实验目的:
1、按照拓扑图地址规划,配置路由器接口地址和主机地址
2、按照拓扑图,配置ospfv3区域和 isis协议区域,在两个协议的边界路由器AR5上配置路由重分发,实现全网互通
3、主机都使用直连链路引入协议当中
4、配置路由过滤,实现具体的要求
实验拓扑图
配置过程:
[Huawei]sys AR1
[AR1]IPV6
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ipv6 enable
[AR1-GigabitEthernet0/0/0]ipv6 address 2001:15::1 64
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ipv6 enable
[AR1-GigabitEthernet0/0/1]ipv6 address 2001:13::1 64
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ipv6 enable
[AR1-GigabitEthernet0/0/2]ipv6 address 2001:12::1 64
其他路由器接口配置类似,参照拓扑图的ipv6地址配置说明
主机的配置以主机1为例
测试连通性,保证IPv6地址配置无误
配置ospfv3路由协议
[AR1]ospfv3 1
[AR1-ospfv3-1]router-id 1.1.1.1 //ospfv3中的router-id必须要配置
[AR1-ospfv3-1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ospfv3 1 area 1 //将接口加入对应的区域
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ospfv3 1 area 2
[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ospfv3 1 area 0
[AR1-GigabitEthernet0/0/2]quit
[AR2]ospfv3 1
[AR2-ospfv3-1]router-id 2.2.2.2
[AR2-ospfv3-1]int g0/0/0
[AR2-GigabitEthernet0/0/0]ospfv3 1 area 0
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ospfv3 1 area 3
[AR2-GigabitEthernet0/0/1]quit
[AR3]ospfv3 1
[AR3-ospfv3-1]router-id 3.3.3.3
[AR3-ospfv3-1]int g0/0/0
[AR3-GigabitEthernet0/0/0]ospfv3 1 area 2
[AR3-GigabitEthernet0/0/0]quit
[AR4]ospfv3 1
[AR4-ospfv3-1]router-id 4.4.4.4
[AR4-ospfv3-1]int g0/0/0
[AR4-GigabitEthernet0/0/0]ospfv3 1 area 3
[AR4-GigabitEthernet0/0/0]quit
[AR5]ospfv3 1
[AR5-ospfv3-1]router-id 5.5.5.5
[AR5-ospfv3-1]int g0/0/1
[AR5-GigabitEthernet0/0/1]ospfv3 1 area 1
在路由器上查看邻居关系
将路由器3和路由器4所连接的主机以路由引入的方式引入ospfv3协议当中
[AR3]ospfv3 1
[AR3-ospfv3-1]import-route direct
[AR4]ospfv3
[AR4-ospfv3-1]import-route direct
查看路由器1和2的路由表,有主机3、4、5所在的网段信息,证明引入成功
这时已经达到ospfv3区域内互通的状态
[AR5]isis 1
[AR5-isis-1]ipv6 enable //使能ipv6
[AR5-isis-1]network-entity 49.0567.5555.5555.5555.00 //配置网络实体名,必须配置
Oct 30 2022 10:25:06-08:00 AR5 %%01ISIS/4/START_ENABLE_ISIS(l)[0]:ISIS 256 enabl
ed all ISIS modules.
[AR5-isis-1]is-level level-1-2 //设置level级别,缺省情况下,默认为level-1-2
[AR5-isis-1]int g0/0/0
[AR5-GigabitEthernet0/0/0]isis ipv6 enable 1 进入接口使能ipv6
[AR6]isis 1
[AR6-isis-1]ipv6 enable
[AR6-isis-1]network-entity 49.0567.6666.6666.6666.00
Oct 30 2022 10:26:48-08:00 AR6 %%01ISIS/4/START_ENABLE_ISIS(l)[0]:ISIS 256 enabl
ed all ISIS modules.
[AR6-isis-1]is-level level-1-2
[AR6-isis-1]int g0/0/1
[AR6-GigabitEthernet0/0/1]isis ipv6 enable 1
[AR6-GigabitEthernet0/0/1]int g0/0/0
[AR6-GigabitEthernet0/0/0]isis ipv6 enable 1
[AR6-GigabitEthernet0/0/0]quit
[AR7]isis 1
[AR7-isis-1]is-level level-1
[AR7-isis-1]network-entity 49.0567.7777.7777.7777.00
[AR7-isis-1]ipv6 enable
[AR7-isis-1]int g0/0/0
[AR7-GigabitEthernet0/0/0]isis ipv6 enable 1
查看邻居状态
在路由器7上将所连主机路由直连引入方式引入到isis协议中
[AR7]isis 1
[AR7-isis-1]ipv6 import-route direct level-1 //以直连引入level-1类型的路由
查看路由器5的isis路由表
测试isis协议
这时isis协议内部达到互通
在路由器5上进行ospfv3和isisv6协议的互相引入(相互路由重分发),达到全网互通
[AR5]isis 1
[AR5-isis-1]ipv6 import-route ospfv3 1
[AR5-isis-1]quit
[AR5]ospfv3
[AR5-ospfv3-1]import-route isis 1
查看路由器3的路由表,有主机1和2的网段信息
在路由器6上需下发一条缺省路由给路由器5
[AR6-isis-1]ipv6 default-route-advertise level-1
下一步进行路由过滤
[AR5]acl ipv
[AR5]acl ipv6 2001 //配置基本的ipv6 acl
[AR5-acl6-basic-2001]rule 5 deny source 3001:20:: 64 建立一条规则,拒绝源地址为3001:20:: 64网段的ipv6地址
[AR5-acl6-basic-2001]rule permit //剩下的允许
[AR5-acl6-basic-2001]quit
[AR5]ospfv3 //进入ospfv3协议
[AR5-ospfv3-1]filter-policy 2001 export 在协议中的出接口方向进行调用acl
[AR5-ospfv3-1]import-route isis 1 route-policy 2001 在isis协议中调用acl策略
查看路由表信息
(2)、在R3上使用路由过滤,使得pc3主机所在网段无法访问主机4
[AR3]acl ipv6 2002
[AR3-acl6-basic-2002]rule deny source 3001:40:: 64
[AR3-acl6-basic-2002]rule permit
[AR3-acl6-basic-2002]ospfv
[AR3-ospfv3-1]filter-policy 2002 import
[AR3-ospfv3-1]quit
查看路由表
(3)、实现pc4和pc5所在网段无法访问主机1
[AR4]acl ipv6 name not1
[AR4-acl6-adv-not1]rule deny ipv6 source 3001:10:: 64
[AR4-acl6-adv-not1]rule permit ipv6 source any
[AR4-acl6-adv-not1]ospfv3
[AR4-ospfv3-1]filter-policy acl6-name not1 import
达到效果