文章作者:姜南(Slyar) 文章来源:Slyar Home (www.slyar.com) 转载请注明,谢谢合作。
一个OSPF综合实验,包括9台路由器(其中一台模拟帧中继交换机),涉及OSPF多区域、OSPF虚链路、Stub区域、NSSA区域、OSPF手动汇总、OSPF接口认证、OSPF区域认证等技术。
GNS3拓扑与实验拓扑图完全一致,我把预配置文件也一起打包放到网盘上了(包括所有的接口配置以及帧中继交换机的配置),需要的可以直接下载专注于练习OSPF。
实验拓扑图
实验过程:
1、帧中继交换机的配置,我简单写一下(预配置已经做好,跟OSPF关系不大)。
en
conf t
ho R9
frame-relay switching
int s1/0
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 203 interface s1/1 302
frame-relay route 204 interface s1/2 402
no sh
int s1/1
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 302 interface s1/0 203
no sh
int s1/2
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 402 interface s1/0 204
no sh
end
2、配置Area 0区域,不需要采用子接口,物理接口网络类型设置为broadcast即可。
R2(config)#router ospf 10
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 172.17.1.1 0.0.0.0 area 0
// 修改OSPF接口网络类型为广播
R2(config-router)#int s1/2
R2(config-if)#ip ospf network broadcast
R3(config)#router ospf 10
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 172.17.1.2 0.0.0.0 area 0
// 修改OSPF接口网络类型为广播
R3(config-router)#int s1/2
R3(config-if)#ip ospf network broadcast
// 设置ospf接口优先级为0,禁止R3成为DR/BDR
R3(config-if)#ip ospf priority 0
R4(config)#router ospf 10
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 172.17.1.3 0.0.0.0 area 0
// 修改OSPF接口网络类型为广播
R4(config-router)#int s1/2
R4(config-if)#ip ospf network broadcast
//设置ospf接口优先级为0,禁止R4成为DR/BDR
R4(config-if)#ip ospf priority 0
3、在R2上检查邻居关系,R3和R4均为DROTHER
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/DROTHER 00:00:34 172.17.1.2 Serial1/2
4.4.4.4 0 FULL/DROTHER 00:00:33 172.17.1.3 Serial1/2
4、配置Area 1区域
R2(config)#router ospf 10
R2(config-router)#net 10.1.1.2 0.0.0.0 area 1
R1(config)#router ospf 10
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 172.16.0.0 0.0.3.255 area 1
R1(config-router)#net 10.1.1.1 0.0.0.0 area 1
5、配置Area 2区域
R4(config)#router ospf 10
R4(config-router)#net 10.1.3.1 0.0.0.0 area 2
R7(config)#router ospf 10
R7(config-router)#router-id 7.7.7.7
R7(config-router)#net 172.18.1.0 0.0.1.255 area 2
R7(config-router)#net 10.1.3.2 0.0.0.0 area 2
6、配置Area 3区域
R7(config)#router ospf 10
R7(config-router)#net 10.1.4.1 0.0.0.0 area 3
R8(config)#router ospf 10
R8(config-router)#router-id 8.8.8.8
R8(config-router)#net 172.20.0.0 0.0.3.255 area 3
R8(config-router)#net 10.1.4.2 0.0.0.0 area 3
7、配置Area 4区域
R3(config)#router ospf 10
R3(config-router)#net 10.1.2.1 0.0.0.0 area 4
R5(config)#router ospf 10
R5(config-router)#router-id 5.5.5.5
R5(config-router)#net 172.19.0.0 0.0.1.255 area 4
R5(config-router)#net 10.1.2.2 0.0.0.0 area 4
8、由于Area 3没有跟Area 0直接相连,因此需要在R4和R7上创建虚链路
//虚链路参数为对端路由器Router ID
R4(config)#router ospf 10
R4(config-router)#area 2 virtual-link 7.7.7.7
R7(config)#router ospf 10
R7(config-router)#area 2 virtual-link 4.4.4.4
9、配置ripv2路由协议,由于rip不支持掩码表示法,因此需要依次宣告每个C类网段
R5(config)#router rip
R5(config-router)#version 2
R5(config-router)#no auto-summary
R5(config-router)#net 192.168.255.0
R6(config)#router rip
R6(config-router)#version 2
R6(config-router)#no auto-summary
R6(config-router)#net 192.168.0.0
R6(config-router)#net 192.168.1.0
R6(config-router)#net 192.168.2.0
R6(config-router)#net 192.168.3.0
R6(config-router)#net 192.168.4.0
R6(config-router)#net 192.168.5.0
R6(config-router)#net 192.168.6.0
R6(config-router)#net 192.168.7.0
R6(config-router)#net 192.168.8.0
R6(config-router)#net 192.168.9.0
R6(config-router)#net 192.168.10.0
R6(config-router)#net 192.168.11.0
R6(config-router)#net 192.168.255.0
10、在R5上将rip重分布进ospf,开销使用E1类型,此时R5为ASBR
R5(config)#router ospf 10
R5(config-router)#redistribute rip subnets metric-type 1
11、检查R2的路由表,应可以学到192.168.0.0/24网段
R2#sh ip ro
O E1 192.168.8.0/24 [110/148] via 172.17.1.2, 00:00:58, Serial1/2
O E1 192.168.9.0/24 [110/148] via 172.17.1.2, 00:00:58, Serial1/2
O E1 192.168.10.0/24 [110/148] via 172.17.1.2, 00:00:58, Serial1/2
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.1.0 is directly connected, Serial1/2
172.16.0.0/24 is subnetted, 4 subnets
O 172.16.0.0 [110/65] via 10.1.1.1, 00:10:09, Serial1/0
O 172.16.1.0 [110/65] via 10.1.1.1, 00:10:09, Serial1/0
O 172.16.2.0 [110/65] via 10.1.1.1, 00:10:12, Serial1/0
O 172.16.3.0 [110/65] via 10.1.1.1, 00:10:12, Serial1/0
172.19.0.0/24 is subnetted, 2 subnets
O IA 172.19.1.0 [110/129] via 172.17.1.2, 00:06:38, Serial1/2
O IA 172.19.0.0 [110/129] via 172.17.1.2, 00:06:38, Serial1/2
172.18.0.0/24 is subnetted, 2 subnets
O IA 172.18.0.0 [110/129] via 172.17.1.3, 00:06:41, Serial1/2
O IA 172.18.1.0 [110/129] via 172.17.1.3, 00:06:41, Serial1/2
172.20.0.0/24 is subnetted, 4 subnets
O IA 172.20.0.0 [110/193] via 172.17.1.3, 00:06:41, Serial1/2
O IA 172.20.1.0 [110/193] via 172.17.1.3, 00:06:41, Serial1/2
O IA 172.20.2.0 [110/193] via 172.17.1.3, 00:06:41, Serial1/2
O IA 172.20.3.0 [110/193] via 172.17.1.3, 00:06:41, Serial1/2
O E1 192.168.11.0/24 [110/148] via 172.17.1.2, 00:01:04, Serial1/2
O E1 192.168.4.0/24 [110/148] via 172.17.1.2, 00:01:04, Serial1/2
O E1 192.168.5.0/24 [110/148] via 172.17.1.2, 00:01:04, Serial1/2
10.0.0.0/24 is subnetted, 4 subnets
O IA 10.1.3.0 [110/128] via 172.17.1.3, 00:06:41, Serial1/2
O IA 10.1.2.0 [110/128] via 172.17.1.2, 00:06:41, Serial1/2
C 10.1.1.0 is directly connected, Serial1/0
O IA 10.1.4.0 [110/192] via 172.17.1.3, 00:06:41, Serial1/2
O E1 192.168.6.0/24 [110/148] via 172.17.1.2, 00:01:04, Serial1/2
O E1 192.168.7.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
O E1 192.168.255.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
O E1 192.168.0.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
O E1 192.168.1.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
O E1 192.168.2.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
O E1 192.168.3.0/24 [110/148] via 172.17.1.2, 00:01:07, Serial1/2
12、为了减小R1路由表的体积,将Area 1配置为Totally Stub区域,阻止LSA TYPE 3/4/5,并且自动宣告一条默认路由
R1(config)#router ospf 10
R1(config-router)#area 1 stub
//no-summary参数仅需要在ABR上配置
R2(config)#router ospf 10
R2(config-router)#area 1 stub no-summary
13、检查R1的路由表,只有直连网段及一条默认路由
R1(config-router)#do sh ip ro
172.16.0.0/24 is subnetted, 4 subnets
C 172.16.0.0 is directly connected, Loopback0
C 172.16.1.0 is directly connected, Loopback1
C 172.16.2.0 is directly connected, Loopback2
C 172.16.3.0 is directly connected, Loopback3
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial1/1
O*IA 0.0.0.0/0 [110/65] via 10.1.1.2, 00:00:26, Serial1/1
14、为了减小其他路由器的路由表体积,在R2上对Area 1进行区域路由汇总
R2(config)#router ospf 10
R2(config-router)#area 1 range 172.16.0.0 255.255.252.0
15、由于Area 4同样只有一条出口,并且Area 4还连接着外部AS,因此将Area 4配置为Totally NSSA区域
//参数只在7->5的ABR/ASBR上做,阻止LSA TYPE 3/4/5
R3(config)#router ospf 10
R3(config-router)#area 4 nssa no-redistribution no-summary
R5(config)#router ospf 10
R5(config-router)#area 4 nssa
16、在R5上对rip进行区域间路由汇总,减小其他路由器路由表体积
R5(config)#router ospf 10
R5(config-router)#summary-address 192.168.0.0 255.255.240.0
17、检查R5路由表,由于阻止了LSA TYPE 3/4/5,因此R5应只包含RIP路由条目、一条由R3产生的默认路由,以及配置路由汇总后自动产生的汇总路由
R5#sh ip ro
R 192.168.8.0/24 [120/1] via 192.168.255.2, 00:00:06, Serial1/1
R 192.168.9.0/24 [120/1] via 192.168.255.2, 00:00:06, Serial1/1
R 192.168.10.0/24 [120/1] via 192.168.255.2, 00:00:06, Serial1/1
172.19.0.0/24 is subnetted, 2 subnets
C 172.19.1.0 is directly connected, Loopback1
C 172.19.0.0 is directly connected, Loopback0
R 192.168.11.0/24 [120/1] via 192.168.255.2, 00:00:06, Serial1/1
R 192.168.4.0/24 [120/1] via 192.168.255.2, 00:00:06, Serial1/1
R 192.168.5.0/24 [120/1] via 192.168.255.2, 00:00:08, Serial1/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.2.0 is directly connected, Serial1/0
R 192.168.6.0/24 [120/1] via 192.168.255.2, 00:00:08, Serial1/1
R 192.168.7.0/24 [120/1] via 192.168.255.2, 00:00:08, Serial1/1
C 192.168.255.0/24 is directly connected, Serial1/1
R 192.168.0.0/24 [120/1] via 192.168.255.2, 00:00:10, Serial1/1
R 192.168.1.0/24 [120/1] via 192.168.255.2, 00:00:10, Serial1/1
R 192.168.2.0/24 [120/1] via 192.168.255.2, 00:00:10, Serial1/1
R 192.168.3.0/24 [120/1] via 192.168.255.2, 00:00:10, Serial1/1
O*IA 0.0.0.0/0 [110/65] via 10.1.2.1, 00:30:05, Serial1/0
O 192.168.0.0/20 is a summary, 00:18:58, Null0
18、同理,将Area 3配置为Totally Stub区域
R8(config)#router ospf 10
R8(config-router)#area 3 stub
R7(config)#router ospf 10
R7(config-router)#area 3 stub no-summary
19、检查R8路由表,结果类似R1
R8#sh ip ro
172.20.0.0/24 is subnetted, 4 subnets
C 172.20.0.0 is directly connected, Loopback0
C 172.20.1.0 is directly connected, Loopback1
C 172.20.2.0 is directly connected, Loopback2
C 172.20.3.0 is directly connected, Loopback3
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.4.0 is directly connected, Serial1/0
O*IA 0.0.0.0/0 [110/65] via 10.1.4.1, 00:03:29, Serial1/0
20、同理,在R7上对Area 3进行区域路由汇总
R7(config-router)#area 3 range 172.20.0.0 255.255.252.0
21、由于R5是ASBR,R3宣告的默认路由无法到达RIP区域,因此需要在R5上为rip指定默认路由
R5(config)#router rip
R5(config-router)#default-information originate
22、指定默认路由后查看R6路由表
R6#sh ip ro
C 192.168.8.0/24 is directly connected, Loopback8
C 192.168.9.0/24 is directly connected, Loopback9
C 192.168.10.0/24 is directly connected, Loopback10
C 192.168.11.0/24 is directly connected, Loopback11
C 192.168.4.0/24 is directly connected, Loopback4
C 192.168.5.0/24 is directly connected, Loopback5
C 192.168.6.0/24 is directly connected, Loopback6
C 192.168.7.0/24 is directly connected, Loopback7
C 192.168.255.0/24 is directly connected, Serial1/0
C 192.168.0.0/24 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, Loopback1
C 192.168.2.0/24 is directly connected, Loopback2
C 192.168.3.0/24 is directly connected, Loopback3
R* 0.0.0.0/0 [120/1] via 192.168.255.1, 00:00:09, Serial1/0
23、为Area 3配置接口明文认证,均在接口上配置
R7(config)#int s1/1
R7(config-if)#ip ospf authentication-key slyar
R7(config-if)#ip ospf authentication
R8(config)#int s1/0
R8(config-if)#ip ospf authentication-key slyar
R8(config-if)#ip ospf authentication
24、为Area 0实现区域认证,密码在接口上配置,认证在OSPF进程中启用
R2(config)#int s1/2
R2(config-if)#ip ospf message-digest-key 1 md5 slyar
R2(config-if)#router ospf 10
R2(config-router)#area 0 authentication message-digest
R3(config)#int s1/2
R3(config-if)#ip ospf message-digest-key 1 md5 slyar
R3(config-if)#router ospf 10
R3(config-router)#area 0 authentication message-digest
R4(config)#int s1/2
R4(config-if)#ip ospf message-digest-key 1 md5 slyar
R4(config-if)#router ospf 10
R4(config-router)#area 0 authentication message-digest
25、由于virtual-link属于Area 0,因此在配置了Area 0的区域认证时,虚链路两端的ABR上都要配置认证
//由于之前虚链路已经建立,此时在R4上查看虚链路是UP的,但只要在R7上用clear ip ospf process命令刷新一下OSPF进程,就可以观察到virtual-link由于认证不匹配而DOWN掉了
R7(config)#router ospf 10
R7(config-router)#area 0 authentication message-digest
26、最后查看R2的路由表,由于R5及R7直连的网段只有2个,因此不需要配置路由汇总
R2#sh ip ro
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.1.0 is directly connected, Serial1/2
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O 172.16.0.0/24 [110/65] via 10.1.1.1, 00:00:10, Serial1/0
O 172.16.0.0/22 is a summary, 00:00:10, Null0
O 172.16.1.0/24 [110/65] via 10.1.1.1, 00:00:10, Serial1/0
O 172.16.2.0/24 [110/65] via 10.1.1.1, 00:00:10, Serial1/0
O 172.16.3.0/24 [110/65] via 10.1.1.1, 00:00:10, Serial1/0
172.19.0.0/24 is subnetted, 2 subnets
O IA 172.19.1.0 [110/129] via 172.17.1.2, 00:00:13, Serial1/2
O IA 172.19.0.0 [110/129] via 172.17.1.2, 00:00:13, Serial1/2
172.18.0.0/24 is subnetted, 2 subnets
O IA 172.18.0.0 [110/129] via 172.17.1.3, 00:00:13, Serial1/2
O IA 172.18.1.0 [110/129] via 172.17.1.3, 00:00:15, Serial1/2
172.20.0.0/22 is subnetted, 1 subnets
O IA 172.20.0.0 [110/193] via 172.17.1.3, 00:00:15, Serial1/2
10.0.0.0/24 is subnetted, 4 subnets
O IA 10.1.3.0 [110/128] via 172.17.1.3, 00:00:15, Serial1/2
O IA 10.1.2.0 [110/128] via 172.17.1.2, 00:00:15, Serial1/2
C 10.1.1.0 is directly connected, Serial1/0
O IA 10.1.4.0 [110/192] via 172.17.1.3, 00:00:15, Serial1/2
O E1 192.168.255.0/24 [110/149] via 172.17.1.2, 00:00:15, Serial1/2
O E1 192.168.0.0/20 [110/149] via 172.17.1.2, 00:00:15, Serial1/2
转载请注明:Slyar Home » OSPF综合实验配置思路及过程
