OSPF综合实验实验报告
一、实验拓扑
二、实验要求
1.R5为ISP,其上只能配置IP地址;R4作为企业边界路由器,
出口公网地址需要通过PPP协议获取,并进行chap认证
2,整个OSPF环境IP基于172.16.0.0/16划分;
3,所有设备均可访问R5的环回;
4,减少LSA的更新量,加快收敛,保障更新安全;
5,全网可达
三、实验步骤
!NOTE
先配置IP地址和ospf使整个内网网络互通,之后进行优化配置。
在area4配置ospf时,应该使ospf进程号与其他不同,这里使用2。
因为后面要使用重发布来引入区域四和rip区域。
1.地址规划
规划思路:(详细过程这里不在赘述)
图中5个区域再加上rip区域,一共六个区域
首先基于要求所给网段172.16.0.0\16划分出6个网段
172.16.0.0 19
172.16.32.0 19
172.16.64.0 19
172.16.96.0 19
172.16.128.0 19
172.16.160.0 19
在根据每个区域的情况再划分,如:
-
可以先将划分出的网段多划分几个网络位为24的网段。因为当区域里有MA网络时,将网络为划分为24时较为合理,这样可用主机数为254.
-
区域里有点对点的网段时,只需要两个IP地址,只需将网络位已经划为24的网段再划分为30,目的是避免IP地址的浪费,在划分时将网络位划分为30,可用IP地址数为2。
以上划分思路还可以使路由汇总方便
| area0 | P2P | MA |
|---|---|---|
| 172.16.32.0\30 | ||
| 172.16.32.4\30 | ||
| 172.16.32.8\30 | ||
| area1 | 172.16.0.0 29 | 172.16.1.0\24 |
| 172.16.0.2\24 | ||
| 172.16.3.0\24 | ||
| area2 | 172.16.64.0\30 | 172.16.65.0\24 |
| 172.16.64.4\30 | ||
| rip | \\ | 172.16.96.0\24 |
| \\ | 172.16.97.0\24 | |
| area3 | 172.16.129.0\30 | 172.16.128.0\24 |
| 172.16.129.4\30 | ||
| area4 | 172.16.160.0\30 | 172.16.161.0\24 |
| 172.16.162.0\24 |
划分如图:
2、配置(内网)
(1)配置IP地址和ospf
为每个路由器在区域的相应接口配置IP地址
AR1:
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 172.16.0.1 29
[AR1]int LoopBack 0
[AR1-LoopBack0]ip ad 172.16.1.1 24
[AR1]ospf
[AR1-ospf-1-area-0.0.0.1]network 172.16.1.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.7AR2:
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 172.16.0.2 29
[AR2]int LoopBack 0
[AR2-LoopBack0]ip address 172.16.2.1 24
[AR2]ospf
[AR2-ospf-1-area-0.0.0.1]network 172.16.2.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.7AR3:
[AR3]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip ad
[AR3-GigabitEthernet0/0/1]ip address 172.16.32.1 30
[AR3]INT G0/0/0
[AR3-GigabitEthernet0/0/0]ip ad 172.16.0.3 29
[AR3]int LoopBack 0
[AR3-LoopBack0]ip address 172.16.3.1 24
[AR3]ospf
[AR3-ospf-1] a 1
[AR3-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.7
[AR3-ospf-1-area-0.0.0.1]network 172.16.3.0 0.0.0.25
[AR3-ospf-1]a 0
[AR3-ospf-1-area-0.0.0.0]net
[AR3-ospf-1-area-0.0.0.0]network 172.16.32.0 0.0.0.3AR4:
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip address 172.16.32.2 30
[AR4]int g0/0/2
[AR4-GigabitEthernet0/0/2]ip address 172.16.32.9 30
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 172.16.32.5 30
[AR4]ospf
[AR4-ospf-1]a 0
[AR4-ospf-1-area-0.0.0.0]network 172.16.32.0 0.0.0.3
[AR4-ospf-1-area-0.0.0.0]network 172.16.32.8 0.0.0.3
[AR4-ospf-1-area-0.0.0.0]network 172.16.32.4 0.0.0.3AR6;
[AR6]int g0/0/1
[AR6-GigabitEthernet0/0/1]ip address 172.16.32.10 30
[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip address 172.16.64.1 30
[AR6]ospf
[AR6-ospf-1]a 0
[AR6-ospf-1-area-0.0.0.0]network 172.16.32.8 0.0.0.3
[AR6-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.0.3AR7:
[AR7]int g0/0/0
[AR7-GigabitEthernet0/0/0]ip address 172.16.32.6 30
[AR7-GigabitEthernet0/0/0]int g0/0/1
[AR7-GigabitEthernet0/0/1]ip address 172.16.129.1 30
[AR7]ospf
[AR7-ospf-1]a 0
[AR7-ospf-1-area-0.0.0.0]network 172.16.32.4 0.0.0.3
[AR7-ospf-1]a 3
[AR7-ospf-1-area-0.0.0.3]net
[AR7-ospf-1-area-0.0.0.3]network 172.16.129.0 0.0.0.3AR8:
[AR8]int g0/0/0
[AR8-GigabitEthernet0/0/1]ip address 172.16.129.5 30
[AR8]int GigabitEthernet 0/0/1
[AR8-GigabitEthernet0/0/1]ip address 172.16.129.5 30
[AR8]int LoopBack 0
[AR8-LoopBack0]ip address 172.16.128.1 24
[AR8]ospf
[AR8-ospf-1]a 3
[AR8-ospf-1-area-0.0.0.3]network 172.16.129.0 0.0.0.3
[AR8-ospf-1-area-0.0.0.3]network 172.16.128.0 0.0.0.255
[AR8-ospf-1-area-0.0.0.3]network 172.16.129.4 0.0.0.3AR9:
[AR9]int g0/0/0
[AR9-GigabitEthernet0/0/0]ip address 172.16.129.6 30
[AR9]int g0/0/1
[AR9-GigabitEthernet0/0/1]ip ad 172.16.160.1 30
[AR9]int LoopBack 0
[AR9-LoopBack0]ip address 172.16.161.1 24
[AR9]ospf
[AR9-ospf-1]a 3
[AR9-ospf-1-area-0.0.0.3]network 172.16.129.4 0.0.0.3
[AR9-ospf-2]a 4
[AR9-ospf-2-area-0.0.0.4]network 172.16.161.0 0.0.0.255
[AR9-ospf-2-area-0.0.0.4]network 172.16.160.0 0.0.0.3AR10:
[AR10]int g0/0/0
[AR10-GigabitEthernet0/0/0]ip address 172.16.160.2 30
[AR10]int LoopBack 0
[AR10-LoopBack0]ip address 172.16.162.1 24
[AR10]ospf 2
[AR10-ospf-2]a 4
[AR10-ospf-2-area-0.0.0.4]network 172.16.160.0 0.0.0.3
[AR10-ospf-2-area-0.0.0.4]network 172.16.162.0 0.0.0.255.255AR11:
[AR11]INT G0/0/0
[AR11-GigabitEthernet0/0/0]ip address 172.16.64.2 30
[AR11]int g0/0/1
[AR11-GigabitEthernet0/0/1]ip ad 172.16.64.5 30
[AR11]int LoopBack 0
[AR11-LoopBack0]ip address 172.16.65.1 24
[AR11]ospf
[AR11-ospf-1]a 2
[AR11-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.0.3
[AR11-ospf-1-area-0.0.0.2]network 172.16.65.0 0.0.0.255
[AR11-ospf-1-area-0.0.0.2]network 172.16.64.4 0.0.0.3AR12:
[AR12]int g0/0/0
[AR12-GigabitEthernet0/0/0]ip address 172.16.64.6 30
[AR12]int LoopBack 0
[AR12-LoopBack0]ip address 172.16.96.1 24
[AR12]int LoopBack 1
[AR12-LoopBack1]ip address 172.16.97.1 24
[AR12]ospf
[AR12-ospf-1]a 2
[AR12-ospf-1-area-0.0.0.2]net
[AR12-ospf-1-area-0.0.0.2]network 172.16.64.4 0.0.0.3
[AR12-rip-1] v
[AR12-rip-1]version 2
[AR12-rip-1]network 172.16.0.0(2)配置重发布
在ASBR设备上配置,如AR9和AR12
⚠️要双向配置
在还未配置重发布使区域四和rip区域还不能访问其他区域
如区域四ping区域1的设备
rip区域ping区域1设备
AR9:
[AR9]ospf 1
[AR9-ospf-1]import-route ospf 2
[AR9]ospf 2
[AR9-ospf-2]import-route ospf 1重发布后发现能访问
AR12:
[AR12]ospf 1
[AR12-ospf-1]import-route rip 
3.配置边界路由器-isp网段
(1)配置ip,chap认证
假设外网网段为40.0.0.0,AR5环回模拟外网
首先为AR5接口配置ip,假设网段为192.168.1.0 24,下发给边界路由器的接口ip为192.168.1.100.1
AR5:
[Huawei]int LoopBack 0
[Huawei-LoopBack0]ip ad 45.0.0.1 24
[Huawei]int s 4/0/0
[Huawei-Serial4/0/0]ip ad 192.168.1.1 24
[Huawei-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[Huawei-Serial4/0/0]ppp authentication-mode chap
[Huawei-Serial4/0/0]remote address 192.168.1.100AR4:
[AR4-Serial4/0/1]ppp chap user huawei
[AR4-Serial4/0/1]ppp chap password cipher 123456
[AR4-Serial4/0/1]ip address ppp-negotiate 边界路由器接口已成功获取到isp下发的设备
(2)配置nat
[AR4]acl 2000
[AR4-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[AR4-Serial4/0/1]nat outbound 2000
//写静态缺省
[AR4]ip route-static 0.0.0.0 0 192.168.1.1
//下发缺省
[AR4-ospf-1]default-route-advertise能够ping通
4.优化
(1)路由汇总
域间路由在ABR设备上汇总,域外路由在ASBR设备上汇总
AR3:
[AR3]ospf
[AR3-ospf-1]a 1
[AR3-ospf-1-area-0.0.0.1]abr-summary 172.16.0.0 255.255.224.0AR6:
[AR6]ospf
[AR6-ospf-1]a 2
[AR6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0AR7:
[AR6]ospf
[AR6-ospf-1]a 2
[AR6-ospf-1-area-0.0.0.2]abr
[AR6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0AR12:
[AR12]ospf
[AR12-ospf-1]asb
[AR12-ospf-1]asbr-summary 172.16.96.0 255.255.224.0AR9:
[AR9]ospf
[AR9-ospf-1]as
[AR9-ospf-1]asbr-summary 172.16.160.0 255.255.224.0汇总之后路由条目变简洁
(2)配置特殊区域
area1配置为完全末梢区域,在ABR设备上配置,其余设备配置stub即可
[AR3]ospf
[AR3]ospf 1
[AR3-ospf-1-area-0.0.0.1]stub no-summary area2和area3配置为totally-nssa区域
在ABR设备上配置,nssa no-summary,其余设备配配置nssa
[AR6-ospf-1-area-0.0.0.2]nssa no-summary(3)加快收敛
改变hello,dead时间
如area1:
[AR1-GigabitEthernet0/0/0]ospf timer hello 2
[AR2-GigabitEthernet0/0/0]ospf timer hello 2
[AR3-GigabitEthernet0/0/0]ospf timer hello 2(4)更新安全
做认证
area1:
[AR1]ospf 1
[AR1-ospf-1]a 1
[AR1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[AR2]ospf 1
[AR2-ospf-1]a 1
[AR2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[AR3]ospf 1
[AR3-ospf-1]a 1
[AR3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[AR1-GigabitEthernet0/0/0]ospf timer hello 2
[AR2-GigabitEthernet0/0/0]ospf timer hello 2
[AR3-GigabitEthernet0/0/0]ospf timer hello 2(4)更新安全
做认证
area1:
[AR1]ospf 1
[AR1-ospf-1]a 1
[AR1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[AR2]ospf 1
[AR2-ospf-1]a 1
[AR2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[AR3]ospf 1
[AR3-ospf-1]a 1
[AR3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456