OSPF综合实验 - 技术栈

实验需求

根据上图可得，实验需求为：

1.R5作为ISP：其上只能配置IP地址；R4作为企业边界路由器，出口公网地址需要通过PPP协议获取，并进行CHAP认证。（PS：因PPP协议尚未学习，在此次实验中不使用）

2.每个OSPF邻居ID 基于IP地址172.16.0.0/16划分；

3.所有设备均可访问R5的环回；

4.减少LSA的数量，加快收敛，保障更新安全；

5.全网可达。

实验思路

1.首先确定网络拓扑结构，根据实验需求搭建网络拓扑图，确定每台路由器的接口以及互联关系。

2.子网划分与OSPF配置

基于IP地址划分OSPF邻居ID：

根据IP地址172.16.0.8/16划分OSPF区域，确保每个邻居ID唯一。

配置OSPF路由协议，并在每个路由器上配置相应的网络命令。

3.配置R5作为ISP

4.网络优化

减少LSA数量：

通过合理规划OSPF区域，使用区域划分来减少LSA的数量。

使用路由汇总来减少LSA的数量。

加快收敛：

配置OSPF的快速收敛特性，如调整Hello和Dead间隔。

确保网络中无环路，避免不必要的路由更新。

保障更新安全：

使用OSPF的认证功能，如明文认证或MD5认证，来保障路由更新安全。

5.配置NAT保证私网能正常访问公网

6.确保全网可达

测试连通性：

使用Ping命令测试网络中每个设备之间的连通性。

确认所有设备均能访问R5的环回接口。

具体划分如下所示：

172,16.64.0 19--area 2

/24

172.16.64.0 24

172.16.65.0 24

172.16.66.0 24

...

P2P---

172.16.64.0 24 -30

172.16.64.0 30

172.16.64.4 30

...

172.16.65.0 24

172.16.65.0 29

172.16.65.8 29

172.16.65.16 29

用户

172.16.66.0 /24

172.16.67.0 /24

配置如下：

AR3配置：

interface GigabitEthernet 0/0/1

ip address 172.16.0.1 30

interface GigabitEthernet 0/0/0

ip address 172.16.32.3 29

interface LoopBack0

ip address 172.16.35.1 24

ospf router-id 3.3.3.3

area 1

network 172.16.32.0 0.0.31.255

area 0

network 172.16.0.1 0.0.0.0

arp-ping

asbr-summary

area 1

stub

stub no-summary

interface GigabitEthernet 0/0/0

ospf timer hello 2

authentication-mode md5 1 cipher 123456

AR4配置：

interface GigabitEthernet 0/0/1

ip address 172.16.0.2 30

interface GigabitEthernet 0/0/2

ip address 172.16.0.5 30

interface GigabitEthernet 0/0/0

ip address 172.16.0.9 30

ospf router-id 4.4.4.4

area 0

network 172.16.0.0 0.0.31.255

interface Serial4/0/0

ppp chap user huawei

ppp chap password cipher 123456

ip address ppp-negotiate

undo shutdown

acl 2000

rule permit source 172.16.0.0 0.0.255.255

interface Serial4/0/0

nat outbound 2000

default-route-advertise always

ip route-static 0.0.0.0 0 45.0.0.2

interface GigabitEthernet 0/0/2

ospf network-type p2p

AR6配置：

interface GigabitEthernet 0/0/1

ip address 172.16.0.6 30

interface LoopBack0

ip address 172.16.2.1 24

interface GigabitEthernet 0/0/0

ip address 172.16.64.1 30

ospf router-id 6.6.6.6

area 0

network 172.16.0.0 0.0.31.255

area 2

network 172.16.64.0 0.0.31.255

abr-summary 172.16.64.0 255.255.224.0

nssa no-import-route

nssa no-summary

interface GigabitEthernet 0/0/1

ospf network-type p2p

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR7配置：

interface GigabitEthernet 0/0/0

ip address 172.16.0.10 30

interface LoopBack0

ip address 172.16.3.1 24

interface GigabitEthernet 0/0/1

ip address 172.16.96.1 30

ospf router-id 7.7.7.7

area 0

network 172.16.0.0 0.0.31.255

area 3

network 172.16.96.0 0.0.31.255

abr-summary 172.16.96.0 255.255.224.0

nssa no-import-route

nssa no-summary

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR1配置：

interface GigabitEthernet 0/0/0

ip address 172.16.32.1 29

interface LoopBack0

ip address 172.16.33.1 24

ospf 1 router-id 1.1.1.1

area 1

network 172.16.0.0 0.0.255.255

interface GigabitEthernet 0/0/0

ospf timer hello 2

authentication-mode md5 1 cipher 123456

AR2配置：

interface GigabitEthernet 0/0/0

ip address 172.16.32.2 29

interface LoopBack0

ip address 172.16.34.1 24

ospf router-id 2.2.2.2

area 1

network 172.16.32.0 0.0.31.255

interface GigabitEthernet 0/0/0

ospf timer hello 2

authentication-mode md5 1 cipher 123456

AR11配置：

interface GigabitEthernet 0/0/0

ip address 172.16.64.2 30

interface GigabitEthernet 0/0/1

ip address 172.16.64.5 30

interface LoopBack0

ip address 172.16.65.1 24

ospf router-id 11.0.0.1

area 2

network 172.16.64.0 0.0.31.255

nssa

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR12配置：

interface GigabitEthernet 0/0/0

ip address 172.16.64.6 30

interface LoopBack0

ip address 172.16.160.1 24

interface LoopBack1

ip address 172.16.161.1 24

ospf router-id 12.0.0.1

area 2

network 172.16.64.0 0.0.31.255

import-route rip

version 2

network 172.16.0.0

asbr-summary 172.16.160.0 255.255.224.0

nssa

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR8配置：

interface GigabitEthernet 0/0/0

ip address 172.16.96.2 30

interface GigabitEthernet 0/0/1

ip address 172.16.96.5 30

interface LoopBack0

ip address 172.16.97.1 24

ospf router-id 8.8.8.8

area 3

network 172.16.96.0 0.0.31.255

nssa

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR9配置：

interface GigabitEthernet 0/0/0

ip address 172.16.96.6 30

interface GigabitEthernet 0/0/1

ip address 172.16.128.1 30

interface LoopBack0

ip address 172.16.129.1 24

ospf router-id 9.9.9.9

area 3

network 172.16.96.0 0.0.31.255

area 4

network 172.16.128.0 0.0.31.255

import-route ospf 2

asbr-summary 172.16.128.0 255.255.224.0

nssa

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR10配置：

interface GigabitEthernet 0/0/0

ip address 172.16.128.2 30

interface LoopBack0

ip address 172.16.130.1 24

ospf router-id 10.0.0.1

area 4

network 172.16.128.0 0.0.31.255

interface GigabitEthernet 0/0/0

ospf timer hello 2

AR5配置：

interface Serial4/0/0

ip address 45.0.0.2 24

local-user huawei password cipher 123456

local-user huawei service-type ppp

interface Serial4/0/0

ppp authentication-mode chap

remote address 54.0.0.1