华为ospf路由协议在局域网中的高级应用案例

关键配置:

1、出口为ospf区域0,下联汇聚依次区域1、2...,非骨干全部为完全nssa区域

2、核心(abr)上对非骨干区域进行路由汇总,用于解决出口两台路由的条目数量

3、ospf静默接口配置在汇聚下联接接入交换机的vlan

4、核心交换机配置黑洞路由,防止内网用户探测不存在的192网段的地址,造成核心和出口路由一直循环转发这个不存在的地址。

AR1:

dis current-configuration

V200R003C00

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0

ip address 10.0.0.100 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.0.100 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 100.1.1.1 255.255.255.255

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR2:

dis current-configuration

V200R003C00

sysname r2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.0.0.2 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 21.1.1.2 255.255.255.248

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2

default-route-advertise

area 0.0.0.0

network 21.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.0.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR3:

dis current-configuration

V200R003C00

sysname r3

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.1.0.3 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 31.1.1.3 255.255.255.248

ospf cost 100

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3

default-route-advertise

area 0.0.0.0

network 31.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.1.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

LSW1:

dis current-configuration

sysname hx

undo info-center enable

vlan batch 10 20 50 60

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.1 255.255.255.248

interface Vlanif20

ip address 13.1.1.1 255.255.255.248

interface Vlanif50

ip address 21.1.1.1 255.255.255.248

interface Vlanif60

ip address 31.1.1.1 255.255.255.248

ospf cost 100

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

port link-type access

port default vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

interface GigabitEthernet0/0/3

eth-trunk 1

interface GigabitEthernet0/0/4

eth-trunk 2

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

eth-trunk 1

interface GigabitEthernet0/0/8

eth-trunk 2

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 21.1.1.0 0.0.0.7

network 31.1.1.0 0.0.0.7

area 0.0.0.1

abr-summary 192.168.100.0 255.255.254.0

network 12.1.1.0 0.0.0.7

nssa no-summary

area 0.0.0.2

abr-summary 192.168.200.0 255.255.254.0

network 13.1.1.0 0.0.0.7

nssa no-summary

ip route-static 192.0.0.0 255.0.0.0 NULL0 //黑洞路由,防攻击

user-interface con 0

user-interface vty 0 4

LSW2:

dis current-configuration

sysname sw2

undo info-center enable

vlan batch 10 100 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.2 255.255.255.248

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

dhcp select interface

interface Vlanif110

ip address 192.168.101.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/4

eth-trunk 1

interface LoopBack0

ip address 22.22.22.22 255.255.255.255

ospf 1

silent-interface Vlanif100

silent-interface Vlanif110

area 0.0.0.1

network 12.1.1.0 0.0.0.7

network 192.168.100.0 0.0.0.255

network 192.168.101.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

LSW3:

dis current-configuration

sysname sw3

vlan batch 20 200 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif20

ip address 13.1.1.3 255.255.255.248

interface Vlanif200

ip address 192.168.200.1 255.255.255.0

dhcp select interface

interface Vlanif210

ip address 192.168.201.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 2

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/4

eth-trunk 2

interface LoopBack0

ip address 33.33.33.33 255.255.255.255

ospf 1

silent-interface Vlanif200

silent-interface Vlanif210

area 0.0.0.2

network 13.1.1.0 0.0.0.7

network 192.168.200.0 0.0.0.255

network 192.168.201.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

return

LSW4:

dis current-configuration

sysname Huawei

vlan batch 100

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/2

port link-type access

port default vlan 100

return

LSW5:

dis current-configuration

sysname Huawei

vlan batch 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/2

port link-type access

port default vlan 110

user-interface con 0

user-interface vty 0 4

return

LSW6:

dis current-configuration

sysname Huawei

vlan batch 200

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/2

port link-type access

port default vlan 200

return

LSW7:

dis current-configuration

sysname Huawei

vlan batch 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/2

port link-type access

port default vlan 210

return

相关推荐
小宁爱Python41 分钟前
Python从入门到精通4:计算机网络及TCP网络应用程序开发入门指南
网络·python·tcp/ip·计算机网络
发财哥fdy1 小时前
4.2-3 fiddler抓取手机接口
网络
weixin_404551241 小时前
华为数字化转型-平台篇
华为·平台·数字化转型·总结
网络安全指导员2 小时前
如何在JMeter中配置断言,将非200状态码视为测试成功
网络·学习·jmeter·安全·web安全·架构
~樱小路~3 小时前
网络:华为数通HCIA学习:IP路由基础
网络·学习·华为
GalaxyPokemon3 小时前
Muduo网络库实现 [十三] - HttpRequest模块
linux·服务器·网络·c++
liruiqiang053 小时前
循环神经网络 - 机器学习任务之同步的序列到序列模式
网络·人工智能·rnn·深度学习·神经网络·机器学习
圈圈编码4 小时前
WebSocket
java·网络·spring boot·websocket·网络协议·spring
电手4 小时前
纯国产系统,首款鸿蒙电脑下月发布
华为·电脑·harmonyos
Double Point5 小时前
(三十三)Dart 中使用 Pub 包管理系统与 HTTP 请求教程
网络·网络协议·http