OSPF 综合实验

IP地址规划(X表示设备号):

Loopback0:8.8.X.X

Loopback8-11:8.8.8.1-8.8.11.1

Looback32-35:8.8.32.1-8.8.35.1

R1-R2:8.8.12.X

实验要求:

1、R2、R3、R5使用帧中继互联

2、OSPF全网通信

3、area 0做最安全认证

4、R5 lo8-11 以外部路由E1类型的方式引入到OSPF区域中

5、R5 lo32-35以同样方式发布到OSPF中，但是被隐藏

6、R1收到R3、R5 lo的路由为O IA X.X.X.0/24，用两种方法实现

step1 首先将R4改造成帧中继交换机

r4(config)#frame-relay switching

r4(config)#int s2/0

r4(config-if)#encapsulation frame-relay

r4(config-if)#frame-relay lmi-type cisco

r4(config-if)#frame-relay intf-type dce

r4(config-if)#frame-relay route 203 interface s2/1 302

r4(config-if)#frame-relay route 205 interface s2/2 502

r4(config)#int s2/1

r4(config-if)#encapsulation frame-relay

r4(config-if)#frame-relay lmi-type cisco

r4(config-if)#frame-relay intf-type dce

r4(config-if)#frame-relay route 302 interface s2/0 203

r4(config)#int s2/2

r4(config-if)#encapsulation frame-relay

r4(config-if)#frame-relay lmi-type cisco

r4(config-if)#frame-relay intf-type dce

r4(config-if)#frame-relay route 502 interface s2/0 205

step2 ospf通告

r1：

r1(config)#router ospf 1

r1(config-router)#router-id 8.8.1.1

r1(config-router)#network 8.8.1.1 0.0.0.0 area 0

r1(config-router)#network 8.8.12.1 0.0.0.0 area 0

r2：

r2(config)#router ospf 1

r2(config-router)#router-id 8.8.2.2

r2(config-router)#network 8.8.2.2 0.0.0.0 area 0 

r2(config-router)#network 8.8.12.2 0.0.0.0 area 0

r2(config-router)#network 8.8.23.2 0.0.0.0 area 23

r2(config-router)#network 8.8.25.2 0.0.0.0 area 25

r3：

r3(config)#router ospf 1

r3(config-router)#router-id 8.8.3.3

r3(config-router)#network 8.8.3.3 0.0.0.0 area 33

r3(config-router)#network 8.8.23.3 0.0.0.0 area 23

r5：

r5(config)#router ospf 1

r5(config-router)#router-id 8.8.5.5

r5(config-router)#network 8.8.5.5 0.0.0.0 area 55

r5(config-router)#network 8.8.25.5 0.0.0.0 area 25

理论上r2应该与其他路由器形成邻居关系，但是在r2看到邻居只有r1

再看接口信息，可以看到r2和r3对应接口的网络类型不一致（r2是点对点，r3是非广播），hello/dead时间也不一样，因此无法建立OSPF邻居,同理r5也一样

在这里只需要将r3的s2/2的网络类型改成点对点就可以了,同理r5也一样

r3(config)#int s2/2

r3(config-if)#ip ospf network point-to-point

r5(config)#int s2/2

r5(config-if)#ip ospf network point-to-point

现在r2已经能看到r3和r5建立邻居了

step3 建立虚链路

现在在r1上看根本学不到r3和r5的路由

      8.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:21:33, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:21:33, Serial2/1

因此在r2与r3,r5之间建立虚链路

r2(config)#router ospf 1

r2(config-router)#area 23 virtual-link 8.8.3.3

r2(config-router)#area 25 virtual-link 8.8.5.5

r3(config)#router ospf 1

r3(config-router)#area 23 virtual-link 8.8.2.2

r5(config)#router ospf 1

r2(config-router)#area 25 virtual-link 8.8.2.2

再看r1已经收到r3和r5的路由了

      8.0.0.0/8 is variably subnetted, 9 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:00:31, Serial2/1

O IA     8.8.3.3/32 [110/129] via 8.8.12.2, 00:00:20, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:39:48, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:39:48, Serial2/1

step4 r1和r2作MD5认证

r1(config)#router ospf 1

r1(config-router)#area 0 authentication message-digest 

r1(config-router)#exit

r1(config)#int s2/1

r1(config-if)#ip ospf message-digest-key 1 md5 cisco

r2(config)#router ospf 1

r2(config-router)#area 0 authentication message-digest 

r2(config-router)#exit

r2(config)#int s2/0

r2(config-if)#ip ospf message-digest-key 1 md5 cisco

现在在r2上清除ospf进程清掉

r2#clear ip ospf process 

Reset ALL OSPF processes? [no]: y

发现虚链路的邻居起不来了

r2#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

8.8.1.1           0   FULL/  -        00:00:37    8.8.12.1        Serial2/0

8.8.3.3           0   FULL/  -        00:00:37    8.8.23.3        Serial2/2.23

8.8.5.5           0   FULL/  -        00:00:37    8.8.25.5        Serial2/2.25

因为虚链路也属于area 0的一部分,因此给虚链路也配上认证

r2(config)#router ospf 1

r2(config-router)#area 23 virtual-link 8.8.3.3 message-digest-key 1 md5 cisco

r2(config-router)#area 25 virtual-link 8.8.5.5 message-digest-key 1 md5 cisco

r3(config-router)#area 0 authentication message-digest

r3(config-router)#area 23 virtual-link 8.8.2.2 message-digest-key 1 md5

r5(config-router)#area 0 authentication message-digest

r5(config-router)#area 25 virtual-link 8.8.2.2 message-digest-key 1 md5 cisco

再看r2的邻居,虚链路邻居已经起来了

r2#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface

8.8.5.5           0   FULL/  -           -        8.8.25.5        OSPF_VL1

8.8.3.3           0   FULL/  -           -        8.8.23.3        OSPF_VL0

8.8.1.1           0   FULL/  -        00:00:33    8.8.12.1        Serial2/0

8.8.3.3           0   FULL/  -        00:00:33    8.8.23.3        Serial2/2.23

8.8.5.5           0   FULL/  -        00:00:38    8.8.25.5        Serial2/2.25

r1上已经看到r3和r5的路由

r1#show ip route ospf

      8.0.0.0/8 is variably subnetted, 9 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:11:39, Serial2/1

O IA     8.8.3.3/32 [110/129] via 8.8.12.2, 00:04:18, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:02:53, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:11:39, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:11:39, Serial2/1

step5 引入直连路由

在r5上进行路由重分布

r5(config-router)#redistribute connected subnets

然后在r1上看,r5的所有直连路由都收到了,但是都是 0 E2类型

      8.0.0.0/8 is variably subnetted, 17 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:16:07, Serial2/1

O IA     8.8.3.3/32 [110/129] via 8.8.12.2, 00:08:46, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:07:21, Serial2/1

O E2     8.8.8.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.9.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.10.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.11.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:16:07, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:16:07, Serial2/1

O E2     8.8.32.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.33.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.34.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

O E2     8.8.35.0/24 [110/1] via 8.8.12.2, 00:00:03, Serial2/1

我们只需要在r5上命令改成

r5(config-router)#redistribute connected subnets metric-type 1

r1收到的r5的路由就变成O E1类型了

      8.0.0.0/8 is variably subnetted, 17 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:16:38, Serial2/1

O IA     8.8.3.3/32 [110/129] via 8.8.12.2, 00:09:17, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:07:52, Serial2/1

O E1     8.8.8.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.9.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.10.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.11.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:16:38, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:16:38, Serial2/1

O E1     8.8.32.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.33.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.34.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

O E1     8.8.35.0/24 [110/129] via 8.8.12.2, 00:00:02, Serial2/1

step6 隐藏r5 lo32-35路由

在r5上对lo32-35路由进行汇总,再后面加上not-advertise不进行宣告就可以了(注意summary-address只能在ASBR使用,对外部路由进行隐藏)

r5(config-router)#summary-address 8.8.32.0 255.255.252.0 not-advertise

在r1上查看路由,隐藏了相关路由

r1#show ip route ospf

      8.0.0.0/8 is variably subnetted, 13 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:24:53, Serial2/1

O IA     8.8.3.3/32 [110/129] via 8.8.12.2, 00:17:32, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:16:07, Serial2/1

O E1     8.8.8.0/24 [110/129] via 8.8.12.2, 00:08:17, Serial2/1

O E1     8.8.9.0/24 [110/129] via 8.8.12.2, 00:08:17, Serial2/1

O E1     8.8.10.0/24 [110/129] via 8.8.12.2, 00:08:17, Serial2/1

O E1     8.8.11.0/24 [110/129] via 8.8.12.2, 00:08:17, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:24:53, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:24:53, Serial2/1

step7 使r1收到r3和r5 lo路由为24位

方法1:

因为loopback口地址在ospf宣告,都是以32位主机路由形式出现.

恢复loopback口接口地址长度只需要输入以下命令:

r3(config-router)#int lo0

r3(config-if)#ip ospf network point-to-point

在r1上可以看到收到r3 的lo0路由变成24位

      8.0.0.0/8 is variably subnetted, 13 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:31:58, Serial2/1

O IA     8.8.3.0/24 [110/129] via 8.8.12.2, 00:00:01, Serial2/1

O IA     8.8.5.5/32 [110/129] via 8.8.12.2, 00:23:12, Serial2/1

O E1     8.8.8.0/24 [110/129] via 8.8.12.2, 00:15:22, Serial2/1

O E1     8.8.9.0/24 [110/129] via 8.8.12.2, 00:15:22, Serial2/1

O E1     8.8.10.0/24 [110/129] via 8.8.12.2, 00:15:22, Serial2/1

O E1     8.8.11.0/24 [110/129] via 8.8.12.2, 00:15:22, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:31:58, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:31:58, Serial2/1

方法2:

可以进行路由汇总将掩码变小,O IA是区域间路由,在r5(ABR)上进行汇总(因为r2与r5虚链路已经建立,r5是ABR也是ASBR)

r5(config-router)#area 55 range 8.8.5.0 255.255.255.0

再看r1上收到的路由,可以看到收到r5 的lo0路由变成24位

      8.0.0.0/8 is variably subnetted, 13 subnets, 2 masks

O        8.8.2.2/32 [110/65] via 8.8.12.2, 00:37:45, Serial2/1

O IA     8.8.3.0/24 [110/129] via 8.8.12.2, 00:05:48, Serial2/1

O IA     8.8.5.0/24 [110/129] via 8.8.12.2, 00:00:03, Serial2/1

O E1     8.8.8.0/24 [110/129] via 8.8.12.2, 00:21:09, Serial2/1

O E1     8.8.9.0/24 [110/129] via 8.8.12.2, 00:21:09, Serial2/1

O E1     8.8.10.0/24 [110/129] via 8.8.12.2, 00:21:09, Serial2/1

O E1     8.8.11.0/24 [110/129] via 8.8.12.2, 00:21:09, Serial2/1

O IA     8.8.23.0/24 [110/128] via 8.8.12.2, 00:37:45, Serial2/1

O IA     8.8.25.0/24 [110/128] via 8.8.12.2, 00:37:45, Serial2/1

本文出自 “小li同学” 博客，转载请与作者联系！