华为ospf路由协议在局域网中的高级应用案例

关键配置:

1、出口为ospf区域0,下联汇聚依次区域1、2...,非骨干全部为完全nssa区域

2、核心(abr)上对非骨干区域进行路由汇总,用于解决出口两台路由的条目数量

3、ospf静默接口配置在汇聚下联接接入交换机的vlan

4、核心交换机配置黑洞路由,防止内网用户探测不存在的192网段的地址,造成核心和出口路由一直循环转发这个不存在的地址。

AR1:

dis current-configuration

V200R003C00

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0

ip address 10.0.0.100 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.0.100 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 100.1.1.1 255.255.255.255

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR2:

dis current-configuration

V200R003C00

sysname r2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.0.0.2 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 21.1.1.2 255.255.255.248

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2

default-route-advertise

area 0.0.0.0

network 21.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.0.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR3:

dis current-configuration

V200R003C00

sysname r3

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.1.0.3 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 31.1.1.3 255.255.255.248

ospf cost 100

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3

default-route-advertise

area 0.0.0.0

network 31.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.1.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

LSW1:

dis current-configuration

sysname hx

undo info-center enable

vlan batch 10 20 50 60

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.1 255.255.255.248

interface Vlanif20

ip address 13.1.1.1 255.255.255.248

interface Vlanif50

ip address 21.1.1.1 255.255.255.248

interface Vlanif60

ip address 31.1.1.1 255.255.255.248

ospf cost 100

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

port link-type access

port default vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

interface GigabitEthernet0/0/3

eth-trunk 1

interface GigabitEthernet0/0/4

eth-trunk 2

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

eth-trunk 1

interface GigabitEthernet0/0/8

eth-trunk 2

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 21.1.1.0 0.0.0.7

network 31.1.1.0 0.0.0.7

area 0.0.0.1

abr-summary 192.168.100.0 255.255.254.0

network 12.1.1.0 0.0.0.7

nssa no-summary

area 0.0.0.2

abr-summary 192.168.200.0 255.255.254.0

network 13.1.1.0 0.0.0.7

nssa no-summary

ip route-static 192.0.0.0 255.0.0.0 NULL0 //黑洞路由,防攻击

user-interface con 0

user-interface vty 0 4

LSW2:

dis current-configuration

sysname sw2

undo info-center enable

vlan batch 10 100 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.2 255.255.255.248

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

dhcp select interface

interface Vlanif110

ip address 192.168.101.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/4

eth-trunk 1

interface LoopBack0

ip address 22.22.22.22 255.255.255.255

ospf 1

silent-interface Vlanif100

silent-interface Vlanif110

area 0.0.0.1

network 12.1.1.0 0.0.0.7

network 192.168.100.0 0.0.0.255

network 192.168.101.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

LSW3:

dis current-configuration

sysname sw3

vlan batch 20 200 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif20

ip address 13.1.1.3 255.255.255.248

interface Vlanif200

ip address 192.168.200.1 255.255.255.0

dhcp select interface

interface Vlanif210

ip address 192.168.201.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 2

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/4

eth-trunk 2

interface LoopBack0

ip address 33.33.33.33 255.255.255.255

ospf 1

silent-interface Vlanif200

silent-interface Vlanif210

area 0.0.0.2

network 13.1.1.0 0.0.0.7

network 192.168.200.0 0.0.0.255

network 192.168.201.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

return

LSW4:

dis current-configuration

sysname Huawei

vlan batch 100

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/2

port link-type access

port default vlan 100

return

LSW5:

dis current-configuration

sysname Huawei

vlan batch 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/2

port link-type access

port default vlan 110

user-interface con 0

user-interface vty 0 4

return

LSW6:

dis current-configuration

sysname Huawei

vlan batch 200

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/2

port link-type access

port default vlan 200

return

LSW7:

dis current-configuration

sysname Huawei

vlan batch 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/2

port link-type access

port default vlan 210

return

相关推荐
奋斗者1号2 小时前
《Crawl4AI 爬虫工具部署配置全攻略》
网络·爬虫
courniche2 小时前
VRRP与BFD在冗余设计中的核心区别:从“备用网关”到“毫秒级故障检测”
网络·智能路由器
艾厶烤的鱼3 小时前
架构-信息安全技术基础知识
网络·架构
muxue1784 小时前
centos 7 网络配置(2):ping命令出现问题
linux·网络·centos
鸿蒙布道师4 小时前
鸿蒙NEXT开发正则工具类RegexUtil(ArkTs)
android·ios·华为·harmonyos·arkts·鸿蒙系统·huawei
CZIDC4 小时前
[特殊字符][特殊字符] HarmonyOS相关实现原理聊聊![特殊字符][特殊字符]
华为·harmonyos
山猪打不过家猪7 小时前
(六)RestAPI 毛子(外部导入打卡/游标分页/Refit/Http resilience/批量提交/Quartz后台任务/Hateoas Driven)
网络·缓存
weixin138233951797 小时前
EN18031测试,EN18031认证,EN18031报告解读
网络
JhonKI7 小时前
【Linux网络】构建与优化HTTP请求处理 - HttpRequest从理解到实现
linux·网络·http
GOATLong8 小时前
网络基础概念
linux·运维·服务器·网络·arm开发·c++