华为ospf路由协议在局域网中的高级应用案例

关键配置：

1、出口为ospf区域0，下联汇聚依次区域1、2...，非骨干全部为完全nssa区域

2、核心（abr）上对非骨干区域进行路由汇总，用于解决出口两台路由的条目数量

3、ospf静默接口配置在汇聚下联接接入交换机的vlan

4、核心交换机配置黑洞路由，防止内网用户探测不存在的192网段的地址，造成核心和出口路由一直循环转发这个不存在的地址。

AR1：

dis current-configuration

[V200R003C00]

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0

ip address 10.0.0.100 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.0.100 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 100.1.1.1 255.255.255.255

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR2：

dis current-configuration

[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.0.0.2 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 21.1.1.2 255.255.255.248

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2

default-route-advertise

area 0.0.0.0

network 21.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.0.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR3:

dis current-configuration

[V200R003C00]

sysname r3

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.1.0.3 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 31.1.1.3 255.255.255.248

ospf cost 100

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3

default-route-advertise

area 0.0.0.0

network 31.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.1.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

LSW1：

dis current-configuration

sysname hx

undo info-center enable

vlan batch 10 20 50 60

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.1 255.255.255.248

interface Vlanif20

ip address 13.1.1.1 255.255.255.248

interface Vlanif50

ip address 21.1.1.1 255.255.255.248

interface Vlanif60

ip address 31.1.1.1 255.255.255.248

ospf cost 100

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

port link-type access

port default vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

interface GigabitEthernet0/0/3

eth-trunk 1

interface GigabitEthernet0/0/4

eth-trunk 2

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

eth-trunk 1

interface GigabitEthernet0/0/8

eth-trunk 2

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 21.1.1.0 0.0.0.7

network 31.1.1.0 0.0.0.7

area 0.0.0.1

abr-summary 192.168.100.0 255.255.254.0

network 12.1.1.0 0.0.0.7

nssa no-summary

area 0.0.0.2

abr-summary 192.168.200.0 255.255.254.0

network 13.1.1.0 0.0.0.7

nssa no-summary

ip route-static 192.0.0.0 255.0.0.0 NULL0 //黑洞路由，防攻击

user-interface con 0

user-interface vty 0 4

LSW2：

dis current-configuration

sysname sw2

undo info-center enable

vlan batch 10 100 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.2 255.255.255.248

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

dhcp select interface

interface Vlanif110

ip address 192.168.101.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/4

eth-trunk 1

interface LoopBack0

ip address 22.22.22.22 255.255.255.255

ospf 1

silent-interface Vlanif100

silent-interface Vlanif110

area 0.0.0.1

network 12.1.1.0 0.0.0.7

network 192.168.100.0 0.0.0.255

network 192.168.101.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

LSW3：

dis current-configuration

sysname sw3

vlan batch 20 200 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif20

ip address 13.1.1.3 255.255.255.248

interface Vlanif200

ip address 192.168.200.1 255.255.255.0

dhcp select interface

interface Vlanif210

ip address 192.168.201.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 2

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/4

eth-trunk 2

interface LoopBack0

ip address 33.33.33.33 255.255.255.255

ospf 1

silent-interface Vlanif200

silent-interface Vlanif210

area 0.0.0.2

network 13.1.1.0 0.0.0.7

network 192.168.200.0 0.0.0.255

network 192.168.201.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

return

LSW4：

dis current-configuration

sysname Huawei

vlan batch 100

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/2

port link-type access

port default vlan 100

return

LSW5：

dis current-configuration

sysname Huawei

vlan batch 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/2

port link-type access

port default vlan 110

user-interface con 0

user-interface vty 0 4

return

LSW6:

dis current-configuration

sysname Huawei

vlan batch 200

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/2

port link-type access

port default vlan 200

return

LSW7:

dis current-configuration

sysname Huawei

vlan batch 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/2

port link-type access

port default vlan 210

return