CCNP之OSPF实验案例
2011-10-29 13:23
453 查看
实验要求:
1、 总部和分部之间通过帧中继实现互访,协议要求采用OSPF。要求帧中继不能动态获取映射,也不能静态配置映射
2、 配置好OSPF协议,验证邻居建立
3、 确保整个内网全网可达
4、 确保骨干区域高安全性
5、 尽量减少网关路由表条目
6、 R1、R3、R9性能不足,尽量减少其路由条目
7、 确保总部和分部都只通过自己的ISP上网
8、 不能出现主机路由
实验拓扑:
实验步骤:
1、 帧中继的配置:
由于不能配置帧中继动态和静态映射,所以只能采用点对点子接口模式进行配置,在接口下声明自己的DLCI。其中R5的Route-ID是1.1.1.1,R6的Route-ID是2.2.2.2。由于是点对点连接
,所以不存在DR和BDR。
FR-SW:
FR-SW(config)#frame-relay switching
FR-SW(config)#int s0/0
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 102 int s0/1 201
FR-SW(config)#int s0/1
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 201 int s0/0 102
R5:
R5(config)#int s2/1
R5(config-if)#no shut
R5(config-if)#encapsulation frame-relay
R5(config)#int s2/1.1 point-to-point
R5(config-subif)#ip add 172.16.10.1 255.255.255.0
R5(config-subif)#frame-relay int-dlci 102
R5(config-subif)#no frame-relay inverse-arp
R6:
R6(config)#int s1/1
R6(config-if)#no shut
R6(config-if)#encapsulation frame-relay
R6(config-if)#ip add 172.16.10.2 255.255.255.0
R6(config-if)# frame-relay int-dlci 201
R6(config-if)#no frame-relay inverse-arp
测试帧中继连接情况:
FR-SW#show frame-relay rou
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 201 active
Serial0/1 201 Serial0/0 102 active
R6#show ip ospf int
Serial1/1.1 is up, line protocol is up
Internet Address 172.16.10.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:09
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 6
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
R5#show ip os nei detail
Neighbor 2.2.2.2, interface address 172.16.10.2
In the area 0 via interface Serial2/1.1
Neighbor priority is 0, State is FULL, 12 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:35
Neighbor is up for 00:35:14
Index 2/2, retransmission queue length 0, number of retransmission 3
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
2、全网启用 OSPF 协议(配置端口 IP 和环回口步骤省略)
R1:
R1(config)#router ospf 1
R1(config-router)#net 172.16.1.1 0.0.0.0 a 1
R1(config-router)#net 172.16.2.1 0.0.0.0 a 1
R1(config-router)#net 172.16.3.2 0.0.0.0 a 1
R1(config-router)#area 1 stub //配置区域 1 为末节路由
R2:
R2(config)#router ospf 1
R2(config-router)#net 172.16.3.1 0.0.0.0 a 1
R2(config-router)#net 172.16.8.2 0.0.0.0 a 0
R2(config-router)#area 1 stub
R3:
R3(config)#router ospf 1
R3(config-router)#net 172.16.4.1 0.0.0.0 a 2
R3(config-router)#net 172.16.5.1 0.0.0.0 a 2
R3(config-router)#net 172.16.6.2 0.0.0.0 a 2
R3(config-router)#area 2 stub //配置区域 2 为末节路由
R4:
R4(config)#router ospf 1
R4(config-router)#net 172.16.6.1 0.0.0.0 a 2
R4(config-router)#net 172.16.9.2 0.0.0.0 a 0
R4(config-router)#area 2 stub
R5:
R5(config)#router ospf 1
R5(config-router)#net 172.16.8.1 0.0.0.0 a 0
R5(config-router)#net 172.16.9.1 0.0.0.0 a 0
R5(config-router)#net 172.16.10.1 0.0.0.0 a 0
R5(config-router)#default-information originate //启用OSPF默认路由
R6:
R6(config)#router ospf 1
R6(config-router)#net 172.16.10.2 0.0.0.0 a 0
R6(config-router)#net 10.1.1.1 0.0.0.0 a 3
R6(config-router)#default-information originate //启用OSPF默认路由
R7:
R7(config)#router ospf 1
R7(config-router)#net 10.1.1.2 0.0.0.0 a 3
R7(config-router)#net 10.1.2.1 0.0.0.0 a 3
R7(config-router)#net 10.1.3.1 0.0.0.0 a 3
R8:
R8(config)#router ospf 1
R8(config-router)#net 10.1.3.2 0.0.0.0 a 3
R8(config-router)#net 10.1.4.1 0.0.0.0 a 4
R8(config-router)#area 4 stub //配置区域4为末节路由
R9:
R9(config)#router ospf 1
R9(config-router)#net 10.1.4.2 0.0.0.0 a 4
R9(config-router)#net 10.1.5.1 0.0.0.0 a 4
R9(config-router)#area 4 stub
因为不能出现主机路由,所以必须在每个环回口下配置OSPF点对点模式:
(config-if)#ip ospf network point-to-point
验证末节路由:
R1#show ip ospf
Area 1
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:08:53.436 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 8. Checksum Sum 0x048879
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R3#show ip ospf
Area 2
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:28:33.156 ago
SPF algorithm executed 4 times
Area ranges are
Number of LSA 8. Checksum Sum 0x04C421
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R5#show ip ospf
Area BACKBONE(0)
Number of interfaces in this area is 3
Area has no authentication
SPF algorithm last executed 00:46:27.944 ago
SPF algorithm executed 21 times
Area ranges are
Number of LSA 13. Checksum Sum 0x07169E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 4
Flood list length 0
R9#show ip ospf
Area 4
Number of interfaces in this area is 2
It is a stub area
Area has no authentication
SPF algorithm last executed 00:47:24.176 ago
SPF algorithm executed 16 times
Area ranges are
Number of LSA 8. Checksum Sum 0x041E9E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R7#show ip ospf
Area 3
Number of interfaces in this area is 3
This area has transit capability
Area has no authentication
SPF algorithm last executed 00:47:41.596 ago
SPF algorithm executed 12 times
Area ranges are
Number of LSA 14. Checksum Sum 0x0D84E8
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
3、启用OSPF区域汇总:
因为R1、R3、R9性能不足,以及为了减少网关的路由条目,所以有必要在每个区域的ABR上进行汇总。R2属于Area 0和Area 1的ABR,R4属于Area 0和Area 2的ABR,R6属于Area 0和Area 3的ABR,R8属于Area 3、Area 4以及Area 0(通过虚链路相连)的ABR。
R2(config-router)#area 1 range 172.16.0.0 255.255.252.0
R2(config-router)#area 0 range 172.16.8.0 255.255.252.0
R4(config-router)#area 2 range 172.16.4.0 255.255.252.0
R4(config-router)#area 0 range 172.16.8.0 255.255.252.0
R6(config-router)#area 3 range 10.1.0.0 255.255.252.0
R6(config-router)#area 0 range 172.16.8.0 255.255.252.0
R8(config-router)#area 3 range 10.1.0.0 255.255.252.0
R8(config-router)#area 4 range 10.1.4.0 255.255.254.0
R8(config-router)#area 0 range 172.16.8.0 255.255.252.0
查看末节路由表:
R1#show ip route os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0
O IA 172.16.4.0/22 [110/4] via 172.16.3.1, 00:44:53, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.3.1, 00:26:21, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.3.1, 00:23:28, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0
R3#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.6.1, 00:56:56, FastEthernet0/0
O IA 172.16.0.0/22 [110/4] via 172.16.6.1, 00:46:05, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.6.1, 00:27:43, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.6.1, 00:24:50, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.6.1, 01:07:33, FastEthernet0/0
R9#show ip route os
172.16.0.0/22 is subnetted, 3 subnets
O IA 172.16.8.0 [110/67] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.4.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.0.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA 10.1.0.0/22 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
查看网关路由表:
R5#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.4.0/22 [110/2] via 172.16.9.2, 00:25:35, FastEthernet1/0
O IA 172.16.0.0/22 [110/2] via 172.16.8.2, 00:25:35, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/65] via 172.16.10.2, 00:25:35, Serial2/1.1
O IA 10.1.4.0/23 [110/67] via 172.16.10.2, 00:25:35, Serial2/1.1
R6#show ip rou os
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.8.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O 172.16.8.0/22 is a summary, 00:26:07, Null0
O 172.16.9.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.4.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.0.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O 10.1.3.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.2.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.0.0/22 is a summary, 00:26:07, Null0
O IA 10.1.4.0/23 [110/3] via 10.1.1.2, 00:26:07, FastEthernet0/0
由于虚链路的影响,R6和R7无法学到Area 0的汇总路由,只能学到详细路由。
4、配置Area 4与Area 0的虚链路
由于Area 4与Area 0未直接相连,所以必须依靠虚链路来学习路由,在虚链路两端进行配置(R8的Route-ID设为10.10.10.10)。
R6(config-router)#area 3 virtual-link 10.10.10.10
R8(config-router)#area 3 virtual-link 2.2.2.2
配置虚链路MD5身份验证:
R6(config-router)#area 3 virtual-link 10.10.10.10 authentication message-digest message-digest-key 1 md5 cisco
R8(config-router)#area 3 virtual-link 2.2.2.2 authentication message-digest message-digest-key 1 md5 cisco
验证虚链路:
R6#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.10.10.10 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet0/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
R8#show ip ospf vir
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet1/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
5、配置OSPF的MD5身份验证
在每个启用了OSPF的路由器接口上配置一下命令:
ip ospf authentication message-digest
ip ospf message-digest-key (num) md5 (key-value)
6、在总部和分部网关上启用PAT
R5(config)#access-list 1 permit 172.16.0.0 0.0.15.255
R5(config)#ip nat inside source list 1 int s2/0 overload
R5(config)#ip route 0.0.0.0 0.0.0.0 s2/0
R5(config)#int s2/0
R5(config-if)#ip nat outside
在R5的f0/0、f1/0上配置
R5(config-if)#ip nat inside
查看外网ping通情况:
R5#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.1:4 172.16.3.2:4 210.1.1.1:4 210.1.1.1:4
icmp 200.1.1.1:1 172.16.6.2:1 210.1.1.1:1 210.1.1.1:1
R1#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
R3#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/194/260 ms
R6(config)#access-list 1 permit 10.1.0.0 0.0.7.255
R6(config)#ip nat inside source list 1 int s1/0 overload
R6(config)#ip route 0.0.0.0 0.0.0.0 s1/0
R6(config)#int s1/0
R6(config-if)#ip nat outside
在R6的f0/0上配置
R6(config-if)#ip nat inside
查看外网ping通情况:
R6#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 202.1.1.1:1 10.1.1.2:1 210.1.1.1:1 210.1.1.1:1
icmp 202.1.1.1:2 10.1.4.2:1 210.1.1.1:1 210.1.1.1:2
R7#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
R9#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
外网ping通成功!实验完成!
1、 总部和分部之间通过帧中继实现互访,协议要求采用OSPF。要求帧中继不能动态获取映射,也不能静态配置映射
2、 配置好OSPF协议,验证邻居建立
3、 确保整个内网全网可达
4、 确保骨干区域高安全性
5、 尽量减少网关路由表条目
6、 R1、R3、R9性能不足,尽量减少其路由条目
7、 确保总部和分部都只通过自己的ISP上网
8、 不能出现主机路由
实验拓扑:
实验步骤:
1、 帧中继的配置:
由于不能配置帧中继动态和静态映射,所以只能采用点对点子接口模式进行配置,在接口下声明自己的DLCI。其中R5的Route-ID是1.1.1.1,R6的Route-ID是2.2.2.2。由于是点对点连接
,所以不存在DR和BDR。
FR-SW:
FR-SW(config)#frame-relay switching
FR-SW(config)#int s0/0
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 102 int s0/1 201
FR-SW(config)#int s0/1
FR-SW(config)#no shut
FR-SW(config-if)#encapsulation frame-relay
FR-SW(config-if)#clock rate 64000
FR-SW(config-if)#frame-relay intf-type dce
FR-SW(config-if)#frame-relay route 201 int s0/0 102
R5:
R5(config)#int s2/1
R5(config-if)#no shut
R5(config-if)#encapsulation frame-relay
R5(config)#int s2/1.1 point-to-point
R5(config-subif)#ip add 172.16.10.1 255.255.255.0
R5(config-subif)#frame-relay int-dlci 102
R5(config-subif)#no frame-relay inverse-arp
R6:
R6(config)#int s1/1
R6(config-if)#no shut
R6(config-if)#encapsulation frame-relay
R6(config-if)#ip add 172.16.10.2 255.255.255.0
R6(config-if)# frame-relay int-dlci 201
R6(config-if)#no frame-relay inverse-arp
测试帧中继连接情况:
FR-SW#show frame-relay rou
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 201 active
Serial0/1 201 Serial0/0 102 active
R6#show ip ospf int
Serial1/1.1 is up, line protocol is up
Internet Address 172.16.10.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:09
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 6
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
R5#show ip os nei detail
Neighbor 2.2.2.2, interface address 172.16.10.2
In the area 0 via interface Serial2/1.1
Neighbor priority is 0, State is FULL, 12 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:35
Neighbor is up for 00:35:14
Index 2/2, retransmission queue length 0, number of retransmission 3
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
2、全网启用 OSPF 协议(配置端口 IP 和环回口步骤省略)
R1:
R1(config)#router ospf 1
R1(config-router)#net 172.16.1.1 0.0.0.0 a 1
R1(config-router)#net 172.16.2.1 0.0.0.0 a 1
R1(config-router)#net 172.16.3.2 0.0.0.0 a 1
R1(config-router)#area 1 stub //配置区域 1 为末节路由
R2:
R2(config)#router ospf 1
R2(config-router)#net 172.16.3.1 0.0.0.0 a 1
R2(config-router)#net 172.16.8.2 0.0.0.0 a 0
R2(config-router)#area 1 stub
R3:
R3(config)#router ospf 1
R3(config-router)#net 172.16.4.1 0.0.0.0 a 2
R3(config-router)#net 172.16.5.1 0.0.0.0 a 2
R3(config-router)#net 172.16.6.2 0.0.0.0 a 2
R3(config-router)#area 2 stub //配置区域 2 为末节路由
R4:
R4(config)#router ospf 1
R4(config-router)#net 172.16.6.1 0.0.0.0 a 2
R4(config-router)#net 172.16.9.2 0.0.0.0 a 0
R4(config-router)#area 2 stub
R5:
R5(config)#router ospf 1
R5(config-router)#net 172.16.8.1 0.0.0.0 a 0
R5(config-router)#net 172.16.9.1 0.0.0.0 a 0
R5(config-router)#net 172.16.10.1 0.0.0.0 a 0
R5(config-router)#default-information originate //启用OSPF默认路由
R6:
R6(config)#router ospf 1
R6(config-router)#net 172.16.10.2 0.0.0.0 a 0
R6(config-router)#net 10.1.1.1 0.0.0.0 a 3
R6(config-router)#default-information originate //启用OSPF默认路由
R7:
R7(config)#router ospf 1
R7(config-router)#net 10.1.1.2 0.0.0.0 a 3
R7(config-router)#net 10.1.2.1 0.0.0.0 a 3
R7(config-router)#net 10.1.3.1 0.0.0.0 a 3
R8:
R8(config)#router ospf 1
R8(config-router)#net 10.1.3.2 0.0.0.0 a 3
R8(config-router)#net 10.1.4.1 0.0.0.0 a 4
R8(config-router)#area 4 stub //配置区域4为末节路由
R9:
R9(config)#router ospf 1
R9(config-router)#net 10.1.4.2 0.0.0.0 a 4
R9(config-router)#net 10.1.5.1 0.0.0.0 a 4
R9(config-router)#area 4 stub
因为不能出现主机路由,所以必须在每个环回口下配置OSPF点对点模式:
(config-if)#ip ospf network point-to-point
验证末节路由:
R1#show ip ospf
Area 1
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:08:53.436 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 8. Checksum Sum 0x048879
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R3#show ip ospf
Area 2
Number of interfaces in this area is 3
It is a stub area
Area has no authentication
SPF algorithm last executed 01:28:33.156 ago
SPF algorithm executed 4 times
Area ranges are
Number of LSA 8. Checksum Sum 0x04C421
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R5#show ip ospf
Area BACKBONE(0)
Number of interfaces in this area is 3
Area has no authentication
SPF algorithm last executed 00:46:27.944 ago
SPF algorithm executed 21 times
Area ranges are
Number of LSA 13. Checksum Sum 0x07169E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 4
Flood list length 0
R9#show ip ospf
Area 4
Number of interfaces in this area is 2
It is a stub area
Area has no authentication
SPF algorithm last executed 00:47:24.176 ago
SPF algorithm executed 16 times
Area ranges are
Number of LSA 8. Checksum Sum 0x041E9E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R7#show ip ospf
Area 3
Number of interfaces in this area is 3
This area has transit capability
Area has no authentication
SPF algorithm last executed 00:47:41.596 ago
SPF algorithm executed 12 times
Area ranges are
Number of LSA 14. Checksum Sum 0x0D84E8
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
3、启用OSPF区域汇总:
因为R1、R3、R9性能不足,以及为了减少网关的路由条目,所以有必要在每个区域的ABR上进行汇总。R2属于Area 0和Area 1的ABR,R4属于Area 0和Area 2的ABR,R6属于Area 0和Area 3的ABR,R8属于Area 3、Area 4以及Area 0(通过虚链路相连)的ABR。
R2(config-router)#area 1 range 172.16.0.0 255.255.252.0
R2(config-router)#area 0 range 172.16.8.0 255.255.252.0
R4(config-router)#area 2 range 172.16.4.0 255.255.252.0
R4(config-router)#area 0 range 172.16.8.0 255.255.252.0
R6(config-router)#area 3 range 10.1.0.0 255.255.252.0
R6(config-router)#area 0 range 172.16.8.0 255.255.252.0
R8(config-router)#area 3 range 10.1.0.0 255.255.252.0
R8(config-router)#area 4 range 10.1.4.0 255.255.254.0
R8(config-router)#area 0 range 172.16.8.0 255.255.252.0
查看末节路由表:
R1#show ip route os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0
O IA 172.16.4.0/22 [110/4] via 172.16.3.1, 00:44:53, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.3.1, 00:26:21, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.3.1, 00:23:28, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.3.1, 00:47:12, FastEthernet0/0
R3#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.8.0/22 [110/2] via 172.16.6.1, 00:56:56, FastEthernet0/0
O IA 172.16.0.0/22 [110/4] via 172.16.6.1, 00:46:05, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/67] via 172.16.6.1, 00:27:43, FastEthernet0/0
O IA 10.1.4.0/23 [110/69] via 172.16.6.1, 00:24:50, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 172.16.6.1, 01:07:33, FastEthernet0/0
R9#show ip route os
172.16.0.0/22 is subnetted, 3 subnets
O IA 172.16.8.0 [110/67] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.4.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
O IA 172.16.0.0 [110/69] via 10.1.4.1, 00:25:23, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA 10.1.0.0/22 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.1.4.1, 00:25:29, FastEthernet0/0
查看网关路由表:
R5#show ip rou os
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA 172.16.4.0/22 [110/2] via 172.16.9.2, 00:25:35, FastEthernet1/0
O IA 172.16.0.0/22 [110/2] via 172.16.8.2, 00:25:35, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O IA 10.1.0.0/22 [110/65] via 172.16.10.2, 00:25:35, Serial2/1.1
O IA 10.1.4.0/23 [110/67] via 172.16.10.2, 00:25:35, Serial2/1.1
R6#show ip rou os
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O 172.16.8.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O 172.16.8.0/22 is a summary, 00:26:07, Null0
O 172.16.9.0/24 [110/65] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.4.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
O IA 172.16.0.0/22 [110/66] via 172.16.10.1, 00:26:07, Serial1/1.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O 10.1.3.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.2.0/24 [110/2] via 10.1.1.2, 00:26:07, FastEthernet0/0
O 10.1.0.0/22 is a summary, 00:26:07, Null0
O IA 10.1.4.0/23 [110/3] via 10.1.1.2, 00:26:07, FastEthernet0/0
由于虚链路的影响,R6和R7无法学到Area 0的汇总路由,只能学到详细路由。
4、配置Area 4与Area 0的虚链路
由于Area 4与Area 0未直接相连,所以必须依靠虚链路来学习路由,在虚链路两端进行配置(R8的Route-ID设为10.10.10.10)。
R6(config-router)#area 3 virtual-link 10.10.10.10
R8(config-router)#area 3 virtual-link 2.2.2.2
配置虚链路MD5身份验证:
R6(config-router)#area 3 virtual-link 10.10.10.10 authentication message-digest message-digest-key 1 md5 cisco
R8(config-router)#area 3 virtual-link 2.2.2.2 authentication message-digest message-digest-key 1 md5 cisco
验证虚链路:
R6#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.10.10.10 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet0/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
R8#show ip ospf vir
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface FastEthernet1/0, Cost of using 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
5、配置OSPF的MD5身份验证
在每个启用了OSPF的路由器接口上配置一下命令:
ip ospf authentication message-digest
ip ospf message-digest-key (num) md5 (key-value)
6、在总部和分部网关上启用PAT
R5(config)#access-list 1 permit 172.16.0.0 0.0.15.255
R5(config)#ip nat inside source list 1 int s2/0 overload
R5(config)#ip route 0.0.0.0 0.0.0.0 s2/0
R5(config)#int s2/0
R5(config-if)#ip nat outside
在R5的f0/0、f1/0上配置
R5(config-if)#ip nat inside
查看外网ping通情况:
R5#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.1:4 172.16.3.2:4 210.1.1.1:4 210.1.1.1:4
icmp 200.1.1.1:1 172.16.6.2:1 210.1.1.1:1 210.1.1.1:1
R1#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
R3#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/194/260 ms
R6(config)#access-list 1 permit 10.1.0.0 0.0.7.255
R6(config)#ip nat inside source list 1 int s1/0 overload
R6(config)#ip route 0.0.0.0 0.0.0.0 s1/0
R6(config)#int s1/0
R6(config-if)#ip nat outside
在R6的f0/0上配置
R6(config-if)#ip nat inside
查看外网ping通情况:
R6#show ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 202.1.1.1:1 10.1.1.2:1 210.1.1.1:1 210.1.1.1:1
icmp 202.1.1.1:2 10.1.4.2:1 210.1.1.1:1 210.1.1.1:2
R7#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
R9#PING 210.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/203/280 ms
外网ping通成功!实验完成!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- CCNP-双向重分布-OSPF&rip实验
- CCNP路由实验---13、基于帧中继环境下的OSPF实验之全互联广播
- CCNP之BGP实验案例
- CCNA视频:CCNP实验四:修改OSPF的本地管理距离
- CCNA视频:CCNP实验九:OSPF 帧中继实验系列2:BMA模式
- OSPF与NAT综合应用实验案例
- CCNP路由实验---14、基于帧中继环境下的OSPF实验之全互联非广播
- CCNA视频:CCNP实验五:修改OSPF各类型路由的管理距离
- CCNP之802.1x实验案例
- CCNA视频:CCNP实验六:修改OSPF特定邻居源的路由管理距离
- CCNA视频:CCNP实验七:修改OSPF特定路由条目的管理距离
- CCNA视频:CCNP实验八:OSPF 帧中继实验系列1:NBMA模式
- CCNP-BCSI-OSPF-LAB实验报告【一】
- CCNP-BCSI-OSPF-LAB实验报告【二】
- CCNP实验之---OSPF多区域配置
- CCNP路由实验---8、多区域的OSPF配置
- CCNP路由实验---10、OSPF非绝对末节区域的配置
- 经典HSRP实验(CCNP案例)