OSPF综合实验

一、实验拓扑图

二、实验要求

1、R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP

2、R3-R5/6/7为MGRE环境,R3为中心站点;

3、整个OSPF环境IP基于172.16.0.0/16划分;

4、所有设备均可访问R4的环回;

5、减少LSA的更新量,加快收敛,保障更新安全;

6、全网可达

三、实验配置

1、各区域IP地址的划分

将172.16.0.0/16大致划分为八个区域,剩余的两个区域作为备用区域

area 0------172.16.0.0/19

172.16.0.0/24------P2P的骨干

172.16.0.0/30

172.16.0.4/30

172.16.0.8/30

......

172.16.0.63/30

172.16.2.0/24------MA的骨干

172.16.1.0/29

172.16.1.8/39

172.16.1.16/29

172.16.2.0/24------用户网段

......

172.16.31.0/24

area 1------172.16.32.0/19

172.16.32.0/24------P2P的骨干

172.16.32.0/30

172.16.32.4/30

172.16.32.8/30

172.16.33.0/24------MA的骨干

172.16.33.0/29

172.16.33.8/29

172.16.33.16/29

172.16.34.0/24

......

172.16.63.0/24

area 2------172.16.64.0/19

area 3------172.16.96.0/19

area 4------172.16.128.0/19

RIP------172.16.160.0/19

备用区域:172.16.192.0/19 172.16.224.0/19

2、各区域IP地址及环回地址的配置

R1

bash 复制代码
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 29
[R1-GigabitEthernet0/0/0]int l 0
[R1-LoopBack0]ip address 172.16.34.1 24

R2

bash 复制代码
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[R2-GigabitEthernet0/0/0]int l 0
[R2-LoopBack0]ip address 172.16.35.1 24

R3

bash 复制代码
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 29
[R3-GigabitEthernet0/0/0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.1 24
[R3-Serial4/0/0]int l 0	
[R3-LoopBack0]ip address 172.16.36.1 24
[R3-LoopBack0]q
[R3]ip route-static 0.0.0.0 0 34.0.0.2    ------    缺省路由

R4

bash 复制代码
[ISP]int s 4/0/0
[ISP-Serial4/0/0]ip address 34.0.0.2 24
[ISP-Serial4/0/0]int s 4/0/1
[ISP-Serial4/0/1]ip address 54.0.0.2 24
[ISP-Serial4/0/1]int s 3/0/0
[ISP-Serial3/0/0]ip address 64.0.0.2 24
[ISP-Serial3/0/0]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 74.0.0.2 24
[ISP-GigabitEthernet0/0/0]int l 0
[ISP-LoopBack0]ip address 4.4.4.4 24

R5

bash 复制代码
[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 54.0.0.1 24
[R5-Serial4/0/0]int l 0
[R5-LoopBack0]ip address 172.16.2.1 24
[R5]ip route-static 0.0.0.0 0 54.0.0.2    ------    缺省路由

R6

bash 复制代码
[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 64.0.0.1 24
[R6-Serial4/0/0]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 29
[R6-GigabitEthernet0/0/0]int l 0	
[R6-LoopBack0]ip address 172.16.3.1 24
[R6]ip route-static 0.0.0.0 0 64.0.0    ------    缺省路由

R7

bash 复制代码
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 74.0.0.1 24
[R7-GigabitEthernet0/0/0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 29
[R7-GigabitEthernet0/0/1]int l 0
[R7-LoopBack0]ip address 172.16.4.1 24
[R7]ip route-static 0.0.0.0 0 74.0.0.2    ------    缺省路由

R8

bash 复制代码
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 29
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.9 29
[R8-GigabitEthernet0/0/1]int l 0
[R8-LoopBack0]ip address 172.16.98.1 24

R9

bash 复制代码
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.10 29
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 29
[R9-GigabitEthernet0/0/1]int l 0
[R9-LoopBack0]ip address 172.16.130.1 24

R10

bash 复制代码
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 29
[R10-GigabitEthernet0/0/0]int l 0
[R10-LoopBack0]ip address 172.16.131.1 24

R11

bash 复制代码
[R11]int g 0/0/0	
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 29
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.9 29
[R11-GigabitEthernet0/0/1]int l 0
[R11-LoopBack0]ip address 172.16.66.1 24

R12

bash 复制代码
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.10 29
[R12-GigabitEthernet0/0/0]int l 0
[R12-LoopBack0]ip address 172.16.160.1 20
[R12-LoopBack0]int l 1
[R12-LoopBack1]ip address 172.16.176.1 20

3、R3-R5/6/7为MGRE环境,R3为中心站点

R3

bash 复制代码
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip address 172.16.1.1 29
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]source 34.0.0.1
[R3-Tunnel0/0/0]nhrp network-id 10
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 

R5

bash 复制代码
[R5]int t 0/0/0
[R5-Tunnel0/0/0]ip address 172.16.1.2 29
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R5-Tunnel0/0/0]source 54.0.0.1
[R5-Tunnel0/0/0]nhrp network-id 10
[R5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register

R6

bash 复制代码
[R6]int t 0/0/0
[R6-Tunnel0/0/0]ip address 172.16.1.3 29
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R6-Tunnel0/0/0]source 64.0.0.1
[R6-Tunnel0/0/0]nhrp network-id 10
[R6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

R7

bash 复制代码
[R7]int t 0/0/0
[R7-Tunnel0/0/0]ip address 172.16.1.4 29
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R7-Tunnel0/0/0]source 74.0.0.1
[R7-Tunnel0/0/0]nhrp network-id 10
[R7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

查看MGRE环境

4、启动OSPF协议和RIP协议

R1

bash 复制代码
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

R2

bash 复制代码
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

R3

bash 复制代码
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 172.16.33.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]area 0
[R3-ospf-1-area-0.0.0.0]network 34.0.0.1 0.0.0.0

[R3]int t 0/0/0    ------    更改接口类型
[R3-Tunnel0/0/0]ospf network-type p2mp

R5

bash 复制代码
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[R5]int t 0/0/0    ------    更改接口类型
[R5-Tunnel0/0/0]ospf network-type p2mp

R6

bash 复制代码
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[R6-ospf-1-area-0.0.0.0]area 2
[R6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0

[R6]int t 0/0/0    ------    更改接口类型
[R6-Tunnel0/0/0]ospf network-type p2mp

R7

bash 复制代码
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 74.0.0.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
[R7-ospf-1-area-0.0.0.0]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0

[R7]int t 0/0/0    ------    更改接口类型
[R7-Tunnel0/0/0]ospf network-type p2mp

R8

bash 复制代码
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.97.9 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.98.1 0.0.0.0

R9

bash 复制代码
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[R9-ospf-1-area-0.0.0.3]area 4
[R9-ospf-1-area-0.0.0.4]network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]network 172.16.130.1 0.0.0.0

R10

bash 复制代码
[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.129.2 0.0.0.0
[R10-ospf-1-area-0.0.0.4]network 172.16.131.1 0.0.0.0

R11

bash 复制代码
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.9 0.0.0.0

R12

bash 复制代码
OSPF
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net	
[R12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0

RIP
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]network 172.16.0.0

进行重发布,将RIP协议导入到OSPF协议中,让两个不同的网络进行通信

因为路由缺少area 4区域和RIP区域路由,可以使用重发布导入

bash 复制代码
[R12]ospf 1
[R12-ospf-1]import-route rip 1

删除区域4,重新创建OSPF2区域

bash 复制代码
[R9]ospf 1
[R9-ospf-1]area 4
[R9-ospf-1-area-0.0.0.4]undo network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]undo network 172.16.130.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]q
[R9-ospf-1]undo area 4

[R9]ospf 2 router-id 19.19.19.19
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]network 172.16.130.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]network 172.16.129.1 0.0.0.0

重发布OSPF2

bash 复制代码
[R9]ospf 1
[R9-ospf-1]import-route ospf 2

5、减少LSA的更新量(进行汇总和做特殊区域)

汇总可以减少骨干区域收到的路由信息

为了避免线路环回,我们可以配置空接口路由

域间路由汇总

R3------骨干区域发送路由信息时,将LSA汇总成一条3类LSA

bash 复制代码
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

[R3]ip route-static 172.16.32.0 19 NULL 0    ------    空接口防环

R6

bash 复制代码
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0

[R6]ip route-static 172.16.64.0 19 NULL 0

R7

bash 复制代码
[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R7]ip route-static 172.16.96.0 19 NULL 0

R9

bash 复制代码
[R9]ospf 1
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0

[R9]ip route-static 172.16.128.0 19 NULL 0

R12

bash 复制代码
[R12]ospf 1
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

[R12]ip route-static 172.16.160.0 19 NULL 0

区域1配置完全末梢区域

bash 复制代码
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]stub

[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub

[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary

区域2

bash 复制代码
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]nssa

[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]nssa

区域3

bash 复制代码
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]nssa

[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]nssa

因为R10没有任何路由信息,所以我们可以在R9上配置一条缺省路由,由此可以全网可达

bash 复制代码
[R9]ospf 2
[r9-ospf-2]default-route-adbertise

6、加快收敛(可以修改hello时间,死亡时间随hello时间变化而变化)

[R3]int t 0/0/0
[R3-Tunnel0/0/0]ospf timer hello 10

[R5]int t 0/0/0
[R5-Tunnel0/0/0]ospf timer hello 10

[R6]int t 0/0/0
[R6-Tunnel0/0/0]ospf timer hello 10

[R7]int t 0/0/0
[R7-Tunnel0/0/0]ospf timer hello 10

7、配置NET环境,完成所有设备访问R4环回

因为R4周围只有R3、R6、R7三台设备,所以只需要在这三个设备上做NAT端口映射即可,源地址为R4的网段

[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000
[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s 4/0/0
[R6-Serial4/0/0]nat outbound 2000
[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g 0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000

8、保证更新安全,全网可达

bash 复制代码
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authen	
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]authen	
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]authen	
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
相关推荐
dessler19 分钟前
Docker-run命令详细讲解
linux·运维·后端·docker
群联云防护小杜33 分钟前
如何给负载均衡平台做好安全防御
运维·服务器·网络·网络协议·安全·负载均衡
PyAIGCMaster1 小时前
ubuntu装P104驱动
linux·运维·ubuntu
奈何不吃鱼1 小时前
【Linux】ubuntu依赖安装的各种问题汇总
linux·运维·服务器
爱码小白1 小时前
网络编程(王铭东老师)笔记
服务器·网络·笔记
zzzhpzhpzzz1 小时前
Ubuntu如何查看硬件型号
linux·运维·ubuntu
蜜獾云1 小时前
linux firewalld 命令详解
linux·运维·服务器·网络·windows·网络安全·firewalld
陌北v11 小时前
Docker Compose 配置指南
运维·docker·容器·docker-compose
只会copy的搬运工2 小时前
Jenkins 持续集成部署——Jenkins实战与运维(1)
运维·ci/cd·jenkins
娶不到胡一菲的汪大东2 小时前
Ubuntu概述
linux·运维·ubuntu