实验名称 OSPF汇总操作
一.实验需求
1.实验拓扑
2.需求
一.area1,area2不得出现4类LSA,5类LSA;
二.R4到R5通过帧中继连接,R4连接R5为point-to-point类型;
三.R4到R6通过帧中继连接,R4连接R6为point-to-multi类型;
四.在R1和R2开启认证,链路封装类型为PPP,认证为PAP;
五.Area1 启用区域认证;
六.Area 1 (R1)创建三个环回口,分别为lo 10 202.1.1.1/24,lo 20 202.1.2.1/24,lo 30 202.1.3.1/24 ;
七.从R4到R1控制数据流量从R2;
八.R5 创建三个环回口,为lo 10 200.1.1.1/24 ,lo 20 200.1.2.1/24,lo 30 200.1.3.1/24,且200.1.1.0网段 不能出现在路由表中;
九.R7 创建 三个环回口,为lo 10 199.1.1.1/24,lo 20 199.1.2.1/24,lo 30 199.1.3.1/24;
十.Area 2 不能为totolly,减少LSA;
十一.全网可达
十二.R6与R8之间为帧中继交换连接。
二. 实验环境(软件、硬件环境)
GNS3-Standalone-64-bit
CiscoIOSSoftware,7200Software(C7200-ADVSECURITYK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
PC机一台
三.实验原理
1.地址划分:
R1------R2:12.1.1.0/24 R1---------R3:13.1.1.0/24
R2---------R4:100.1.1.1/24 R3---------R4:100.1.1.0/24
R4---------R5:45.1.1.0/24 R4---------R6:46.1.1.0/24
R6---------R7:67.1.1.0/24 R6---------R8:68.1.1.0/24
2.环回地址创建:
R1:Loopback1 1.1.1.1/24 Loopback10 202.1.1.1/24
Loopback20 202.1.2.1/24 Loopback30 202.1.3.1/24
R2:Loopback2 2.2.2.2/24
R3:Loopback3 3.3.3.3/24
R4:Loopback4 4.4.4.4/24
R5:Loopback5 5.5.5.5/24 Loopback10 200.1.1.1/24
Loopback20 200.1.2.1/24 Loopback30 200.1.3.1/24
R6:Loopback6 6.6.6.6/24
R7:Loopback7 7.7.7.7/24 Loopback10 199.1.1.1/24
Loopback20 199.1.2.1/24 Loopback30 199.1.3.1/24
R8:Loopback8 8.8.8.8/24
3.区域划分:
Area 1 :R1,R2,R3(stub 末节区域)
Area 0 :R2,R3,R4(骨干区域)
Area 2:R4,R6(stub 末节区域)
Area 3:R6,R8
4.路由运行协议:
OSPF 100:R1,R2,R3,R4,R6,R8
EIGRP 90:R4,R5
RIP VER2:R6,R7
Frame relay:R9
5.在area1,area2设置stub区域,过滤4类,5类LSA。
6.在R3上修改OSPF cost值,使之传递到R4的路由条目的cost 值大于R4接收到的路由,在R4的路由表中只出现从R2传递过来的路由条目。
7.在各个ASBR路由器上重分发外部路由,并且进行路由汇总,优化路由条目。
8.在R4-------R6上建立tunnel隧道,完成非骨干区域与骨干区域的连接。地址为192.168.1.0/24.
9.全网汇总,优化路由条目。
10.使用distribute-list 过滤200.1.1.1/24,并且在R5上发布一条缺省路由。使之全网可达。
四.实验内容及步骤
R1主要配置:
username xiaolei password 0 xiaoming/设置pap认证用户名密码
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Loopback10
ip address 202.1.1.1 255.255.255.0
ip ospf network point-to-point/网络类型为点对点
!
interface Loopback20
ip address 202.1.2.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback30
ip address 202.1.3.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 12.1.1.1 255.255.255.0
encapsulation ppp/封装协议为PPP
ip ospf message-digest-key 1 md5 xiaoming/设置区域认证为md5类型和密码
serial restart-delay 0
ppp authentication pap
ppp pap sent-username xiaoming password 0 xiaoming
!
interface Serial1/1
ip address 13.1.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 xiaoming/接口启用区域认证
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 1.1.1.1/路由ID
log-adjacency-changes
area 1 authentication message-digest/启用区域认证,类型为md5
area 1 stub/设置该区域为stub区域,过滤4、5类LSA
network 1.1.1.0 0.0.0.255 area 1/宣告相应网段
network 12.1.1.0 0.0.0.255 area 1
network 13.1.1.0 0.0.0.255 area 1
network 202.1.1.0 0.0.0.255 area 1
network 202.1.2.0 0.0.0.255 area 1
network 202.1.3.0 0.0.0.255 area 1
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
R2主要配置:
username xiaoming password 0 xiaoming/设置pap认证用户名和密码
!
interface Loopback2
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 100.1.1.2 255.255.255.0
ip ospf network broadcast
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 12.1.1.2 255.255.255.0
encapsulation ppp/封装协议为PPP
ip ospf message-digest-key 1 md5 xiaoming/接口启用区域认证,认证类型为md5。
serial restart-delay 0
ppp authentication pap/接口封装协议为PPP
ppp pap sent-username xiaolei password 0 xiaoming
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 2.2.2.2/路由ID
log-adjacency-changes
area 1 authentication message-digest/设置区域认证,区域认证类型为md5.
area 1 stub/区域类型为stub区域
area 1 range 202.1.0.0 255.255.0.0/汇总路由,优化路由条目
network 2.2.2.0 0.0.0.255 area 0/宣告网络
network 12.1.1.0 0.0.0.255 area 1
network 100.1.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
R3主要配置:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
no ip domain lookup
!
multilink bundle-name authenticated
!
interface Loopback3
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 100.1.1.3 255.255.255.0
ip ospf network broadcast/接口网络类型为广播
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 13.1.1.3 255.255.255.0
ip ospf authentication-key 1 xiaoming
ip ospf message-digest-key 1 md5 xiaoming
ip ospf cost 67/修改cost值,使R4到R1走R2
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
area 1 authentication message-digest
area 1 stub
area 1 range 202.1.0.0 255.255.0.0/汇总路由,优化路由条目
network 3.3.3.0 0.0.0.255 area 0
network 13.1.1.0 0.0.0.255 area 1
network 100.1.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
!
logging alarm informational
R4主要配置:
interface Loopback4
ip address 4.4.4.4 255.255.255.0
!
interface Tunnel1/创建tunnel隧道,使骨干区域连接非骨干区域area3
ip address 192.168.1.4 255.255.255.0
ip ospf network point-to-multipoint/接口网络类型为点到多点
tunnel source 4.4.4.4/隧道源地址
tunnel destination 6.6.6.6/隧道目的地址
!
interface FastEthernet0/0
ip address 100.1.1.4 255.255.255.0
ip ospf network broadcast
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay/接口封装协议为帧中继
ip ospf network point-to-multipoint
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp/关闭frame-relay地址映射的ARP映射
!
interface Serial1/0.1 point-to-point/启用子接口,接口类型为点到点
ip address 45.1.1.4 255.255.255.0
frame-relay interface-dlci 405 /设置PVC链路的dlci号
!
interface Serial1/0.2 multipoint/启用子接口,接口类型为点到多点
ip address 46.1.1.4 255.255.255.0
ip ospf network point-to-multipoint
frame-relay map ip 46.1.1.6 406 broadcast/设置目的IP与pvc链路的dlci号映射,伪广播。
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 90
redistribute ospf 100 metric 100 10 50 50 1500/将OSPF路由重发布到eigrp中,须设置相关metric值
network 4.4.4.0 0.0.0.255
network 45.1.1.0 0.0.0.255
no default-information out
distribute-list 1 in Serial1/0.1/创建分发列表过滤200.1.1.1/24
no auto-summary
!
router ospf 100
router-id 4.4.4.4
log-adjacency-changes
area 2 stub/设置area2为stub区域 ,过滤4、5类LSA
redistribute eigrp 90 subnets/将eigrp路由重发布到OSPF中
network 4.4.4.0 0.0.0.255 area 0
network 46.1.1.0 0.0.0.255 area 2
network 100.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 3
neighbor 6.6.6.6/单播指邻居
default-information originate/下发缺省路由
!
no ip http server
no ip http secure-server
!
logging alarm informational
access-list 1 deny 200.1.1.0 0.0.0.255/设置ACL,抓取200.1.1.0/24路由
access-list 1 permit any/允许所有
!
control-plane
R5主要配置:
interface Loopback5
ip address 5.5.5.5 255.255.255.0
!
interface Loopback10
ip address 200.1.1.1 255.255.255.0
!
interface Loopback20
ip address 200.1.2.1 255.255.255.0
!
interface Loopback30
ip address 200.1.3.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay/封装协议类型为帧中继
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 point-to-point/启用子接口,类型为点到点
ip address 45.1.1.5 255.255.255.0
ip summary-address eigrp 90 0.0.0.0 0.0.0.0 5./接口汇总产生缺省路由 metric值为5
frame-relay interface-dlci 504 /设置接口帧中继映射PVC号为504
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 90/启用eigrp协议,AS为90
network 5.5.5.0 0.0.0.255/宣告网段
network 45.1.1.0 0.0.0.255
network 200.1.1.0
network 200.1.2.0
network 200.1.3.0
no auto-summary/关闭自动汇总
!
no ip http server
no ip http secure-server
!
logging alarm informational
R6主要配置:
interface Loopback6
ip address 6.6.6.6 255.255.255.0
!
interface Tunnel1/创建tunnel1隧道
ip address 192.168.1.6 255.255.255.0
ip ospf network point-to-multipoint/接口网络类型点到多点
tunnel source 6.6.6.6/隧道源地址
tunnel destination 4.4.4.4/隧道目的地址
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay
ip ospf network point-to-multipoint
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 multipoint
ip address 46.1.1.6 255.255.255.0
ip ospf network point-to-multipoint
ip ospf priority 0/修改接口优先级,使之不参与DR/BDR选举
frame-relay map ip 46.1.1.4 604 broadcast
!
interface Serial1/0.2 point-to-point
ip address 68.1.1.6 255.255.255.0
frame-relay interface-dlci 608
!
interface Serial1/1
ip address 67.1.1.6 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 6.6.6.6
log-adjacency-changes
area 2 stub
summary-address 199.1.0.0 255.255.0.0/在ASBR路由上,汇总外部路由。
redistribute rip subnets/将rip路由重发布到OSPF
network 6.6.6.0 0.0.0.255 area 2
network 46.1.1.0 0.0.0.255 area 2
network 68.1.1.0 0.0.0.255 area 3
network 192.168.1.0 0.0.0.255 area 3
default-information originate
!
router rip
version 2
redistribute ospf 100 metric 5/将OSPF路由重发布到RIP中
network 6.0.0.0
network 67.0.0.0
no auto-summary/关闭自动汇总
!
no ip http server
no ip http secure-server
!
logging alarm informational
R7主要配置:
interface Loopback7
ip address 7.7.7.7 255.255.255.0
!
interface Loopback10
ip address 199.1.1.1 255.255.255.0
!
interface Loopback20
ip address 199.1.2.1 255.255.255.0
!
interface Loopback30
ip address 199.1.3.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 67.1.1.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router rip/启用RIP 路由协议
version 2
network 7.0.0.0
network 67.0.0.0
network 199.1.1.0
network 199.1.2.0
network 199.1.3.0
no auto-summary
!
no ip http server
no ip http secure-server
!
logging alarm informational
R8主要配置:
interface Loopback8
ip address 8.8.8.8 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 point-to-point
ip address 68.1.1.8 255.255.255.0
frame-relay interface-dlci 806
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 8.8.8.8
log-adjacency-changes
network 8.8.8.0 0.0.0.255 area 3
network 68.1.1.0 0.0.0.255 area 3
!
no ip http server
no ip http secure-server
!
logging alarm informational
R9主要配置:
interface Serial1/0
no ip address
encapsulation frame-relay/接口封装类型帧中继
no ip route-cache
serial restart-delay 0
frame-relay lmi-type cisco/帧中继信令管理类型为Cisco
frame-relay intf-type dce/帧中继设置为dce端
frame-relay route 405 interface Serial1/1 504/设置帧中继pvc链路dlci号路由映射,将虚拟链路405进来的数据从接口s1/1虚拟链路504转发出去,其他接口配置原理同此。
frame-relay route 406 interface Serial1/2 604
!
interface Serial1/1
no ip address
encapsulation frame-relay
no ip route-cache
serial restart-delay 0
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 504 interface Serial1/0 405
!
interface Serial1/2
no ip address
encapsulation frame-relay
no ip route-cache
serial restart-delay 0
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 604 interface Serial1/0 406
frame-relay route 608 interface Serial1/3 806
!
interface Serial1/3
no ip address
encapsulation frame-relay
no ip route-cache
serial restart-delay 0
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 806 interface Serial1/2 608
!
no ip http server
no ip http secure-server
!
logging alarm informational
五.实验结果及问题分析
R1路由表
R2路由表
R3路由表
R4路由表
R5路由表
R6路由表
R7路由表
R8路由表
全网可达
结论:
在stub区域,virtual-link虚拟链路不能启用,需要通过tunnel隧道实现OSPF区域的规则区域连接骨干区域。
在配置OSPF的单播邻居时,接口需要为point-to-multi网络类型或者为NBMA网络类型。