OSPF及路由引入实验
1、按规划配置OSPF 及宣告接口到相应区域里 AR1 router-id 1.1.1.1 AR2 router-id 2.2.2.2 AR3 router-id 3.3.3.3 AR4 router-id 4.4.4.4 2、控制DR 选举,让AR3成为DR,AR2成为BDR,AR1不参加选举;对区域1的172.16的路由进行精确汇总 3、修改COST 让区域3优选s0/0/0链路,备用s0/0/1链路 4、区域0实现基于区域的MD5认证,密码为hcda001,区域3实现基于接口的明文认证密码为huawei 5、AR4和AR5配置RIP 互通(模拟的外网不宣告),在AR5手工写静态缺省路由并引入RIP。 6、AR4上进行RIP 和OSPF 的双向路由引入,并为OSPF 通告默认路由,实现全网全通。
一、实验配置参考:
AR1配置
interface GigabitEthernet0/0/0 ip address 123.1.1.1 255.255.255.0 ospf dr-priority 0 //优先级是0 不能参与DR 选举,默认是1 interface LoopBack0 ip address 192.168.1.1 255.255.255.0 ospf network-type broadcast //回环接口修改接口类型,为了让其它路由器计算出/24 位掩码的路由,不改是/32 掩码的 路由 # interface LoopBack1 ip address 172.16.0.1 255.255.255.0 # interface LoopBack2 ip address 172.16.1.1 255.255.255.0 # interface LoopBack3 ip address 172.16.2.1 255.255.255.0 # interface LoopBack4 ip address 172.16.3.1 255.255.255.0 # ospf 1 router-id 1.1.1.1 //指定router-id 并进入OSPF 进程1 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 //基于区域进行MD5 认证 network 123.1.1.0 0.0.0.255 area 0.0.0.1 abr-summary 172.16.0.0 255.255.252.0 //在ABR 上对路由进行手工汇总 network 192.168.1.0 0.0.0.255 network 172.16.0.0 0.0.3.255 # return
AR2的配置
interface Ethernet0/0/0 ip address 123.1.1.2 255.255.255.0 ospf dr-priority 5 //修改DR 选举的优先级,这里是次优的,故R2 是BDR # interface LoopBack0 ip address 192.168.2.1 255.255.255.0 ospf network-type broadcast # ospf 1 router-id 2.2.2.2 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 network 123.1.1.0 0.0.0.255 area 0.0.0.2 network 192.168.2.0 0.0.0.255 # AR3的
AR3的配置
# interface Ethernet0/0/0 ip address 123.1.1.3 255.255.255.0 ospf dr-priority 10 //修改DR 选举的优先级,这里是最优的,故R3 是DR # interface Serial0/0/0 link-protocol ppp ip address 34.1.1.1 255.255.255.252 ospf authentication-mode simple plain huawei //配置基于接口的认证 ospf cost 800 //在接口下手工修改开销,主用路径 # interface Serial0/0/1 link-protocol ppp ip address 34.1.1.5 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 1000 //在接口下手工修改开销,备用路径 # interface LoopBack0 ip address 192.168.3.1 255.255.255.0 ospf network-type broadcast # ospf 1 router-id 3.3.3.3 area 0.0.0.0 authentication-mode md5 1 cipher hcda001 network 123.1.1.0 0.0.0.255 area 0.0.0.3 network 192.168.3.0 0.0.0.255 network 34.1.1.0 0.0.0.7 # return
AR4的配置
# interface Ethernet0/0/0 ip address 45.1.1.1 255.255.255.0 # interface Serial0/0/0 link-protocol ppp ip address 34.1.1.2 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 800 # interface Serial0/0/1 link-protocol ppp ip address 34.1.1.6 255.255.255.252 ospf authentication-mode simple plain huawei ospf cost 1000 # interface LoopBack0 ip address 192.168.4.1 255.255.255.0 # ospf 1 router-id 4.4.4.4 default-route-advertise //在ASBR 上为其它OSPF 路由器通知默认路由,不改R1 上没有0.0.0.0/0 的OSE 默认路 由 import-route rip 1 cost 2000 //引入RIP 路由域的路由进入OSPF 路由域(19.168.5.0、24 的路由) area 0.0.0.3 network 34.1.1.0 0.0.0.7 # rip 1 //RIP 的配置 undo summary version 2 network 192.168.4.0 network 45.0.0.0 import-route ospf 1 cost 5 //引入OSPF 的路由进入RIP 路由域 # return
AR5的配置
# interface Ethernet0/0/0 ip address 45.1.1.2 255.255.255.0 # interface LoopBack0 ip address 192.168.5.1 255.255.255.0 # interface LoopBack100 ip address 100.100.100.100 255.255.255.0 # interface LoopBack200 ip address 200.200.200.200 255.255.255.0 # rip 1 undo summary default-route originate cost 1 //RIP 通告默认路由 version 2 network 45.0.0.0 network 192.168.5.0 # ip route-static 0.0.0.0 0.0.0.0 LoopBack100 //模拟的去公网的路由 #
二、检查配置
1、在AR1上可以验证DR 选举
<R1>dis ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 123.1.1.1(GigabitEthernet0/0/0)'s neighbors Router ID: 2.2.2.2 Address: 123.1.1.2 State: Full Mode:Nbr is Master Priority: 5 DR: 123.1.1.3 BDR: 123.1.1.2 MTU: 0 Dead timer due in 32 sec Retrans timer interval: 4 Neighbor is up for 01:03:15 Authentication Sequence: [ 3662] Router ID: 3.3.3.3 Address: 123.1.1.3 State: Full Mode:Nbr is Master Priority: 10 DR: 123.1.1.3 BDR: 123.1.1.2 MTU: 0 Dead timer due in 27 sec Retrans timer interval: 0 Neighbor is up for 01:03:16 Authentication Sequence: [ 3671] <R1>
2、在路由器上验证区域认证
<R1>dis ospf brief OSPF Process 1 with Router ID 1.1.1.1 OSPF Protocol Information RouterID: 1.1.1.1 Border Router: AREA Multi-VPN-Instance is not enabled Global DS-TE Mode: Non-Standard IETF Mode Graceful-restart capability: disabled Helper support capability : not configured Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 12 RFC 1583 Compatible Retransmission limitation is disabled Area Count: 2 Nssa Area Count: 0 ExChange/Loading Neighbors: 0 Process total up interface count: 6 Process valid up interface count: 1 Area: 0.0.0.0 (MPLS TE not enabled) Authtype: MD5 Area flag: Normal SPF scheduled Count: 12 ExChange/Loading Neighbors: 0 Router ID conflict state: Normal
3、在AR1上检查OSPF 路由表
<R1> dis ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 8 Routes : 8 OSPF routing table status : <Active> Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 123.1.1.3 GigabitEthernet 0/0/0 34.1.1.0/30 OSPF 10 801 D 123.1.1.3 GigabitEthernet 0/0/0 34.1.1.4/30 OSPF 10 1801 D 123.1.1.3 GigabitEthernet 0/0/0 45.1.1.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.2.0/24 OSPF 10 1 D 123.1.1.2 GigabitEthernet 0/0/0 192.168.3.0/24 OSPF 10 1 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.4.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 192.168.5.0/24 O_ASE 150 2000 D 123.1.1.3 GigabitEthernet 0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
4、在AR4(ASBR)上检查全局路由表
<R4>dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 25 Routes : 25 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 RIP 100 2 D 45.1.1.2 GigabitEthernet 0/0/0 34.1.1.0/30 Direct 0 0 D 34.1.1.2 Serial1/0/0 34.1.1.1/32 Direct 0 0 D 34.1.1.1 Serial1/0/0 34.1.1.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0 34.1.1.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0 34.1.1.4/30 Direct 0 0 D 34.1.1.6 Serial1/0/1 34.1.1.5/32 Direct 0 0 D 34.1.1.5 Serial1/0/1 34.1.1.6/32 Direct 0 0 D 127.0.0.1 Serial1/0/1 34.1.1.7/32 Direct 0 0 D 127.0.0.1 Serial1/0/1 45.1.1.0/24 Direct 0 0 D 45.1.1.1 GigabitEthernet 0/0/0 45.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 45.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 123.1.1.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.0.0/22 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.1.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.2.0/24 OSPF 10 801 D 34.1.1.1 Serial1/0/0 192.168.3.0/24 OSPF 10 800 D 34.1.1.1 Serial1/0/0 192.168.4.0/24 Direct 0 0 D 192.168.4.1 LoopBack0 192.168.4.1/32 Direct 0 0 D 127.0.0.1 LoopBack0 192.168.4.255/32 Direct 0 0 D 127.0.0.1 LoopBack0 192.168.5.0/24 RIP 100 1 D 45.1.1.2 GigabitEthernet 0/0/0
5、验证全网联通性
<R1>ping 192.168.3.1 PING 192.168.3.1: 56 data bytes, press CTRL_C to break Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=60 ms Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=50 ms Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 192.168.3.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=50 ms --- 192.168.3.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/50/60 ms <R1>ping 100.100.100.100 PING 100.100.100.100: 56 data bytes, press CTRL_C to break Reply from 100.100.100.100: bytes=56 Sequence=1 ttl=253 time=100 ms Reply from 100.100.100.100: bytes=56 Sequence=2 ttl=253 time=70 ms Reply from 100.100.100.100: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 100.100.100.100: bytes=56 Sequence=4 ttl=253 time=70 ms Reply from 100.100.100.100: bytes=56 Sequence=5 ttl=253 time=40 ms --- 100.100.100.100 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/66/100 ms <R1>
<R4>ping 172.16.1.1 PING 172.16.1.1: 56 data bytes, press CTRL_C to break Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=254 time=70 ms Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=254 time=60 ms Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=254 time=60 ms Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=254 time=50 ms Reply from 172.16.1.1: bytes=56 Sequence=5 ttl=254 time=50 ms --- 172.16.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/58/70 ms <R4>ping 200.200.200.200 PING 200.200.200.200: 56 data bytes, press CTRL_C to break Reply from 200.200.200.200: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 200.200.200.200: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 200.200.200.200: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 200.200.200.200: bytes=56 Sequence=4 ttl=255 time=10 ms Reply from 200.200.200.200: bytes=56 Sequence=5 ttl=255 time=20 ms --- 200.200.200.200 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/20/30 ms <R4>
