OSPF综合实验 - 技术栈

实验拓扑

实验要求

1、R4为ISP，其上只配置IP地址；R4与其他所直连设备间均使用公有IP；

2、R3-R5、R6、R7为MGRE环境，R3为中心站点；

3、整个OSPF环境IP基于172.16.0.0/16划分；除了R12有两个环回，其他路由器均有一个环回IP

4、所有设备均可访问R4的环回；

5、减少LSA的更新量，加快收敛，保障更新安全；

6、全网可达

实验思路

1.配置IP地址

2.缺省路由

3.配置OSPF，RIP，路由引入RIP

4.配置MGRE，R3为中心站点，ospf宣告隧道

5.修改接口类型，取消选举

6.多进程重发布area4

7.配置easyIP

8.路由聚合

9.设置特殊区域

10.加快收敛

11.区域验证

实验步骤

配置IP地址

//R1
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 24
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip address 172.16.34.1 24
//R2
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 24
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip address 172.16.35.2 24
//R3
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 24
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip address 172.16.36.3 24
[R3-LoopBack0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.3 24
//R4
[R4]int s 4/0/0
[R4-Serial4/0/0]ip address 34.0.0.4 24
[R4-Serial4/0/0]int s 3/0/1
[R4-Serial3/0/1]ip address 45.0.0.4 24
[R4-Serial3/0/1]int s 3/0/0
[R4-Serial3/0/0]ip address 46.0.0.4 24
[R4-Serial3/0/0]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip address 47.0.0.4 24
[R4-GigabitEthernet0/0/0]int l0
[R4-LoopBack0]ip address 172.16.2.1 24
//R5
[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 45.0.0.5 24
[R5-Serial4/0/0]int l0
[R5-LoopBack0]ip ad 172.16.3.5 24
//R6
[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 46.0.0.6 24
[R6-Serial4/0/0]int l0
[R6-LoopBack0]ip address 172.16.4.6 24
[R6-LoopBack0]int g 0/0/0
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 30
//R7
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 47.0.0.7 24
[R7-GigabitEthernet0/0/0]int l0
[R7-LoopBack0]ip address 172.16.5.7 24
[R7-LoopBack0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 30
//R8
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 30
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.5 30
[R8-GigabitEthernet0/0/1]int l0
[R8-LoopBack0]ip address 172.16.98.8 24
//R9
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.6 30
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 30
[R9-GigabitEthernet0/0/1]int l0
[R9-LoopBack0]ip address 172.16.130.9 24
//R10
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 30
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip address 172.16.131.10 24
//R11
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 30
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.5 30
[R11-GigabitEthernet0/0/1]int l0
[R11-LoopBack0]ip address 172.16.66.11 24
//R12
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.6 30
[R12-GigabitEthernet0/0/0]int l0
[R12-LoopBack0]ip address 172.16.160.12 24
[R12-LoopBack0]int l1
[R12-LoopBack1]ip address 172.16.161.12 24

配置缺省路由实现公网通

[R3]ip route-static 0.0.0.0 0 34.0.0.4

[R5]ip route-static 0.0.0.0 0 45.0.0.4

[R6]ip route-static 0.0.0.0 0 46.0.0.4

[R7]ip route-static 0.0.0.0 0 47.0.0.4

使用R3设备pingR5设备进行检验

配置OSPF协议

//进程1..area1
//R1设备
[R1]ospf 1 rou	
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]net 172.16.33.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]net 172.16.34.1 0.0.0.0
//R2设备
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net 172.16.35.1 0.0.0.0
[R2-ospf-1-area-0.0.0.1]net 172.16.33.2 0.0.0.0
//R3设备
[R3]ospf 1 rou	
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]net 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]net 172.16.33.3 0.0.0.0
//查看R3设备通过ospf协议获得的路由信息
[R3]display ip routing-table protocol ospf 
//R3设备上可以查看到R1与R2设备的网段信息
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    172.16.34.1/32  OSPF    10   1           D   172.16.33.1     GigabitEthernet
0/0/0
    172.16.35.1/32  OSPF    10   1           D   172.16.33.2     GigabitEthernet
0/0/0

//进程1...area2
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]net 172.16.65.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]net 172.16.4.1 0.0.0.0
//R11
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.5 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.66.1 0.0.0.0
//R12
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net 172.16.65.6 0.0.0.0

//进程1...area3
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]net 172.16.97.1 0.0.0.0
[R7-ospf-1-area-0.0.0.3]net 172.16.5.1 0.0.0.0
//R8
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]net 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.97.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.98.1 0.0.0.0
//R9
[R9]ospf 1 rou	
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]net 172.16.97.6 0.0.0.0
[R9-ospf-1-area-0.0.0.3]net 172.16.130.1 0.0.0.0

//区域4未与area0直接相连,所以不与前面设备处于同一进程
//进程2
//R9
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]net 172.16.129.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]net 172.16.130.1 0.0.0.0
//R10
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]area 4
[R10-ospf-2-area-0.0.0.4]net 172.16.129.2 0.0.0.0
[R10-ospf-2-area-0.0.0.4]net 172.16.131.1 0.0.0.0.0.0

//R12设备配置rip
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]undo summary 	
[R12-rip-1]network 172.16.0.0
[R12]ospf 1 router-id 12.12.12.12
//引入rip
[R12-ospf-1]import-route rip 1

在R6设备上检查引入成功

配置MGRE

bash 复制代码

//R3
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip ad 172.16.6.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:49:58-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 
//R5
[R5]int t0/0/0
[R5-Tunnel0/0/0]ip ad 172.16.6.5 24
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source Serial 4/0/0
Apr 16 2024 19:53:40-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 	
[R5-Tunnel0/0/0]nhrp network-id 100
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R6
[R6]int t0/0/0	
[R6-Tunnel0/0/0]ip ad 172.16.6.6 24
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R6-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:58:45-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R6-Tunnel0/0/0]nhrp network-id 100
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R7
[R7]int t0/0/0
[R7-Tunnel0/0/0]ip ad 172.16.6.7 24
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g0/0/0
Apr 16 2024 20:06:18-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R7-Tunnel0/0/0]nhrp network-id 100
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register 
//隧道内ospf的启动
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 172.16.6.3 0.0.0.0

[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]net 172.16.6.5 0.0.0.0

[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]net 172.16.6.6 0.0.0.0

[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]net 172.16.6.7 0.0.0.0

修改接口类型取消选举

//R3
[R3-Tunnel0/0/0]ospf network-type broadcast
//R5
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr    
[R5-Tunnel0/0/0]ospf dr-priority 0
//R6
[R6-Tunnel0/0/0]ospf network-type broadcast      
[R6-Tunnel0/0/0]ospf dr-priority 0
//R7
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0

多进程重发布area4

//R9
[R9-ospf-2]import-route ospf 1
[R9-ospf-1]import-route ospf 2

R9的数据库表:

配置easy ip

[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000

[R5]acl 2000
[R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R5-acl-basic-2000]int s4/0/0
[R5-Serial4/0/0]nat outbound 2000

[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s4/0/0
[R6-Serial4/0/0]nat outbound 2000

[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000

路由聚合

bash 复制代码

//R3
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr	
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]ab	
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

R1聚合前

R1聚合后

设置特殊区域

area 1
[R1-ospf-1-area-0.0.0.1]stub no-summary

[R2-ospf-1-area-0.0.0.1]stub no-summary

[R3-ospf-1-area-0.0.0.1]stub no-summary


area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1-area-0.0.0.2]nssa no-summary

[R12-ospf-1-area-0.0.0.2]nss no-summary


area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R9-ospf-1-area-0.0.0.3]nssa no-summary

R1可以ping通R4

加快收敛

//R1
[R1-GigabitEthernet0/0/0]ospf timer hello 5
//R2
[R2-GigabitEthernet0/0/0]ospf timer hello 5
//R3
[R3-Tunnel0/0/0]ospf timer hello 5
//R5
[R5-Tunnel0/0/0]ospf timer hello 5
//R6
[R6-Tunnel0/0/0]ospf timer hello 5
//R7
[R7-GigabitEthernet0/0/1]ospf timer hello 5
[R7-Tunnel0/0/0]ospf timer hello 5
//R8
[R8-GigabitEthernet0/0/1]ospf timer hello 5
//R9
[R9-GigabitEthernet0/0/0]ospf timer hello 5
[R9-GigabitEthernet0/0/1]ospf timer hello 5
//R10
[R10-GigabitEthernet0/0/0]ospf timer hello 5
//R11
[R11-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/1]ospf timer hello 5
//R12:
[R12-GigabitEthernet0/0/0]ospf timer hello 5

查看R3的LSA的路由表

区域认证

//R1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R2
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R3
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
//R5
[R5-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher 123456
//R6
[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R7
[R7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R8
[R8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R9
[R9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[R9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R10
[R10-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R11
[R11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R12
[R12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456