OSPF综合实验

江水三千里2024-04-18 21:43

实验拓扑

实验要求

1、R4为ISP,其上只配置IP地址;R4与其他所直连设备间均使用公有IP;

2、R3-R5、R6、R7为MGRE环境,R3为中心站点;

3、整个OSPF环境IP基于172.16.0.0/16划分;除了R12有两个环回,其他路由器均有一个环回IP

4、所有设备均可访问R4的环回;

5、减少LSA的更新量,加快收敛,保障更新安全;

6、全网可达

实验思路

1.配置IP地址

2.缺省路由

3.配置OSPF,RIP,路由引入RIP

4.配置MGRE,R3为中心站点,ospf宣告隧道

5.修改接口类型,取消选举

6.多进程重发布area4

7.配置easyIP

8.路由聚合

9.设置特殊区域

10.加快收敛

11.区域验证

实验步骤

配置IP地址

复制代码 
//R1
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 24
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip address 172.16.34.1 24
//R2
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 24
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip address 172.16.35.2 24
//R3
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 24
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip address 172.16.36.3 24
[R3-LoopBack0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.3 24
//R4
[R4]int s 4/0/0
[R4-Serial4/0/0]ip address 34.0.0.4 24
[R4-Serial4/0/0]int s 3/0/1
[R4-Serial3/0/1]ip address 45.0.0.4 24
[R4-Serial3/0/1]int s 3/0/0
[R4-Serial3/0/0]ip address 46.0.0.4 24
[R4-Serial3/0/0]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip address 47.0.0.4 24
[R4-GigabitEthernet0/0/0]int l0
[R4-LoopBack0]ip address 172.16.2.1 24
//R5
[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 45.0.0.5 24
[R5-Serial4/0/0]int l0
[R5-LoopBack0]ip ad 172.16.3.5 24
//R6
[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 46.0.0.6 24
[R6-Serial4/0/0]int l0
[R6-LoopBack0]ip address 172.16.4.6 24
[R6-LoopBack0]int g 0/0/0
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 30
//R7
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 47.0.0.7 24
[R7-GigabitEthernet0/0/0]int l0
[R7-LoopBack0]ip address 172.16.5.7 24
[R7-LoopBack0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 30
//R8
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 30
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.5 30
[R8-GigabitEthernet0/0/1]int l0
[R8-LoopBack0]ip address 172.16.98.8 24
//R9
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.6 30
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 30
[R9-GigabitEthernet0/0/1]int l0
[R9-LoopBack0]ip address 172.16.130.9 24
//R10
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 30
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip address 172.16.131.10 24
//R11
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 30
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.5 30
[R11-GigabitEthernet0/0/1]int l0
[R11-LoopBack0]ip address 172.16.66.11 24
//R12
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.6 30
[R12-GigabitEthernet0/0/0]int l0
[R12-LoopBack0]ip address 172.16.160.12 24
[R12-LoopBack0]int l1
[R12-LoopBack1]ip address 172.16.161.12 24

配置缺省路由实现公网通

复制代码 
[R3]ip route-static 0.0.0.0 0 34.0.0.4

[R5]ip route-static 0.0.0.0 0 45.0.0.4

[R6]ip route-static 0.0.0.0 0 46.0.0.4

[R7]ip route-static 0.0.0.0 0 47.0.0.4

使用R3设备pingR5设备进行检验

配置OSPF协议

复制代码 
//进程1..area1
//R1设备
[R1]ospf 1 rou	
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]net 172.16.33.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]net 172.16.34.1 0.0.0.0
//R2设备
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net 172.16.35.1 0.0.0.0
[R2-ospf-1-area-0.0.0.1]net 172.16.33.2 0.0.0.0
//R3设备
[R3]ospf 1 rou	
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]net 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]net 172.16.33.3 0.0.0.0
//查看R3设备通过ospf协议获得的路由信息
[R3]display ip routing-table protocol ospf 
//R3设备上可以查看到R1与R2设备的网段信息
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    172.16.34.1/32  OSPF    10   1           D   172.16.33.1     GigabitEthernet
0/0/0
    172.16.35.1/32  OSPF    10   1           D   172.16.33.2     GigabitEthernet
0/0/0

//进程1...area2
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]net 172.16.65.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]net 172.16.4.1 0.0.0.0
//R11
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.65.5 0.0.0.0
[R11-ospf-1-area-0.0.0.2]net 172.16.66.1 0.0.0.0
//R12
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net 172.16.65.6 0.0.0.0

//进程1...area3
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]net 172.16.97.1 0.0.0.0
[R7-ospf-1-area-0.0.0.3]net 172.16.5.1 0.0.0.0
//R8
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]net 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.97.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]net 172.16.98.1 0.0.0.0
//R9
[R9]ospf 1 rou	
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]net 172.16.97.6 0.0.0.0
[R9-ospf-1-area-0.0.0.3]net 172.16.130.1 0.0.0.0

//区域4未与area0直接相连,所以不与前面设备处于同一进程
//进程2
//R9
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]net 172.16.129.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]net 172.16.130.1 0.0.0.0
//R10
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]area 4
[R10-ospf-2-area-0.0.0.4]net 172.16.129.2 0.0.0.0
[R10-ospf-2-area-0.0.0.4]net 172.16.131.1 0.0.0.0.0.0

//R12设备配置rip
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]undo summary 	
[R12-rip-1]network 172.16.0.0
[R12]ospf 1 router-id 12.12.12.12
//引入rip
[R12-ospf-1]import-route rip 1

在R6设备上检查引入成功

配置MGRE

bash 复制代码 
//R3
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip ad 172.16.6.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:49:58-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 
//R5
[R5]int t0/0/0
[R5-Tunnel0/0/0]ip ad 172.16.6.5 24
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source Serial 4/0/0
Apr 16 2024 19:53:40-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 	
[R5-Tunnel0/0/0]nhrp network-id 100
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R6
[R6]int t0/0/0	
[R6-Tunnel0/0/0]ip ad 172.16.6.6 24
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R6-Tunnel0/0/0]source s4/0/0
Apr 16 2024 19:58:45-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R6-Tunnel0/0/0]nhrp network-id 100
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
//R7
[R7]int t0/0/0
[R7-Tunnel0/0/0]ip ad 172.16.6.7 24
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g0/0/0
Apr 16 2024 20:06:18-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R7-Tunnel0/0/0]nhrp network-id 100
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register 
//隧道内ospf的启动
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 172.16.6.3 0.0.0.0

[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]net 172.16.6.5 0.0.0.0

[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]net 172.16.6.6 0.0.0.0

[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]net 172.16.6.7 0.0.0.0

修改接口类型取消选举

复制代码 
//R3
[R3-Tunnel0/0/0]ospf network-type broadcast
//R5
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr    
[R5-Tunnel0/0/0]ospf dr-priority 0
//R6
[R6-Tunnel0/0/0]ospf network-type broadcast      
[R6-Tunnel0/0/0]ospf dr-priority 0
//R7
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0

多进程重发布area4

复制代码 
//R9
[R9-ospf-2]import-route ospf 1
[R9-ospf-1]import-route ospf 2

R9的数据库表:

配置easy ip

复制代码 
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000

[R5]acl 2000
[R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R5-acl-basic-2000]int s4/0/0
[R5-Serial4/0/0]nat outbound 2000

[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s4/0/0
[R6-Serial4/0/0]nat outbound 2000

[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000

路由聚合

bash 复制代码 
//R3
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
//R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr	
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
//R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]ab	
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

R1聚合前

R1聚合后

设置特殊区域

复制代码 
area 1
[R1-ospf-1-area-0.0.0.1]stub no-summary

[R2-ospf-1-area-0.0.0.1]stub no-summary

[R3-ospf-1-area-0.0.0.1]stub no-summary


area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1-area-0.0.0.2]nssa no-summary

[R12-ospf-1-area-0.0.0.2]nss no-summary


area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R9-ospf-1-area-0.0.0.3]nssa no-summary

R1可以ping通R4

加快收敛

复制代码 
//R1
[R1-GigabitEthernet0/0/0]ospf timer hello 5
//R2
[R2-GigabitEthernet0/0/0]ospf timer hello 5
//R3
[R3-Tunnel0/0/0]ospf timer hello 5
//R5
[R5-Tunnel0/0/0]ospf timer hello 5
//R6
[R6-Tunnel0/0/0]ospf timer hello 5
//R7
[R7-GigabitEthernet0/0/1]ospf timer hello 5
[R7-Tunnel0/0/0]ospf timer hello 5
//R8
[R8-GigabitEthernet0/0/1]ospf timer hello 5
//R9
[R9-GigabitEthernet0/0/0]ospf timer hello 5
[R9-GigabitEthernet0/0/1]ospf timer hello 5
//R10
[R10-GigabitEthernet0/0/0]ospf timer hello 5
//R11
[R11-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/1]ospf timer hello 5
//R12:
[R12-GigabitEthernet0/0/0]ospf timer hello 5

查看R3的LSA的路由表

区域认证

复制代码 
//R1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R2
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
//R3
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
//R5
[R5-ospf-1-area-0.0.0.0] authentication-mode md5 1 cipher 123456
//R6
[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R7
[R7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R8
[R8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
//R9
[R9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[R9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R10
[R10-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
//R11
[R11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
//R12
[R12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
相关推荐
大树881 天前
金刚石散热越强,管路越先见顶
大数据·运维·服务器·人工智能·ai
摇滚侠1 天前
Linux CentOS7 rpm 安装 MySQL 5.7
linux·运维·mysql
霸道流氓气质1 天前
领域驱动设计(DDD)在 Spring Boot 微服务中的实践指南
运维·spring boot·微服务
小宇宙Zz1 天前
Maven依赖冲突
java·服务器·maven
Inhand陈工1 天前
基于台达PLC与映翰通IG502的智慧水产养殖精准投喂与远程运维解决方案
运维·人工智能·物联网·阿里云·信息与通信
酣大智1 天前
ARP代理--工作原理
运维·网络·arp·arp代理
shushangyun_1 天前
2026年快消品B2B系统推荐:支持终端门店订货、促销政策自动化的工具?
java·运维·网络·数据库·人工智能·spring·自动化
古城小栈1 天前
Unix 与 Linux 异同小叙
linux·服务器·unix
施努卡机器视觉1 天前
SNK施努卡侧滑门锁上滑轮总成自动化装配线,从零件到组件,全流程精密制造方案
运维·自动化·制造
程序猿阿伟1 天前
《Chrome离线扩展安装的底层逻辑与场景落地指南》
服务器·网络·chrome
热门推荐
012026年6月AI行业全景:从百模大战到Agent元年,这30天发生了什么?022026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf03【AI】2026 年具身智能模型和世界模型总结04GitHub 镜像站点052026 AI 编程工具终极实战指南:Cursor vs Claude Code vs Copilot,开发者该怎么选?062026年6月AI大模型全景报告:GPT-5.6、Claude Opus 4.8、Gemini 3.5,中美AI三足鼎立谁主沉浮?07Codex 下载安装指南:Windows 和 macOS 官方版下载08AI科技热点日报 | 2026年6月1日09上线仅72小时被强制下架:Claude Fable 5 的短命10HTTP 与 HTTPS 的区别:从原理到实战详解