OSPF综合实验 - 技术栈

图示及要求

1，R5为ISP，其上只能配置IP地址；R4作为企业边界路由器，

出口公网地址需要通过PPP协议获取，并进行chap认证

2，整个OSPF环境IP基于172.16.0.0/16划分；

3，所有设备均可访问R5的环回；

4，减少LSA的更新量，加快收敛，保障更新安全；

5，全网可达

地址划分

172.16.000 00000.0 19

172.16.001 00000.0 19

172.16.010 00000.0 19

172.16.011 00000.0 19

172.16.100 00000.0 19

172.16.101 00000.0 19

area0

172.16.0.0 19

p2p

172.16.0.0 30

172.16.0.4 30

172.16.0.8 30

area1

172.16.32.0 19

172.16.32.00000 000 29

172.16.32.00001 000 29

172.16.32.16 29

172.16.32.24 29

用户

172.16.32.0 24

172.16.33.0 24

172.16.34.0 24

area2

172.16.64.0 19

p2p

172.16.64.0 30

172.16.64.4 30

用户

172.16.64.0 24

172.16.65.0 24

172.16.66.0 24

area3

172.16.96.0 19

p2p

172.16.96.0 30

172.16.96.4 30

172.16.96.8 30

用户

172.16.96.0 24

172.16.97.0 24

172.16.98.0 24

area4

172.16.128.0 19

p2p

172.16.128.0 30

172.16.128.4 30

用户

172.16.128.0 24

172.16.129.0 24

rip

用户

172.16.160.0 24

172.16.161.0 24

OSPF和Rip宣告

ospf宣告

AR1\]ospf 1 router-id 1.1.1.1 \[AR1-ospf-1-area-0.0.0.1\]network 172.16.0.0 0.0.255.255 ![](https://i-blog.csdnimg.cn/direct/cc567c8043d64806a3600ebb6a735722.png) AR2 ![](https://i-blog.csdnimg.cn/direct/1755931538ca434d8903682f2f8d0075.png) AR3 ![](https://i-blog.csdnimg.cn/direct/97c432d208054b58894312c5e7b550f6.png) ![](https://i-blog.csdnimg.cn/direct/d3778856177e4aa6bf0495de847feeaf.png) AR4 ![](https://i-blog.csdnimg.cn/direct/28122250d5d94d67857af381285db222.png) AR6 ![](https://i-blog.csdnimg.cn/direct/7bc454ec06444845b18280a37b95a369.png) ![](https://i-blog.csdnimg.cn/direct/cae3c014695445e08923f20a48ef52c0.png) AR7 ![](https://i-blog.csdnimg.cn/direct/b02e2423b37a4ef49e3ad8be9ff2fe41.png) ![](https://i-blog.csdnimg.cn/direct/8e72266d4bcc4a9b97d44e60a2c2d95f.png) AR8 ![](https://i-blog.csdnimg.cn/direct/965482531d524c19a2de8d0884787710.png) AR9 ![](https://i-blog.csdnimg.cn/direct/12958996a59a4f70bd69034e5d45399c.png) ![](https://i-blog.csdnimg.cn/direct/3b8d04acb83d4e29badb48fa3a733231.png) AR10 ![](https://i-blog.csdnimg.cn/direct/509db967dee046e0be2e33ddc5a4fcd7.png) AR11 ![](https://i-blog.csdnimg.cn/direct/d6aee9a0568c4f358caed7e414a43b63.png) AR12 ![](https://i-blog.csdnimg.cn/direct/c11aa1e8e37a416fbb56c20eebfe47fc.png) rip宣告 AR12![](https://i-blog.csdnimg.cn/direct/64acb208bb3f46eb91e9762f236a7633.png) ## 全网通，访问公网且公网地址由ppp协议获取 **asbr设备宣告** **AR9和AR12** \[AR9-ospf-2\]default-route-advertise 写一条缺省到AR9，让AR10访问ospf1 中的路由时让AR9发送，这样就不用下发ospf1的路由到ospf2 \[AR9-ospf-1\]import-route ospf 2 ospf1中植入ospf2的路由 \[AR12-ospf-1\]import-route rip ospf1中植入rip的路由 **ISP设备（认证方）** \[ISP-Serial4/0/0\]ip address 45.0.0.2 24 \[ISP-LoopBack0\]ip address 5.5.5.5 24 用aaa认证执行ppp \[ISP-aaa\]local-user huawei password cipher 123456 创建账户密码 \[ISP-aaa\]local-user huawei service-type ppp 账户的用途为ppp \[ISP-Serial4/0/0\]ppp authentication-mode chap 进入接口下发ppp且认证方式改为为chap \[ISP-Serial4/0/0\]remote address 54.0.0.2 给接口下发IP54.0.0.2 **AR4（边界路由器，被认证方）** \[AR4-Serial4/0/1\]ppp chap user huawei 输入账号 \[AR4-Serial4/0/1\]ppp chap password cipher 123456 输入密码 \[AR4-Serial4/0/1\]ip address ppp-negotiate 接受ppp下发的ip ![](https://i-blog.csdnimg.cn/direct/81e1df02ad7e468d974bb40555417b7f.png) **配置NAT（让私网访问公网），必须写静态和下发缺省** \[AR4\]acl 2000 \[AR4-acl-basic-2000\]rule permit source 172.16.0.0 0.0.255.255 \[AR4-Serial4/0/1\]nat outbound 2000 \[AR4-ospf-1\]default-route-advertise **\[AR4\]ip route-static 0.0.0.0 0 45.0.0.2 写静态到公网接口** **\[AR4-ospf-1\]default-route-advertise always 下发缺省** ![](https://i-blog.csdnimg.cn/direct/8033f8ac7b964233a21f43268f4a206f.png) ## 加快收敛，把hallo时间改为2s **\[AR6-GigabitEthernet0/0/0\]ospf timer hello 2** **\[AR11-GigabitEthernet0/0/0\]ospf timer hello 2** ## **保证安全，给接口加认证** **\[AR6-GigabitEthernet0/0/0\]ospf authentication-mode md5 1 cipher 123** **\[AR11-GigabitEthernet0/0/0\]ospf authentication-mode md5 1 cipher 123**