OSPF综合实验
HCIP文章目录
文章目录
- HCIP文章目录
- 实验拓扑
- 实验要求
- 实验思路
-
- 1、首先进行IP划分172.16.0.0 /16(划分如如拓扑图)
- 2、配置MGREM环境
- area0(R1、5、6、7)
- area 1(R 1、2、3)
- area2(R6、11、12)
- area3(R7、8、9)
- area4(R9、10)
- 进行LSA优化
-
- 路由汇总
- 特殊区域
- 全网可达(NAT)
实验拓扑
实验要求
1、R4为ISP,其上只能配置1P地址;R4与其他所有直连设备间使用公有IP;
2、R3–R5/6/7为MGRE环境,R3为中心站点
3、整个0SPF环境1P地址为172.16.0.0/16
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,加快收敛,保障更新安全
6、全网可达
实验思路
1、首先进行IP划分172.16.0.0 /16(划分如如拓扑图)
2、配置MGREM环境
前提是公网可通(配置R1、5、6、7到LSP的缺省)
以R3为中心站点配置,R5、6、7为分支
MGRE的网段为172.16.160.0 /22
R3配置
[r3-Tunnel0/0/0]ip address 172.16.160.1 22
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source 34.1.1.1
[r3-Tunnel0/0/0]nhrp entry multicast dynamic
[r3-Tunnel0/0/0]nhrp network-id 100
R5、6、7 分支配置一样
[r5]int t0/0/0
[r5-Tunnel0/0/0]ip address 172.16.160.5 22
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp
[r5-Tunnel0/0/0]source g0/0/0
[r5-Tunnel0/0/0]nhrp entry 172.16.160.1 34.1.1.1 register
[r5-Tunnel0/0/0]nhrp network-id 100
测试
<r3>ping 172.16.160.5
PING 172.16.160.5: 56 data bytes, press CTRL_C to break
Reply from 172.16.160.5: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 172.16.160.5: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 172.16.160.5: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 172.16.160.5: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 172.16.160.5: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 172.16.160.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/30 ms
<r3>ping 172.16.160.6
PING 172.16.160.6: 56 data bytes, press CTRL_C to break
Reply from 172.16.160.6: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 172.16.160.6: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 172.16.160.6: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 172.16.160.6: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 172.16.160.6: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 172.16.160.6 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
<r3>ping 172.16.160.7
PING 172.16.160.7: 56 data bytes, press CTRL_C to break
Reply from 172.16.160.7: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 172.16.160.7: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 172.16.160.7: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 172.16.160.7: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 172.16.160.7: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 172.16.160.7 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
area0(R1、5、6、7)
注意:这里宣告时不要宣告公网IP
宣告完之后因为使用的是MGRE他们的Tunnel口是p2p点到点
所以修改该网段所有接口为 Broadcast
设置中心站点(R3)为DR 没有BDR
将R3的Tunnel优先级设置为3
其他设置为0
R3
[r3]ospf 1 router-id 1.1.1.1
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 172.16.160.1 0.0.0.0
[r3-Tunnel0/0/0]ospf network-type broadcast
[r3-Tunnel0/0/0]ospf dr-priority 3
R5
宣告R5的环回和Tunnel口
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 172.16.160.5 0.0.0.0
[r5-ospf-1-area-0.0.0.0]network 172.16.32.1 0.0.0.0
[r5-Tunnel0/0/0]ospf network-type broadcast
[r5-Tunnel0/0/0]ospf dr-priority 0
R6
宣告R6的环回和Tunnel口
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 0
[r6-ospf-1-area-0.0.0.0]network 172.16.160.6 0.0.0.0
[r6-ospf-1-area-0.0.0.0]network 172.16.72.1 0.0.0.0
[r6-Tunnel0/0/0]ospf network-type broadcast
[r6-Tunnel0/0/0]ospf dr-priority 0
R7
宣告R7的环回和Tunnel口
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]are
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 172.16.160.7 0.0.0.0
[r7-ospf-1-area-0.0.0.0]network 172.16.104.1 0.0.0.0
[r7-Tunnel0/0/0]ospf network-type broadcast
[r7-Tunnel0/0/0]ospf dr-priority 0
测试
ping R5、6、7的环回
area 1(R 1、2、3)
R1
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 172.16.4.1 0.0.0.0
[r1-ospf-1-area-0.0.0.1]network 172.16.8.1 0.0.0.0
R2
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]network 172.16.12.1 0.0.0.0
[r2-ospf-1-area-0.0.0.1]network 172.16.4.2 0.0.0.0
R3
[r3]ospf
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]network 172.16.16.1 0.0.0.0
[r3-ospf-1-area-0.0.0.1]network 172.16.4.3 0.0.0.0
测试
area2(R6、11、12)
R12有2条RIP宣告导入到ospf中
R6
[r6]ospf
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0
R11
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]area 2
[r11-ospf-1-area-0.0.0.2]network 172.16.64.2 0.0.0.0
[r11-ospf-1-area-0.0.0.2]network 172.16.64.5 0.0.0.0
[r11-ospf-1-area-0.0.0.2]network 172.16.76.1 0.0.0.0
R12
[r12-LoopBack1]rip 1
[r12-rip-1]version 2
[r12-rip-1]network 172.16.0.0
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]network 172.16.64.6 0.0.0.0
[r12-ospf-1]import-route rip 1
[r12]rip 1
[r12-rip-1]import-route ospf 1
测试
area3(R7、8、9)
R7
[r7]ospf
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0
R8
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]area 3
[r8-ospf-1-area-0.0.0.3]network 172.16.96.2 0.0.0.0
[r8-ospf-1-area-0.0.0.3]network 172.16.96.5 0.0.0.0
[r8-ospf-1-area-0.0.0.3]network 172.16.108.1 0.0.0.0
R9
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]network 172.16.96.6 0.0.0.0
area4(R9、10)
这个区域是不规则区域首先进行多进程双向重发布配置命令
R9
[r9]ospf 2
[r9-ospf-2]area 4
[r9-ospf-2-area-0.0.0.4]network 172.16.128.1 0.0.0.0
[r9-ospf-2-area-0.0.0.4]network 172.16.136.1 0.0.0.0
[r9-ospf-2]import-route ospf 1
[r9-ospf-1]import-route ospf 2
R10
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]area 4
[r10-ospf-1-area-0.0.0.4]network 172.16.128.2 0.0.0.0
[r10-ospf-1-area-0.0.0.4]network 172.16.140.1 0.0.0.0
测试
进行LSA优化
路由汇总
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.0.0 255.255.224.0
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r9-ospf-1]area 4
[r9-ospf-1-area-0.0.0.4]abr-summary 172.16.128.0 255.255.224.0
特殊区域
末梢区域 R1、2
完全末梢 R3
NSSA非完全末梢区域 R8、9、11、12
完全NSSA R6、7
R9指向R10一条缺省
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]stub
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]stub
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]stub no-summary
[r8-ospf-1]area 3
[r8-ospf-1-area-0.0.0.3]nssa
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]nssa
[r11-ospf-1]area 2
[r11-ospf-1-area-0.0.0.2]nssa
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]nssa
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]nssa no-summary
[r9-ospf-2]default-route-advertise
全网可达(NAT)
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-GigabitEthernet0/0/1]nat outbound 2000
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7]int GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]int g0/0/0
[r6-GigabitEthernet0/0/0]nat outbound 2000
测试
