wrong parameter found at '^' position.
[R1-LoopBack0]ip add 172.16.34.1 24
[R1-LoopBack0]q
[R1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.34.1/24 up up(s)
NULL0 unassigned up up(s)
[R1]
R2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 172.16.33.2 24
[R2-GigabitEthernet0/0/0]
Apr 18 2024 18:22:08-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R2-GigabitEthernet0/0/0]q
[R2]int l0
[R2-LoopBack0]ip add 172.16.35.2 24
[R2-LoopBack0]q
[R2]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.35.2/24 up up(s)
NULL0 unassigned up up(s)
[R2]
R3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 172.16.33.3 24
[R3-GigabitEthernet0/0/0]
Apr 18 2024 18:24:26-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R3-GigabitEthernet0/0/0]q
[R3]int s4/0/0
[R3-Serial4/0/0]ip add 34.0.0.3 24
[R3-Serial4/0/0]q
[R3]int l0
[R3-LoopBack0]ip add 172.16.36.3 24
[R3-LoopBack0]
[R3-LoopBack0]q
[R3]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.3/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.36.3/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 34.0.0.3/24 up up
Serial4/0/1 unassigned down down
[R3]
R4:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname ISP
[ISP]int s4/0/0
[ISP-Serial4/0/0]ip add 34.0.0.4 24
[ISP-Serial4/0/0]
Apr 18 2024 18:26:59-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PP
P IPCP on the interface Serial4/0/0 has entered the UP state.
[ISP-Serial4/0/0]q
[ISP]int s4/0/1
[ISP-Serial4/0/1]ip add 45.0.0.4 24
[ISP-Serial4/0/1]
[ISP-Serial4/0/1]q
[ISP]int s3/0/0
[ISP-Serial3/0/0]ip add 46.0.0.4 24
[ISP-Serial3/0/0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 47.0.0.4 24
Apr 18 2024 18:28:47-08:00 ISP %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[ISP-GigabitEthernet0/0/0]q
[ISP]int l0
[ISP-LoopBack0]ip add 172.16.2.4 24
[ISP-LoopBack0]q
[ISP]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 47.0.0.4/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.2.4/24 up up(s)
NULL0 unassigned up up(s)
Serial3/0/0 46.0.0.4/24 up up
Serial3/0/1 unassigned down down
Serial4/0/0 34.0.0.4/24 up up
Serial4/0/1 45.0.0.4/24 up up
[ISP]
R5:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R5
[R5]int s4/0/0
[R5-Serial4/0/0]ip add 45.0.0.5 24
[R5-Serial4/0/0]
Apr 18 2024 18:31:14-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the UP state.
[R5-Serial4/0/0]q
[R5]int l0
[R5-LoopBack0]ip add 172.16.3.5 24
[R5-LoopBack0]q
[R5]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 4
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.3.5/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 45.0.0.5/24 up up
Serial4/0/1 unassigned down down
[R5]
R6:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R6
[R6]int s4/0/0
[R6-Serial4/0/0]ip add 46.0.0.6 24
[R6-Serial4/0/0]
Apr 18 2024 18:33:25-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the UP state.
[R6-Serial4/0/0]q
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ip add 172.16.65.1 30
Apr 18 2024 18:34:08-08:00 R6 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R6-GigabitEthernet0/0/0]q
[R6]int l0
[R6-LoopBack0]ip add 172.16.4.6 24
[R6-LoopBack0]q
[R6]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.65.1/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.4.6/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 46.0.0.6/24 up up
Serial4/0/1 unassigned down down
[R6]
R7:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R7
[R7]int g0/0/0
[R7-GigabitEthernet0/0/0]ip add 47.0.0.7 24
Apr 18 2024 18:37:04-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R7-GigabitEthernet0/0/0]q
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ip add 172.16.97.1 30
Apr 18 2024 18:37:36-08:00 R7 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R7-GigabitEthernet0/0/1]q
[R7]int l0
[R7-LoopBack0]ip add 172.16.5.7 24
[R7-LoopBack0]q
[R7]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 47.0.0.7/24 up up
GigabitEthernet0/0/1 172.16.97.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.5.7/24 up up(s)
NULL0 unassigned up up(s)
[R7]
R8:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R8
[R8]int g0/0/0
[R8-GigabitEthernet0/0/0]ip add 172.16.97.2 30
[R8-GigabitEthernet0/0/0]
Apr 18 2024 18:39:41-08:00 R8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R8-GigabitEthernet0/0/0]q
[R8]int g0/0/1
[R8-GigabitEthernet0/0/1]ip add 172.16.97.5 30
Apr 18 2024 18:40:02-08:00 R8 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R8-GigabitEthernet0/0/1]q
[R8]int l0
[R8-LoopBack0]ip add 172.16.98.8 24
[R8-LoopBack0]q
[R8]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.97.2/30 up up
GigabitEthernet0/0/1 172.16.97.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.98.8/24 up up(s)
NULL0 unassigned up up(s)
[R8]
R9:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R9
[R9]int g0/0/0
[R9-GigabitEthernet0/0/0]ip addd 172.16.97.6 30
^
Error: Unrecognized command found at '^' position.
[R9-GigabitEthernet0/0/0]ip add 172.16.97.6 30
[R9-GigabitEthernet0/0/0]
Apr 18 2024 18:41:49-08:00 R9 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R9-GigabitEthernet0/0/0]q
[R9]int g0/0/1
[R9-GigabitEthernet0/0/1]ip add 172.16.129.1 30
Apr 18 2024 18:42:17-08:00 R9 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R9-GigabitEthernet0/0/1]q
[R9]int l0
[R9-LoopBack0]ip add 172.16.130.9 24
[R9-LoopBack0]q
[R9]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.97.6/30 up up
GigabitEthernet0/0/1 172.16.129.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.130.9/24 up up(s)
NULL0 unassigned up up(s)
[R9]
R10:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R10
[R10]int g0/0/0
[R10-GigabitEthernet0/0/0]ip add 172.16.129.2 30
[R10-GigabitEthernet0/0/0]
Apr 18 2024 18:44:09-08:00 R10 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R10-GigabitEthernet0/0/0]q
[R10]int l0
[R10-LoopBack0]ip add 172.16.131.10 24
[R10-LoopBack0]q
[R10]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.129.2/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.131.10/24 up up(s)
NULL0 unassigned up up(s)
[R10]
R11:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R11
[R11]int g0/0/0
[R11-GigabitEthernet0/0/0]ip add 172.16.65.2 30
[R11-GigabitEthernet0/0/0]
Apr 18 2024 18:46:21-08:00 R11 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R11-GigabitEthernet0/0/0]q
[R11]int g0/0/1
[R11-GigabitEthernet0/0/1]ip add 172.16.65.5 30
Apr 18 2024 18:46:41-08:00 R11 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R11-GigabitEthernet0/0/1]q
[R11]int l0
[R11-LoopBack0]ip add 172.16.66.11 24
[R11-LoopBack0]q
[R11]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.65.2/30 up up
GigabitEthernet0/0/1 172.16.65.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.66.11/24 up up(s)
NULL0 unassigned up up(s)
[R11]
R12:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R12
[R12]int g0/0/0
[R12-GigabitEthernet0/0/0]ip add 172.16.65.6 30
Apr 18 2024 18:48:45-08:00 R12 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R12-GigabitEthernet0/0/0]q
[R12]int l0
[R12-LoopBack0]ip add 172.16.160.12 24
[R12-LoopBack0]q
[R12]int l1
[R12-LoopBack1]ip add 172.16.161.12 24
[R12-LoopBack1]q
[R12]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.65.6/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.160.12/24 up up(s)
LoopBack1 172.16.161.12/24 up up(s)
NULL0 unassigned up up(s)
[R12]
构建外部RIP协议用户组
R12:
[R12]rip 1
[R12-rip-1]v 2
[R12-rip-1]undo summary
[R12-rip-1]net 172.16.0.0
[R12-rip-1]
配置公网通
手动配置通向公网的缺省路由:
[R3]ip route-static 0.0.0.0 0 34.0.0.4
[R5]ip route-static 0.0.0.0 0 45.0.0.4
[R6]ip route-static 0.0.0.0 0 46.0.0.4
[R7]ip route-static 0.0.0.0 0 47.0.0.4
构建MGRE隧道
创建隧道
R3:
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip add 172.16.6.3 24
[R3-Tunnel0/0/0]t
[R3-Tunnel0/0/0]tcp
[R3-Tunnel0/0/0]test-aaa
[R3-Tunnel0/0/0]tracert
[R3-Tunnel0/0/0]traffic-filter
[R3-Tunnel0/0/0]traffic-policy
[R3-Tunnel0/0/0]trust
[R3-Tunnel0/0/0]tunnel-protocol g
[R3-Tunnel0/0/0]tunnel-protocol gre p
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]so
[R3-Tunnel0/0/0]source 34.0.0.3
Apr 18 2024 19:09:09-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R3-Tunnel0/0/0]
[R3-Tunnel0/0/0]
R5
[R5]int Tunnel 0/0/0
[R5-Tunnel0/0/0]ip add 172.16.6.5 25
[R5-Tunnel0/0/0]tu
[R5-Tunnel0/0/0]tunnel-protocol g
[R5-Tunnel0/0/0]tunnel-protocol gre p
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]so
[R5-Tunnel0/0/0]source s
[R5-Tunnel0/0/0]source Serial 4
[R5-Tunnel0/0/0]source Serial 4/0/0
Apr 18 2024 19:10:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R5-Tunnel0/0/0]
R6
[R6]int t
[R6]int Tunnel 0/0/0
[R6-Tunnel0/0/0]ip add 172.16.6.6 24
[R6-Tunnel0/0/0]tu
[R6-Tunnel0/0/0]tunnel-protocol g
[R6-Tunnel0/0/0]tunnel-protocol gre p
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]so
[R6-Tunnel0/0/0]source s
[R6-Tunnel0/0/0]source Serial 4/0/0
Apr 18 2024 19:11:44-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R6-Tunnel0/0/0]
[R6-Tunnel0/0/0]
R7
[R7]int t
[R7]int Tunnel 0/0/0
[R7-Tunnel0/0/0]ip add 172.16.6.7 24
[R7-Tunnel0/0/0]tu
[R7-Tunnel0/0/0]tunnel-protocol g
[R7-Tunnel0/0/0]tunnel-protocol gre p
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]so
[R7-Tunnel0/0/0]source g0/0/0
Apr 18 2024 19:13:04-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R7-Tunnel0/0/0]
[R7-Tunnel0/0/0]
配置下一跳解析协议(NHRP)
中心站点R3:
[R3]int t0/0/0
[R3-Tunnel0/0/0]nh
[R3-Tunnel0/0/0]nhrp ne
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nh
[R3-Tunnel0/0/0]nhrp en
[R3-Tunnel0/0/0]nhrp entry mu
[R3-Tunnel0/0/0]nhrp entry multicast d
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]
R5:
[R5]int t0/0/0
[R5-Tunnel0/0/0]nh
[R5-Tunnel0/0/0]nhrp n
[R5-Tunnel0/0/0]nhrp network-id 100
[R5-Tunnel0/0/0]nh
[R5-Tunnel0/0/0]nhrp e
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 re
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R5-Tunnel0/0/0]
R6:
[R6]int t0/0/0
[R6-Tunnel0/0/0]nh
[R6-Tunnel0/0/0]nhrp n
[R6-Tunnel0/0/0]nhrp network-id 100
[R6-Tunnel0/0/0]nh
[R6-Tunnel0/0/0]nhrp e
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 r
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R6-Tunnel0/0/0]
R7:
[R7]int t0/0/0
[R7-Tunnel0/0/0]nh
[R7-Tunnel0/0/0]nhrp n
[R7-Tunnel0/0/0]nhrp network-id 100
[R7-Tunnel0/0/0]nh
[R7-Tunnel0/0/0]nhrp e
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 re
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R7-Tunnel0/0/0]
查看建邻情况:
OSPF私网通
are0(公网区域不宣告)
R3:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 172.16.6.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]
R5:
[R5]ospf 1 ro
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]net 172.16.3.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]netwo
[R5-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0255
^
Error: Wrong parameter found at '^' position.
[R5-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]
R6:
[R6]ospf 1 ro
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]net 172.16.4.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]net 172.16.6.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]
R7:
[R7]ospf 1 ro
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]are 0
[R7-ospf-1-area-0.0.0.0]net 172.16.5.0 0.0.0.255
[R7-ospf-1-area-0.0.0.0]net 172.16.6.0 0.0.0.255
[R7-ospf-1-area-0.0.0.0]
由于Tunnel口默认为点对点类型,故需要修改Tunnel口接口类型才能实现每个路由器建立连接
[R3]int t0/0/0
[R3-Tunnel0/0/0]ospf network-type broadcast
[R5]int t0/0/0
[R5-Tunnel0/0/0]ospf network-type broadcast
[R6]int t0/0/0
[R6-Tunnel0/0/0]ospf network-type broadcast
[R7]int t0/0/0
[R7-Tunnel0/0/0]ospf network-type broadcast
查看are0邻居情况:
R3:
R5
R6
R7
area 1:
R1:
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.33.0 0.0.0.255
[R1-ospf-1-area-0.0.0.1]network 172.16.34.0 0.0.0.255
R2:
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net 172.16.33.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]net 172.16.35.0 0.0.0.255
R3:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]net 172.16.33.0 0.0.0.255
[R3-ospf-1-area-0.0.0.1]net 172.16.36.0 0.0.0.255
查看area1邻居表:
area2:
R6:
[R6]ospf 1
[R6-ospf-1]a 2
[R6-ospf-1-area-0.0.0.2]net 172.16.65.1 0.0.0.0//精确宣告
R11:
R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]a 2
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.66.0 0.0.0.255
[R11-ospf-1-area-0.0.0.2]net 172.16.65.5 0.0.0.0
R12:
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]a 2
[R12-ospf-1-area-0.0.0.2]net 172.16.65.6 0.0.0.0
引入RIP区域的路由:
R12:
[R12-ospf-1-area-0.0.0.2]q
[R12-ospf-1]im
[R12-ospf-1]import-route rip
查看邻居表:
R6:
R11:
R12:
area 3:
R7:
[R7]ospf 1
[R7-ospf-1]a 3
[R7-ospf-1-area-0.0.0.3]net 172.16.97.1 0.0.0.0//精确宣告
R8:
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]a 3
[R8-ospf-1-area-0.0.0.3]net 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.97.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.98.0 0.0.0.255
R9:
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]a 3
[R9-ospf-1-area-0.0.0.3]net 172.16.97.6 0.0.0.0
查看邻居表:
R7:
R8:
R9:
area 4:
由于area4被area3和area0隔开,故这里将使用新建一个ospf进程重发布:
R9:
[R9]ospf 2
[R9-ospf-2]a 4
[R9-ospf-2-area-0.0.0.4]net 172.16.129.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]net 172.16.130.0 0.0.0.255
[R9-ospf-2-area-0.0.0.4]q
[R9-ospf-2]im
[R9-ospf-2]import-route o
[R9-ospf-2]import-route ospf 1
[R9-ospf-2]q
[R9]ospf 1
[R9-ospf-1]im
[R9-ospf-1]import-route o
[R9-ospf-1]import-route ospf 2
[R9-ospf-1]
R10:
[R10]ospf 2 ro
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]a 4
[R10-ospf-2-area-0.0.0.4]net 172.16.131.0 0.0.0.255
[R10-ospf-2-area-0.0.0.4]net 172.16.129.2 0.0.0.0
查看邻居表:
取消R5,R6,R7的选举权利
利于更快选举DR
[R5]int t0/0/0
[R5-Tunnel0/0/0]ospf dr-priority 0
[R6]int t0/0/0
[R6-Tunnel0/0/0]ospf dr-priority 0
[R7]int t0/0/0
[R7-Tunnel0/0/0]ospf dr-priority 0
检测网络
R10pingR1:
R1ping R12:
R12ping R10:
由此私网可达!
配置easy ip
R3,R6,R7:
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]q
[R3]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000
[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]q
[R6]int s4/0/0
[R6-Serial4/0/0]nat outbound 2000
[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]q
[R7]int g0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000
做了Easy IP后,私网的ip还是不能够访问公网上R4的环回地址。公网口的地址并没有宣告进私网。
解决方法:在私网入口路由器下发一条默认缺省给公网,可以手动下发,也可以自动下发,在后面的实验步骤中我们会去配置ospf特殊区域,它会自动给我们下发缺省。
配置特殊区域:
这里需要尽可能的减少路由条目,故我们选用totally stub区域和totally NSSA区域来让路由条目达到最简状态,也可以使用路由聚合(精简的是area 0的路由条目)的方法减少路由条目,但因为rip宣告时包括了一个大的网段,而ospf选路比rip的优先级高,故area 2中R11-R12的网段不能被聚合,会多出来一个网段出现在聚合网段后的路由表里。
area 1:
[R1]ospf 1
[R1-ospf-1]a 1
[R1-ospf-1-area-0.0.0.1]stub no
[R1-ospf-1-area-0.0.0.1]stub no-summary
[R2]ospf 1
[R2-ospf-1]a 1
[R2-ospf-1-area-0.0.0.1]stub n
[R2-ospf-1-area-0.0.0.1]stub no-summary
[R3]ospf 1
[R3-ospf-1]a 1
[R3-ospf-1-area-0.0.0.1]stub
[R3-ospf-1-area-0.0.0.1]stub n
[R3-ospf-1-area-0.0.0.1]stub no-summary
area 2:
[R6]ospf 1
[R6-ospf-1]a 2
[R6-ospf-1-area-0.0.0.2]ns
[R6-ospf-1-area-0.0.0.2]nssa n
[R6-ospf-1-area-0.0.0.2]nssa no-summary
[R11]ospf 1
[R11-ospf-1]a 2
[R11-ospf-1-area-0.0.0.2]ns
[R11-ospf-1-area-0.0.0.2]nssa n
[R11-ospf-1-area-0.0.0.2]nssa no-summary
[R12]ospf 1
[R12-ospf-1]a 2
[R12-ospf-1-area-0.0.0.2]nss
[R12-ospf-1-area-0.0.0.2]nssa no-summary
area 3:
[R7]ospf 1
[R7-ospf-1]a 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary
[R8]ospf 1
[R8-ospf-1]a 3
[R8-ospf-1-area-0.0.0.3]nssa no-summary
[R9]ospf 1
[R9-ospf-1]a 3
[R9-ospf-1-area-0.0.0.3]nssa no-summary
area 4:
由于在area 3成为otally NSSA区域后area 4被当作域外而无法默认下发缺省路由,所以需要向area 4的设备手动下发一条缺省路由。
因为R9上有一条R7下发的缺省所以不用在命令中写"always":
[R9]ospf 2
[R9-ospf-2]default-route-advertise
检测:
随机查看几个路由器:
随机私有网络路由器能否ping通ISP的环回:
R10:
R2:
R8:
R11:
由此,全网可达!
加快收敛速度:
通过更改hello时间来解决(修改的速度尽快):
在每一个需要建立邻居关系的接口下配置:
ospf timer hello 5
若两个接口hello时间不同,将不能建立邻接关系。
修改hello时间为5秒。达到加快收敛的作用。
area 0:
R1:
[R3]int s4/0/0
[R3-Serial4/0/0]ospf timer hello 5
R4:
[ISP]int s4/0/0
[ISP-Serial4/0/0]ospf timer hello 5
[ISP-Serial4/0/0]int s4/0/1
[ISP-Serial4/0/1]ospf timer hello 5
[ISP-Serial4/0/1]int s3/0/0
[ISP-Serial3/0/0]ospf timer hello 5
[ISP-Serial3/0/0]int g0/0/0
[ISP-GigabitEthernet0/0/0]ospf timer hello 5
R5:
[R5]int s4/0/0
[R5-Serial4/0/0]ospf timer hello 5
R6:
[R6]int s4/0/0
[R6-Serial4/0/0]ospf timer hello 5
R7:
[R7]int g0/0/0
[R7-GigabitEthernet0/0/0]ospf timer hello 5
area 1:
R1:
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ospf timer hello 5
R2:
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ospf timer hello 5
R3:
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ospf timer hello 5
area 2:
R6:
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ospf timer hello 5
R11:
[R11]int g0/0/0
[R11-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/0]int g0/0/1
[R11-GigabitEthernet0/0/1]ospf timer hello 5
R12:
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ospf timer hello 5
area 3:
R7:
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ospf timer hello 5
R8:
[R8]int g0/0/0
[R8-GigabitEthernet0/0/0]ospf timer hello 5
[R8-GigabitEthernet0/0/0]int g0/0/1
[R8-GigabitEthernet0/0/1]ospf timer hello 5
R9:
[R9]int g0/0/0
[R9-GigabitEthernet0/0/0]ospf timer hello 5
area4:
R9:
[R9]int g0/0/1
[R9-GigabitEthernet0/0/1]ospf timer hello 5
R10:
[R10]int g0/0/0
[R10-GigabitEthernet0/0/0]ospf timer hello 5
检测每个路由的邻居表是否全:
保障安全
使用ospf的区域认证
area 0:
R3:
[R3]ospf 1
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
R5:
[R5]ospf 1
[R5-ospf-1]a 0
[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
R6:
[R6]ospf 1
[R6-ospf-1]a 0
[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
R7:
[R7]ospf 1
[R7-ospf-1]a 0
[R7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
area 1:
R1:
[R1]ospf 1
[R1-ospf-1]a 1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher a1234
R2:
[R2]ospf 1
[R2-ospf-1]a 1
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher a1234
R3:
[R3]ospf 1
[R3-ospf-1]a 1
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher a1234
area 2:
R6:
[R6]ospf 1
[R6-ospf-1]a 2
[R6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher b1234
R11:
[R11]ospf 1
[R11-ospf-1]a 2
[R11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher b1234
R12:
[R12]ospf 1
[R12-ospf-1]a 2
[R12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher b1234
area 3:
R7:
[R7]ospf 1
[R7-ospf-1]a 3
[R7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher c1234
R8:
[R8]ospf 1
[R8-ospf-1]a 3
[R8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher c1234
R9:
[R9]ospf 1
[R9-ospf-1]a 3
[R9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher c1234
area 4:
R9:
[R9]ospf 2
[R9-ospf-2]a 4
[R9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher d1234
R10:
[R10]ospf 2
[R10-ospf-2]a 4
[R10-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher d1234
测试:
以R1的环回 ping R4 环回:
以R1的环回 ping R12 环回L0:
以R1的环回 ping R10 环回:
测试成功,实验完成!!