OSPF综合实验

江水三千里2024-04-18 21:43

实验拓扑

实验要求

1、R4为ISP,其上只配置IP地址;R4与其他所直连设备间均使用公有IP;

2、R3-R5、R6、R7为MGRE环境,R3为中心站点;

3、整个OSPF环境IP基于172.16.0.0/16划分;除了R12有两个环回,其他路由器均有一个环回IP

4、所有设备均可访问R4的环回;

5、减少LSA的更新量,加快收敛,保障更新安全;

6、全网可达

实验思路

1.配置IP地址

2.缺省路由

3.配置OSPF,RIP,路由引入RIP

4.配置MGRE,R3为中心站点,ospf宣告隧道

5.修改接口类型,取消选举

6.多进程重发布area4

7.配置easyIP

8.路由聚合

9.设置特殊区域

10.加快收敛

11.区域验证

实验步骤

配置IP地址

复制代码 
//R1
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 24
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip address 172.16.34.1 24
//R2
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 24
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip address 172.16.35.2 24
//R3
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 24
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip address 172.16.36.3 24
[R3-LoopBack0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.3 24
//R4
[R4]int s 4/0/0
[R4-Serial4/0/0]ip address 34.0.0.4 24
[R4-Serial4/0/0]int s 3/0/1
[R4-Serial3/0/1]ip address 45.0.0.4 24
[R4-Serial3/0/1]int s 3/0/0
[R4-Serial3/0/0]ip address 46.0.0.4 24
[R4-Serial3/0/0]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip address 47.0.0.4 24
[R4-GigabitEthernet0/0/0]int l0
[R4-LoopBack0]ip address 172.16.2.1 24
//R5
[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 45.0.0.5 24
[R5-Serial4/0/0]int l0
[R5-LoopBack0]ip ad 172.16.3.5 24
//R6
[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 46.0.0.6 24
[R6-Serial4/0/0]int l0
[R6-LoopBack0]ip address 172.16.4.6 24
[R6-LoopBack0]int g 0/0/0
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 30
//R7
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 47.0.0.7 24
[R7-GigabitEthernet0/0/0]int l0
[R7-LoopBack0]ip address 172.16.5.7 24
[R7-LoopBack0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 30
//R8
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 30
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.5 30
[R8-GigabitEthernet0/0/1]int l0
[R8-LoopBack0]ip address 172.16.98.8 24
//R9
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.6 30
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 30
[R9-GigabitEthernet0/0/1]int l0
[R9-LoopBack0]ip address 172.16.130.9 24
//R10
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 30
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip address 172.16.131.10 24
//R11
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 30
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.5 30
[R11-GigabitEthernet0/0/1]int l0
[R11-LoopBack0]ip address 172.16.66.11 24
//R12
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.6 30
[R12-GigabitEthernet0/0/0]int l0
[R12-LoopBack0]ip address 172.16.160.12 24
[R12-LoopBack0]int l1
[R12-LoopBack1]ip address 172.16.161.12 24

配置缺省路由实现公网通

复制代码 
[R3]ip route-static 0.0.0.0 0 34.0.0.4

[R5]ip route-static 0.0.0.0 0 45.0.0.4

[R6]ip route-static 0.0.0.0 0 46.0.0.4

[R7]ip route-static 0.0.0.0 0 47.0.0.4

使用R3设备pingR5设备进行检验

配置OSPF协议

复制代码 
//进程1..area1
//R1设备
[R1]ospf 1 rou	
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]net 172.16.33.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]net 172.16.34.1 0.0.0.0
//R2设备
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net 172.16.35.1 0.0.0.0
[R2-ospf-1-area-0.0.0.1]net 172.16.33.2 0.0.0.0
//R3设备
[R3]ospf 1 rou	
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]net 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]net 172.16.33.3 0.0.0.0
//查看R3设备通过ospf协议获得的路由信息
[R3]display ip routing-table protocol ospf 
//R3设备上可以查看到R1与R2设备的网段信息
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    172.16.34.1/32  OSPF    10   1           D   172.16.33.1     GigabitEthernet
0/0/0
    172.16.35.1/32  OSPF    10   1           D   172.16.33.2     GigabitEthernet
0/0/0

//进程1...area2
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]net 172.16.65.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]net 172.16.4.1 0.0.0.0
//R11
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.5 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.66.1 0.0.0.0
//R12
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net 172.16.65.6 0.0.0.0

//进程1...area3
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]net 172.16.97.1 0.0.0.0
[R7-ospf-1-area-0.0.0.3]net 172.16.5.1 0.0.0.0
//R8
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]net 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.97.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.98.1 0.0.0.0
//R9
[R9]ospf 1 rou	
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]net 172.16.97.6 0.0.0.0
[R9-ospf-1-area-0.0.0.3]net 172.16.130.1 0.0.0.0

//区域4未与area0直接相连,所以不与前面设备处于同一进程
//进程2
//R9
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]net 172.16.129.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]net 172.16.130.1 0.0.0.0
//R10
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]area 4
[R10-ospf-2-area-0.0.0.4]net 172.16.129.2 0.0.0.0
[R10-ospf-2-area-0.0.0.4]net 172.16.131.1 0.0.0.0.0.0

//R12设备配置rip
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]undo summary 	
[R12-rip-1]network 172.16.0.0
[R12]ospf 1 router-id 12.12.12.12
//引入rip
[R12-ospf-1]import-route rip 1

在R6设备上检查引入成功

配置MGRE

bash 复制代码 
//R3
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip ad 172.16.6.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:49:58-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 
//R5
[R5]int t0/0/0
[R5-Tunnel0/0/0]ip ad 172.16.6.5 24
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source Serial 4/0/0
Apr 16 2024 19:53:40-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 	
[R5-Tunnel0/0/0]nhrp network-id 100
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R6
[R6]int t0/0/0	
[R6-Tunnel0/0/0]ip ad 172.16.6.6 24
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R6-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:58:45-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R6-Tunnel0/0/0]nhrp network-id 100
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R7
[R7]int t0/0/0
[R7-Tunnel0/0/0]ip ad 172.16.6.7 24
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g0/0/0
Apr 16 2024 20:06:18-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R7-Tunnel0/0/0]nhrp network-id 100
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register 
//隧道内ospf的启动
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 172.16.6.3 0.0.0.0

[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]net 172.16.6.5 0.0.0.0

[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]net 172.16.6.6 0.0.0.0

[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]net 172.16.6.7 0.0.0.0

修改接口类型取消选举

复制代码 
//R3
[R3-Tunnel0/0/0]ospf network-type broadcast
//R5
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr    
[R5-Tunnel0/0/0]ospf dr-priority 0
//R6
[R6-Tunnel0/0/0]ospf network-type broadcast      
[R6-Tunnel0/0/0]ospf dr-priority 0
//R7
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0

多进程重发布area4

复制代码 
//R9
[R9-ospf-2]import-route ospf 1
[R9-ospf-1]import-route ospf 2

R9的数据库表:

配置easy ip

复制代码 
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000

[R5]acl 2000
[R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R5-acl-basic-2000]int s4/0/0
[R5-Serial4/0/0]nat outbound 2000

[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s4/0/0
[R6-Serial4/0/0]nat outbound 2000

[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000

路由聚合

bash 复制代码 
//R3
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr	
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]ab	
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

R1聚合前

R1聚合后

设置特殊区域

复制代码 
area 1
[R1-ospf-1-area-0.0.0.1]stub no-summary

[R2-ospf-1-area-0.0.0.1]stub no-summary

[R3-ospf-1-area-0.0.0.1]stub no-summary


area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1-area-0.0.0.2]nssa no-summary

[R12-ospf-1-area-0.0.0.2]nss no-summary


area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R9-ospf-1-area-0.0.0.3]nssa no-summary

R1可以ping通R4

加快收敛

复制代码 
//R1
[R1-GigabitEthernet0/0/0]ospf timer hello 5
//R2
[R2-GigabitEthernet0/0/0]ospf timer hello 5
//R3
[R3-Tunnel0/0/0]ospf timer hello 5
//R5
[R5-Tunnel0/0/0]ospf timer hello 5
//R6
[R6-Tunnel0/0/0]ospf timer hello 5
//R7
[R7-GigabitEthernet0/0/1]ospf timer hello 5
[R7-Tunnel0/0/0]ospf timer hello 5
//R8
[R8-GigabitEthernet0/0/1]ospf timer hello 5
//R9
[R9-GigabitEthernet0/0/0]ospf timer hello 5
[R9-GigabitEthernet0/0/1]ospf timer hello 5
//R10
[R10-GigabitEthernet0/0/0]ospf timer hello 5
//R11
[R11-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/1]ospf timer hello 5
//R12:
[R12-GigabitEthernet0/0/0]ospf timer hello 5

查看R3的LSA的路由表

区域认证

复制代码 
//R1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R2
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R3
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
//R5
[R5-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher 123456
//R6
[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R7
[R7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R8
[R8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R9
[R9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[R9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R10
[R10-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R11
[R11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R12
[R12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
相关推荐
BD_Marathon38 分钟前
Ubuntu:Mysql服务器
服务器·mysql·ubuntu
0wioiw02 小时前
Ubuntu基础(监控重启和查找程序)
linux·服务器·ubuntu
Tipriest_2 小时前
Ubuntu常用的软件格式deb, rpm, dmg, AppImage等打包及使用方法
linux·运维·ubuntu
艾希逐月2 小时前
TCP数据的发送和接收
服务器·网络·tcp/ip
真智AI2 小时前
利用 Claude Opus 4 自动化 GitHub 工作流:从安装到实战详解
运维·自动化·github
胡斌附体3 小时前
linux测试端口是否可被外部访问
linux·运维·服务器·python·测试·端口测试·临时服务器
愚润求学3 小时前
【Linux】自旋锁和读写锁
linux·运维
大锦终3 小时前
【Linux】常用基本指令
linux·运维·服务器·centos
知北游天4 小时前
Linux:多线程---深入互斥&&浅谈同步
linux·运维·服务器
Gappsong8744 小时前
【Linux学习】Linux安装并配置Redis
java·linux·运维·网络安全
热门推荐
012024年 最新 iPhone手机 历代机型、屏幕尺寸、纵横比、分辨率 整理02Coze实战第13讲:飞书多维表格读取+豆包生图模型,轻松批量生成短剧封面03Coze扣子平台完整体验和实践(附国内和国际版对比)04MIUI显示/隐藏5G开关的方法,信号弱时开启手机Wifi通话方法05手机电脑之间快速传输图片视频文件,不压缩画质、不限制大小的方法!06扣子(coze)实战|我用扣子搭建了一个自动分析小红薯笔记内容的AI应用|详细步骤拆解07Word粘贴时出现“运行时错误53,文件未找到:MathPage.WLL“的解决方案08华为昇腾 910B 部署 DeepSeek-R1 蒸馏系列模型详细指南09DeepSeek各版本说明与优缺点分析10django中用 InforSuite RDS 替代memcache