华为ospf路由协议在局域网中的高级应用案例

关键配置:

1、出口为ospf区域0,下联汇聚依次区域1、2...,非骨干全部为完全nssa区域

2、核心(abr)上对非骨干区域进行路由汇总,用于解决出口两台路由的条目数量

3、ospf静默接口配置在汇聚下联接接入交换机的vlan

4、核心交换机配置黑洞路由,防止内网用户探测不存在的192网段的地址,造成核心和出口路由一直循环转发这个不存在的地址。

AR1:

dis current-configuration

[V200R003C00]

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0

ip address 10.0.0.100 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.0.100 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 100.1.1.1 255.255.255.255

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR2:

dis current-configuration

[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.0.0.2 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 21.1.1.2 255.255.255.248

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2

default-route-advertise

area 0.0.0.0

network 21.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.0.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

AR3:

dis current-configuration

[V200R003C00]

sysname r3

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 2000

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/0

ip address 10.1.0.3 255.255.255.0

nat outbound 2000

interface GigabitEthernet0/0/1

ip address 31.1.1.3 255.255.255.248

ospf cost 100

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3

default-route-advertise

area 0.0.0.0

network 31.1.1.0 0.0.0.7

ip route-static 0.0.0.0 0.0.0.0 10.1.0.100

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

wlan ac

return

LSW1:

dis current-configuration

sysname hx

undo info-center enable

vlan batch 10 20 50 60

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.1 255.255.255.248

interface Vlanif20

ip address 13.1.1.1 255.255.255.248

interface Vlanif50

ip address 21.1.1.1 255.255.255.248

interface Vlanif60

ip address 31.1.1.1 255.255.255.248

ospf cost 100

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

port link-type access

port default vlan 50

interface GigabitEthernet0/0/2

port link-type access

port default vlan 60

interface GigabitEthernet0/0/3

eth-trunk 1

interface GigabitEthernet0/0/4

eth-trunk 2

interface GigabitEthernet0/0/5

interface GigabitEthernet0/0/6

interface GigabitEthernet0/0/7

eth-trunk 1

interface GigabitEthernet0/0/8

eth-trunk 2

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 21.1.1.0 0.0.0.7

network 31.1.1.0 0.0.0.7

area 0.0.0.1

abr-summary 192.168.100.0 255.255.254.0

network 12.1.1.0 0.0.0.7

nssa no-summary

area 0.0.0.2

abr-summary 192.168.200.0 255.255.254.0

network 13.1.1.0 0.0.0.7

nssa no-summary

ip route-static 192.0.0.0 255.0.0.0 NULL0 //黑洞路由,防攻击

user-interface con 0

user-interface vty 0 4

LSW2:

dis current-configuration

sysname sw2

undo info-center enable

vlan batch 10 100 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif10

ip address 12.1.1.2 255.255.255.248

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

dhcp select interface

interface Vlanif110

ip address 192.168.101.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/4

eth-trunk 1

interface LoopBack0

ip address 22.22.22.22 255.255.255.255

ospf 1

silent-interface Vlanif100

silent-interface Vlanif110

area 0.0.0.1

network 12.1.1.0 0.0.0.7

network 192.168.100.0 0.0.0.255

network 192.168.101.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

LSW3:

dis current-configuration

sysname sw3

vlan batch 20 200 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

dhcp enable

diffserv domain default

drop-profile default

interface Vlanif1

interface Vlanif20

ip address 13.1.1.3 255.255.255.248

interface Vlanif200

ip address 192.168.200.1 255.255.255.0

dhcp select interface

interface Vlanif210

ip address 192.168.201.1 255.255.255.0

dhcp select interface

interface MEth0/0/1

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

mode lacp-static

interface GigabitEthernet0/0/1

eth-trunk 2

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/4

eth-trunk 2

interface LoopBack0

ip address 33.33.33.33 255.255.255.255

ospf 1

silent-interface Vlanif200

silent-interface Vlanif210

area 0.0.0.2

network 13.1.1.0 0.0.0.7

network 192.168.200.0 0.0.0.255

network 192.168.201.0 0.0.0.255

nssa no-summary

user-interface con 0

user-interface vty 0 4

return

LSW4:

dis current-configuration

sysname Huawei

vlan batch 100

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 100

interface GigabitEthernet0/0/2

port link-type access

port default vlan 100

return

LSW5:

dis current-configuration

sysname Huawei

vlan batch 110

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 110

interface GigabitEthernet0/0/2

port link-type access

port default vlan 110

user-interface con 0

user-interface vty 0 4

return

LSW6:

dis current-configuration

sysname Huawei

vlan batch 200

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 200

interface GigabitEthernet0/0/2

port link-type access

port default vlan 200

return

LSW7:

dis current-configuration

sysname Huawei

vlan batch 210

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 210

interface GigabitEthernet0/0/2

port link-type access

port default vlan 210

return

相关推荐
Tassel_YUE1 小时前
网络自动化04:python实现ACL匹配信息(主机与主机信息)
网络·python·自动化
Diamond技术流1 小时前
从0开始学习Linux——网络配置
linux·运维·网络·学习·安全·centos
Spring_java_gg1 小时前
如何抵御 Linux 服务器黑客威胁和攻击
linux·服务器·网络·安全·web安全
方方怪2 小时前
与IP网络规划相关的知识点
服务器·网络·tcp/ip
yilylong3 小时前
鸿蒙(Harmony)实现滑块验证码
华为·harmonyos·鸿蒙
baby_hua3 小时前
HarmonyOS第一课——DevEco Studio的使用
华为·harmonyos
weixin_442643423 小时前
推荐FileLink数据跨网摆渡系统 — 安全、高效的数据传输解决方案
服务器·网络·安全·filelink数据摆渡系统
阑梦清川4 小时前
JavaEE初阶---网络原理(五)---HTTP协议
网络·http·java-ee
FeelTouch Labs5 小时前
Netty实现WebSocket Server是否开启压缩深度分析
网络·websocket·网络协议
长弓三石7 小时前
鸿蒙网络编程系列44-仓颉版HttpRequest上传文件示例
前端·网络·华为·harmonyos·鸿蒙