CCNP ROUTE OSPF综合实验(详解版)
闲来无事~~发发之前自己做好的文档~~欢迎指错,请多多关照~CCNPROUTE OSPF综合实验(详解版)版本 V1.0密级 开放 内部 机密类型 讨论版 测试版 正式版修订记录
修订日期学员姓名版本号审核人修订说明
2013-9-3方春生1.0
实验环境:WEB-IOU 1.2.0实验镜像:i86bi_linux-adventerprisek9-15.2.15/i86bi_linuxl2-upk9-ms.15.01 实验拓扑
2 IP地址规划
路由器/交换机接口IP地址
R1Ethernet0/0172.8.146.1/24
Loopback01.1.1.1/32
R2Serial0/0172.8.23.2/24
Loopback02.2.2.2/32
R3Serial0/0172.8.35.3/24
Serial0/1172.8.23.3/24
Loopback03.3.3.3/32
R4Ethernet0/0172.8.146.4/24
Serial1/1172.8.100.4/24
Loopback04.4.4.4/32
R5Serial1/0 172.8.35.5/24
Serial1/1172.8.100.5/24
Loopback05.5.5.5/32
R6Ethernet0/0172.8.146.6/24
Serial1/1172.8.100.6/24
Loopback06.6.6.6/32
SWVlan111.11.11.11/24
3 实验需求1、要求按照下列标准配置一个OSPF网络。2、配置一个IP网络,实验逻辑图如图,IP地址由IP地址规划部分规定而定。3、路由协议采用OSPF,进程ID为2012 ,RID为loopback0地址。4、模拟帧中继环境,PVC如图所示(现网中由ISP提供商提供)。5、R4/R5/R6帧中继相连的三个站点链路OSPF网络类型配置成广播型,其中R5路由器做为永久性DR,且采用子接口方式。6、按照图示配置OSPF区域,其中R1/R4/R6之间的区域要配置成完全末梢区域。7、R2为新并入的站点,由于来不及布线施工而暂时并到R3这个站点上,所在区域为AREA 23,配置使得所有网络可达(采用ping测试)。8、OSPF内部的网络希望通过R5路由器访问Internet,配置R5使其能够满足需求,只考虑内部路由器上路由的实现。9、AREA 0基于安全的原因配置上MD5认证,密码:SPOTO10、 AREA 146中,配置R1为指定路由器,R4/R6之间保持two-way的邻居关系。11、 为了减少网络流量,将R1所在的区域汇总成主类网络通告出去。12、 由于R6与R5之间的PVC链路质量较好,适当配置使得R1优先选取R6访问自身区域除外的外部网络。13、 在AREA0以外的所有区域启用OSPF明文认证,密码:SPOTO 4 案例配置思路1)要求按照下列标准配置一个OSPF网络。 2)配置一个IP网络,实验逻辑图如图,IP地址由IP地址规划部分规定而定。 3)路由协议采用OSPF,进程ID为2012 ,RID为loopback0地址。 4)模拟帧中继环境,PVC如图所示(现网中由ISP提供商提供)。 5)R4/R5/R6帧中继相连的三个站点链路OSPF网络类型配置成广播型,其中R5路由器做为永久性DR,且采用子接口方式。R4/R5/R6为帧中继相连的三个站点链路:(R5在主接口模式下封装,其余位于子接口模式下配置)。Router(config-if)#encapsulationframe-relay //封装Router(config-if)#frame-relaymap ip 对端IP地址 DLCI号 broadcast //起静态映射Router(config-if)#noframe-relay inverse-arp //关闭反向ARP解析R5为永久性DR所以R5的s1/1优先级应该为最高,在R5的子接口地址下配上:R5(config-if)#ip ospf priority 255 //优先级设置为最高R4/R6的接口下配上:R4/R6(config-if)#ip ospf priority 0 //优先级设置为最低OSPF网络类型为:广播型。在R4/5/6的接口都配置上:R4/R5/R6(config-if)#ip ospf network broadcast //设置为广播模式检验R5是否为DR:R4#sho ip os neighbor Neighbor ID Pri State Dead Time Address Interface5.5.5.5 255FULL/DR 00:00:39 172.8.100.5 Serial1/11.1.1.1 255 FULL/DR 00:00:34 172.8.146.1 Ethernet0/06.6.6.6 0 2WAY/DROTHER 00:00:39 172.8.146.6 Ethernet0/0 6)按照图示配置OSPF区域,其中R1/R4/R6之间的区域要配置成完全末梢区域。分别在R1/R4/R6 的router ospf 2012进程下进行配置:Router(config-router)# area146 stub no-summary //绝对末节区域要加上 no-summary检查是否为完全末梢区域:R1#sho ip rouCodes: L - local, C -connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticroute, H - NHRP, l - LISP + - replicated route, % - next hopoverride Gateway of last resort is172.8.146.6 to network 0.0.0.0 O*IA0.0.0.0/0 via 172.8.146.6, 02:22:12,Ethernet0/0 via 172.8.146.4,02:22:12, Ethernet0/0 1.0.0.0/32 is subnetted, 1 subnetsC 1.1.1.1 is directly connected,Loopback0 172.8.0.0/16 is variably subnetted, 2subnets, 2 masksC 172.8.146.0/24 is directly connected,Ethernet0/0L 172.8.146.1/32 is directly connected,Ethernet0/0//只有几条直连路由,没有外部路由再看database:R1#sho ip os database OSPF Router with ID (1.1.1.1)(Process ID 2012) Router Link States (Area 146) Link ID ADV Router Age Seq# Checksum Link count1.1.1.1 1.1.1.1 572 0x80000009 0x009CD9 24.4.4.4 4.4.4.4 556 0x80000009 0x000E61 16.6.6.6 6.6.6.6 571 0x80000008 0x000363 1 Net Link States (Area 146) Link ID ADV Router Age Seq# Checksum172.8.146.1 1.1.1.1 572 0x80000007 0x009821 Summary Net Link States (Area146) Link ID ADV Router Age Seq# Checksum0.0.0.0 4.4.4.4 556 0x80000007 0x002DFA0.0.0.0 6.6.6.6 571 0x80000007 0x00F02F7)R2为新并入的站点,由于来不及布线施工而暂时并到R3这个站点上,所在区域为AREA 23,配置使得所有网络可达(采用ping测试)。要使所有网络可达,而AREA23又不靠着AREA0,所以需要做Virtual Link(虚链路)。R3/R5(config-router)#area 所在区域号 virtual-link 对端R-id 查看是否建立成功:数据库中会有DNA表示从虚链路中学习到R3#sho ip os database OSPF Router with ID (3.3.3.3)(Process ID 2012) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count3.3.3.3 3.3.3.3 629 0x80000008 0x00F5EC 14.4.4.4 4.4.4.4 2 (DNA) 0x80000006 0x00BDB3 25.5.5.5 5.5.5.5 1 (DNA) 0x800000050x001217 36.6.6.6 6.6.6.6 6 (DNA) 0x80000003 0x00A3B6 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum172.8.100.5 5.5.5.5 1 (DNA) 0x80000002 0x00685E Summary Net Link States (Area0) Link ID ADV Router Age Seq# Checksum1.1.1.1 4.4.4.4 2 (DNA) 0x80000004 0x004BCF 1.1.1.1 6.6.6.6 21 (DNA) 0x80000001 0x00C4592.2.2.2 3.3.3.3 629 0x80000007 0x00538E3.3.3.3 3.3.3.3 629 0x80000007 0x00A27B3.3.3.3 5.5.5.5 11 (DNA) 0x80000001 0x00F4E6172.8.23.0 3.3.3.3 629 0x80000007 0x00829C172.8.35.0 3.3.3.3 629 0x80000007 0x00FD15172.8.35.0 5.5.5.5 11 (DNA) 0x800000010x00CD43172.8.146.0 4.4.4.4 2 (DNA) 0x80000004 0x00FDDA172.8.146.0 6.6.6.6 56 (DNA) 0x80000001 0x007764 Summary ASB Link States (Area0) Link ID ADV Router Age Seq# Checksum5.5.5.5 3.3.3.3 629 0x80000007 0x00B025 Router Link States (Area 23) Link ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 676 0x80000008 0x000CC2 33.3.3.3 3.3.3.3 629 0x80000008 0x0013CE 2 Summary Net Link States (Area23) Link ID ADV Router Age Seq# Checksum1.1.1.1 3.3.3.3 629 0x80000007 0x00188B3.3.3.3 3.3.3.3 629 0x80000007 0x00A27B4.4.4.4 3.3.3.3 629 0x80000007 0x0079205.5.5.5 3.3.3.3 629 0x80000007 0x00C80D6.6.6.6 3.3.3.3 629 0x80000007 0x001D74172.8.35.0 3.3.3.3 629 0x80000007 0x00FD15172.8.100.0 3.3.3.3 629 0x80000007 0x00B2DE172.8.146.0 3.3.3.3 629 0x80000007 0x00CA96 Summary ASB Link States (Area23) Link ID ADV Router Age Seq# Checksum5.5.5.5 3.3.3.3 629 0x80000007 0x00B025 Router Link States (Area 35) Link ID ADV Router Age Seq# Checksum Link count3.3.3.3 3.3.3.3 629 0x8000000A 0x006634 35.5.5.5 5.5.5.5 639 0x80000008 0x006449 2 Summary Net Link States (Area35) Link ID ADV Router Age Seq# Checksum1.1.1.1 5.5.5.5 639 0x80000008 0x0057832.2.2.2 3.3.3.3 629 0x80000007 0x00538E4.4.4.4 5.5.5.5 639 0x80000007 0x00BA175.5.5.5 5.5.5.5 639 0x80000007 0x000A046.6.6.6 5.5.5.5 639 0x80000007 0x005E6B172.8.23.0 3.3.3.3 629 0x80000007 0x00829C172.8.100.0 5.5.5.5 639 0x80000007 0x00F3D5172.8.146.0 5.5.5.5 639 0x80000008 0x000A8E Summary ASB Link States (Area35) Link ID ADV Router Age Seq# Checksum5.5.5.5 3.3.3.3 629 0x80000007 0x00B025 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag0.0.0.0 5.5.5.5 639 0x80000007 0x008530 2012当虚链起来后,查看邻居表会出现OSPF_VL0接口,表示R2和R3的虚链路建立成功R3#sho ip osneighbor Neighbor ID PriState Dead Time Address Interface5.5.5.5 0FULL/- - 172.8.35.5 OSPF_VL02.2.2.2 0FULL/- 00:00:39 172.8.23.2 Serial0/15.5.5.5 0FULL/- 00:00:39 172.8.35.5 Serial0/0 8) OSPF内部的网络希望通过R5路由器访问Internet,配置R5使其能够满足需求,只考虑内部路由器上路由的实现。Nat地址转换,R5主接口可以不添加 ip nat inside,子接口一定要。在 Router(config-if)#ip nat outside //将端口E0/0划为外网口Router(config)#access-list 1permit any //匹配所有的网段Router(config)#ip nat insidesource list 1 interface ethernet1/0 overload //将通过ACL所匹配的网段地址转换成E0/0接口地址,再进行与外网通信Router(config)#ip route0.0.0.0 0.0.0.0 ethernet0/0 //去往外网的默认路由 9)AREA 0基于安全的原因配置上MD5认证,密码:SPOTOR4/R6在物理接口下配置,R5在子接口下配置:R3(config-if)#ip ospfauthentication message-digest R3(config-if)#ip ospfmessage-digest-key 0108 md5 spoto验证:R4#debug ip ospf adjOSPF adjacency debugging isonR4#debug ip ospf packet OSPF packet debugging is onR4#*Aug1 06:49:14.453: OSPF-2012 ADJ Se1/1: Send with youngest Key 108R4#*Aug1 06:49:17.334: OSPF-2012 PAK: rcv. v:2 t:1 l:52 rid:5.5.5.5 aid:0.0.0.0chk:0 aut:2 keyid:108 seq:0x51FA04E7 from Serial1/1R4#*Aug1 06:49:20.247: OSPF-2012 PAK: rcv. v:2 t:1 l:52 rid:1.1.1.1 aid:0.0.0.146chk:98E5 aut:1 auk: from Ethernet0/0R4#*Aug1 06:49:23.198: OSPF-2012 PAK: rcv. v:2 t:1 l:52 rid:6.6.6.6 aid:0.0.0.146chk:99E4 aut:1 auk: from Ethernet0/0*Aug1 06:49:23.495: OSPF-2012 ADJ Se1/1: Send with youngest Key 108 10) AREA 146中,配置R1为指定路由器,R4/R6之间保持two-way的邻居关系。R1为DR所以R1的E0/0优先级应该为最高,在R1的接口下配上:R1(config-if)#ip ospf priority 255 //优先级设置为最高R4/R6的接口下配上:R4/R6(config-if)#ip ospf priority 0 //优先级设置为最低检验是否为2way关系:R4#sho ip os neighbor Neighbor ID PriState Dead TimeAddress Interface5.5.5.5 255FULL/DR 00:00:36 172.8.100.5 Serial1/11.1.1.1 255FULL/DR 00:00:32 172.8.146.1 Ethernet0/06.6.6.6 02WAY/DROTHER 00:00:34 172.8.146.6 Ethernet0/0 11) 为了减少网络流量,将R1所在的区域汇总成主类网络通告出去。在R4/R6的进程下进行汇总:Router(config-router)#area146 range 172.8.146.0 255.255.255.0进行验证是否汇总成功:R5#sho ip route Codes: L - local, C -connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O -OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 -OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPFexternal type 2 i - IS-IS, su - IS-IS summary, L1 -IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidatedefault, U - per-user static route o - ODR, P - periodic downloaded staticroute, H - NHRP, l - LISP + - replicated route, % - next hopoverride Gateway of last resort is0.0.0.0 to network 0.0.0.0 S* 0.0.0.0/0 is directly connected,Ethernet0/0 1.0.0.0/32 is subnetted, 1 subnetsO IA 1.1.1.1 via 172.8.100.6,00:04:16, Serial1/1.1 2.0.0.0/32 is subnetted, 1 subnetsO IA 2.2.2.2 via 172.8.35.3,00:04:16, Serial1/0 3.0.0.0/32 is subnetted, 1 subnetsO 3.3.3.3 via 172.8.35.3,00:04:16, Serial1/0 4.0.0.0/32 is subnetted, 1 subnetsO 4.4.4.4 via 172.8.100.4,00:04:16, Serial1/1.1 5.0.0.0/32 is subnetted, 1 subnetsC 5.5.5.5 is directly connected,Loopback0 6.0.0.0/32 is subnetted, 1 subnetsO 6.6.6.6 via 172.8.100.6,00:04:16, Serial1/1.1 172.8.0.0/16 is variably subnetted, 8subnets, 2 masksO IA 172.8.23.0/24 via 172.8.35.3,00:04:16, Serial1/0C 172.8.35.0/24 is directly connected,Serial1/0L 172.8.35.5/32 is directly connected,Serial1/0C 172.8.88.0/24 is directly connected,Ethernet0/0L 172.8.88.8/32 is directly connected,Ethernet0/0C 172.8.100.0/24 is directly connected,Serial1/1.1L 172.8.100.5/32 is directly connected,Serial1/1.1O IA 172.8.146.0/24 via 172.8.100.6,00:04:16, Serial1/1.1 12) 由于R6与R5之间的PVC链路质量较好,适当配置使得R1优先选取R6访问自身区域除外的外部网络。使用:Router#show ip ospfborder-routers查看Cost值:R4#show ip ospfborder-routers OSPF Router with ID (4.4.4.4)(Process ID 2012) Base Topology (MTID 0) Internal Router RoutingTableCodes: i - Intra-area route,I - Inter-area route i 5.5.5.5 via172.8.100.5, Serial1/1, ABR/ASBR, Area 0, SPF 8i 6.6.6.6 via172.8.100.6, Serial1/1, ABR, Area 0, SPF 8i 6.6.6.6 via 172.8.146.6, Ethernet0/0,ABR, Area 146, SPF 7i 3.3.3.3 via172.8.100.5, Serial1/1, ABR, Area 0, SPF 8R6#show ip ospfborder-routers OSPF Router with ID (6.6.6.6)(Process ID 2012) Base Topology (MTID 0) Internal Router RoutingTableCodes: i - Intra-area route,I - Inter-area route i 4.4.4.4 via172.8.100.4, Serial1/1, ABR, Area 0, SPF 6i 4.4.4.4 via 172.8.146.4, Ethernet0/0,ABR, Area 146, SPF 6i 5.5.5.5 via172.8.100.5, Serial1/1, ABR/ASBR, Area 0, SPF 6i 3.3.3.3 via172.8.100.5, Serial1/1, ABR, Area 0, SPF 6修改R4/R6的cost值Router(config-if)# ip ospfcost 2再次查看Cost值:R6#show ip ospf border-routers OSPF Router with ID(6.6.6.6) (Process ID 2012) Base Topology(MTID 0) Internal Router Routing TableCodes: i - Intra-area route, I - Inter-area route i 4.4.4.4 via 172.8.100.4, Serial1/1, ABR, Area 0, SPF 6i 4.4.4.4 via172.8.146.4, Ethernet0/0, ABR, Area 146, SPF 6i 5.5.5.5 via 172.8.100.5, Serial1/1, ABR/ASBR, Area 0, SPF 6i 3.3.3.3 via 172.8.100.5, Serial1/1, ABR, Area 0, SPF 6在R1上检验:R1#traceroute 5.5.5.5Type escape sequence to abort.Tracing the route to 5.5.5.5VRF info: (vrf in name/id, vrf out name/id)1 172.8.146.6 3 msec 172.8.146.4 2 msec 172.8.146.6 0 msec2 172.8.100.5 29 msec 16 msec *13) 在AREA 0以外的所有区域启用OSPF明文认证,密码:SPOTO (虚链路对端认证)在端口下启用:Router(config-if)#ip ospf authenticationRouter(config-if)#ip ospf authentication-key spoto虚链路认证:Router(config-router)#area 区域号 virtual-link x.x.x.xauthentication Router(config-router)#area 区域号 virtual-link x.x.x.xauthentication-key spoto
Weseley-FangCS
Learning & Skateboard & The Network Engineer
新浪微博:http://weibo.com/expolde
新浪微博:http://blog.sina.com.cn/weseley
QQ:670690553
如有错误请多多指教~
学习!-woniu1--woniu1- 值得学习,有时间,学习一下,哈哈,请问使用什么软件拓扑拓画的好看些,visio画的怎么样不好看,。哈哈哈 人在旅途2013 发表于 2013-10-23 15:29
值得学习,有时间,学习一下,哈哈,请问使用什么软件拓扑拓画的好看些,visio画的怎么样不好看,。哈哈哈
我就是用visio
学习了,顶你-woniu1- -woniu2--woniu2--woniu2--woniu2--woniu2- -woniu1--woniu1--woniu1--woniu1--woniu1- 赞一个 学习了,顶你
页:
[1]