OSPF大实验

文章目录

配置下面的网络
要求如下
划分IP
配置area0区域的IP
配置area1区域的IP
配置area2区域的IP
配置area3区域的IP
配置area4区域的IP
配置RIP区域的IP
AR3、AR5、AR6、AR7配置缺省
MGRE环境
启动OSPF
减少更新量
配置NAT
加快收敛
手工认证
测试

配置下面的网络

实线表示的是路由器上环回地址所在的区域

要求如下

R4为ISP，其上只能配置IP地址；R4与其他所有直连设备间均使用公有IP
R3-R5/6/7为MGRE环境，R3为中心站点
整个OSPF环境IP基于172.16.0.0/16划分
所有设备均可访向R4的环回
减少LSA的更新量，加快收敏,保障更新安全
全网可达

划分IP

总共六个区域，把/16的网段分出六块区域

172.16.0.0/16	总网段
	
	借三位主机位给网络位
	
	172.16.000 00000.0		172.16.0.0/19		AR0
								172.16.000 00000.0	172.16.0.0/24		MA网络
									172.16.000 00000.00000 000		172.16.0.0/29
																	172.16.0.8/29
																	172.16.0.16/29
																	172.16.0.24/29
									......
								......
											
	172.16.001 00000.0		172.16.32.0/19		AR1
								172.16..001 00000.0	172.16.32.0/24		MA网络
									172.16.001 00000.00000 000		172.16.32.0/29
																	172.16.32.8/29
																	172.16.32.16/29
																	172.16.32.24/29
									......
								......


	172.16.010 00000.0		172.16.64.0/19		AR2
								172.16.010 00000.0	172.16.64.0/24		MA网络
									172.16.010 00000.00000 000		172.16.64.0/29
									172.16.010 00000.00001 000		172.16.64.8/29
																	172.16.64.16/29
									......
								......

	172.16.011 00000.0		172.16.96.0/19		AR3
								172.16.011 00000.0	172.16.96.0/24		MA网络
									172.16.011 00000.00000 000		172.16.96.0/29
									172.16.011 00000.00001 000		172.16.96.8/29
																	172.16.96.16/29
									......
								......

	172.16.100 00000.0		172.16.128.0/19		AR4
								172.16.100 00000.00000 000	172.16.128.0/24		MA网络
									172.16.100 00000.00000 000		172.16.128.0/29
																	172.16.128.8/29
																	172.16.128.16/29
									......
								......

	172.16.101 00000.0		172.16.160.0/19		RIP
								172.16.160.0/20
								172.16.176.0/20


	这两块用不到
	172.16.110 00000.0
	172.16.111 00000.0

配置area0区域的IP

# AR3
[r3]int s 4/0/0
[r3-Serial4/0/0]ip add 34.0.0.1 24

# AR4
[r4]int s 4/0/0
[r4-Serial4/0/0]ip add 34.0.0.2 24

[r4-Serial4/0/0]int s 4/0/1 
[r4-Serial4/0/1]ip add 45.0.0.2 24

[r4-Serial4/0/1]int s 3/0/0
[r4-Serial3/0/0]ip add 46.0.0.2 24

[r4-Serial3/0/0]int g 0/0/0
[r4-GigabitEthernet0/0/0]ip add 47.0.0.2 24

[r4-GigabitEthernet0/0/0]int l 0
[r4-LoopBack0]ip add 4.4.4.4 24

# AR5
[r5]int s 4/0/0
[r5-Serial4/0/0]ip add 45.0.0.1 24

[r5-Serial4/0/0]int l 0
[r5-LoopBack0]ip add 172.16.0.9 29

# AR6
[r6]int s 4/0/0 
[r6-Serial4/0/0]ip add 46.0.0.1 24

[r6-Serial4/0/0]int l 0 
[r6-LoopBack0]ip add 172.16.0.17 29

# AR7
[r7]int g 0/0/0
[r7-GigabitEthernet0/0/0]ip add 47.0.0.1 24

[r7-GigabitEthernet0/0/0]int l 0 
[r7-LoopBack0]ip add 172.16.0.25 29

配置area1区域的IP

# AR1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.32.1 29

[r1-GigabitEthernet0/0/0]int l 0
[r1-LoopBack0]ip add 172.16.32.9 29

#AR2
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 172.16.32.2 29

[r2-GigabitEthernet0/0/0]int l 0 
[r2-LoopBack0]ip add 172.16.32.17 29

#AR3
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add 172.16.32.3 29

[r3-GigabitEthernet0/0/0]int l 0
[r3-LoopBack0]ip add 172.16.32.25 29

配置area2区域的IP

# AR6
[r6]int g 0/0/0
[r6-GigabitEthernet0/0/0]ip add 172.16.64.1 29

# AR11
[r11]int g 0/0/0
[r11-GigabitEthernet0/0/0]ip add 172.16.64.2 29

[r11-GigabitEthernet0/0/0]int g 0/0/1
[r11-GigabitEthernet0/0/1]ip add 172.16.64.9 29

[r11-GigabitEthernet0/0/1]int l 0
[r11-LoopBack0]ip add 172.16.64.17 29

# AR12
[r12]int g 0/0/0
[r12-GigabitEthernet0/0/0]ip add 172.16.64.10 29

配置area3区域的IP

# AR7
[r7]int g 0/0/1
[r7-GigabitEthernet0/0/1]ip add 172.16.96.1 29

# AR8
[r8]int g 0/0/0
[r8-GigabitEthernet0/0/0]ip add 172.16.96.2 29

[r8-GigabitEthernet0/0/0]int g 0/0/1
[r8-GigabitEthernet0/0/1]ip add 172.16.96.9 29

[r8-GigabitEthernet0/0/1]int l 0
[r8-LoopBack0]ip add 172.16.96.17 29

# AR9
[r9]int g 0/0/0
[r9-GigabitEthernet0/0/0]ip add 172.16.96.10 29

配置area4区域的IP

# AR9
[r9]int g 0/0/1
[r9-GigabitEthernet0/0/1]ip add 172.16.128.1 29

[r9-GigabitEthernet0/0/1]int l 0
[r9-LoopBack0]ip add 172.16.128.9 29

# AR10
[r10]int g 0/0/0
[r10-GigabitEthernet0/0/0]ip add 172.16.128.2 29

[r10-GigabitEthernet0/0/0]int l 0 
[r10-LoopBack0]ip add 172.16.128.17 29

配置RIP区域的IP

# 环回一
[r12]int l 0
[r12-LoopBack0]ip add 172.16.160.1 20

# 环回二
[r12-LoopBack0]int l 1
[r12-LoopBack1]ip add 172.16.176.1 20

AR3、AR5、AR6、AR7配置缺省

# AR3
[r3]ip route-static 0.0.0.0 0 34.0.0.2 

# AR5
[r5]ip route-static 0.0.0.0 0 45.0.0.2 

# AR6
[r6]ip route-static 0.0.0.0 0 46.0.0.2 

# AR7
[r7]ip route-static 0.0.0.0 0 47.0.0.2

MGRE环境

# AR3上：
[r3]int t 0/0/0
[r3-Tunnel0/0/0]ip add 172.16.0.1 29
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic 

# AR5
[r5]int t 0/0/0
[r5-Tunnel0/0/0]ip add 172.16.0.2 29
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r5-Tunnel0/0/0]source Serial 4/0/0
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.1 register

# AR6
[r6]int t 0/0/0
[r6-Tunnel0/0/0]ip add 172.16.0.3 29
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source Serial 4/0/0
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.1 register

# AR7
[r7]int t 0/0/0
[r7-Tunnel0/0/0]ip add 172.16.0.4 29
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r7-Tunnel0/0/0]source g 0/0/0
[r7-Tunnel0/0/0]nhrp network-id 100
[r7-Tunnel0/0/0]nhrp entry 172.16.0.1 34.0.0.1 register

启动OSPF

# AR1
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

# AR2
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

# AR3
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.0.255

[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0

[r3]int t 0/0/0
[r3-Tunnel0/0/0]ospf network-type p2mp

# AR5
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[r5]int t 0/0/0
[r5-Tunnel0/0/0]ospf network-type p2mp

# AR6
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255

[r6]int  t 0/0/0
[r6-Tunnel0/0/0]ospf network-type p2mp

[r6]ospf 1 
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0

# AR7
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255

[r7]int t 0/0/0
[r7-Tunnel0/0/0]ospf network-type  p2mp

[r7]ospf 1 
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0

# AR8
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]network 172.16.96.0 0.0.0.255

# AR9
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]network 172.16.96.10 0.0.0.0

[r9-ospf-1]a 4
[r9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.0.255

# AR10
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]a 4
[r10-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.0.255

# AR11
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.0.255

# AR12
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]a 2	
[r12-ospf-1-area-0.0.0.2]network 172.16.64.10 0.0.0.0

[r12]rip 
[r12-rip-1]v 2
[r12-rip-1]network 172.16.0.0

这里的AR10是没有其他区域的路由的，我们要在AR9上做双向重发布

# 把之前的宣告的删了
[r9]ospf 1
[r9-ospf-1]area 4
[r9-ospf-1-area-0.0.0.4]undo network 172.16.128.0 0.0.0.255

# 在新的OSPF进程中宣告
[r9]ospf 2 router-id 9.9.9.9
[r9-ospf-2]area 4
[r9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.0.255

减少更新量

# AR1
[r1]ospf 1 
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]stub

# AR2
[r2]ospf 1	
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]stub

# AR3
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]stub no-summary 
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[r3]ip route-static 172.16.32.0 24 NULL 0

# AR6
[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[r6]ip route-static 172.16.64.0 24 null 0

# AR7
[r7]ospf 1 
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]nssa  no-summary
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r7]ip route-static 172.16.96.0 24 NULL 0

# AR8
[r8]ospf 1
[r8-ospf-1]a 3 
[r8-ospf-1-area-0.0.0.3]nssa 

# AR9
[r9]ospf 1
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]nssa 
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0

[r9]ip route-static 172.16.128.0 24 NULL 0

# AR11
[r11]ospf 1
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]nssa 

# AR12
[r12]ospf 1
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]nssa 
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
[r12]ip route-static 172.16.160.0 24 NULL 0

AR9给AR10发缺省

[r9]ospf 2
[r9-ospf-2]default-route-advertise

配置NAT

# AR3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-acl-basic-2000]int s 4/0/0
[r3-Serial4/0/0]nat outbound 2000

# AR5
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r5-acl-basic-2000]int s 4/0/0
[r5-Serial4/0/0]nat outbound 2000

# AR6
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]int s 4/0/0
[r6-Serial4/0/0]nat outbound 2000

# AR7
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7-acl-basic-2000]int g 0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000

加快收敛

# AR3
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ospf timer hello 5

# AR5
[R5]int t 0/0/0
[R5-Tunnel0/0/0]ospf timer hello 5

# AR6
[R6]int t 0/0/0
[R6-Tunnel0/0/0]ospf timer hello 5

# AR7
[R7]int t 0/0/0
[R7-Tunnel0/0/0]ospf timer hello 5

手工认证

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[r2]ospf 1
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

测试

OSPF大实验

Linux相关栏目本月热门文章