华为HCIP实验--OSPF单区域

 场景:你是公司的网络管理员。现在公司的网络中有三台ARG3路由器,通过以太网实现相互的连通。在以太网这样的广播式多路访问网络上,可能存在安全隐患,所有你选择采用OSPF区域认证的方法来避免恶意的路由攻击。在部署网络的过程中,出现了网络连通性的问题,你通过使用displaydebug命令进行了故障排除。 

拓扑图:

第一步:配置好各个设备的IP地址,以及LOOPBACK 环回口的IP 用于测试

R1路由器配置
system-view
Enter system view, return user view with Ctrl+Z.

[HUAWEI]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.31.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 10.0.1.1 24
[R1-LoopBack0]quit
R2路由器配置
system-view
Enter system view, return user view with Ctrl+Z.

[HUAWEI]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.31.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 24
[R2-LoopBack0]quit
R3路由器配置
system-view
Enter system view, return user view with Ctrl+Z.

[HUAWEI]sysname R3
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.31.3 24
[R3-GigabitEthernet0/0/0]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.0.3.3 24
[R3-LoopBack0]quit

检查各个路由之间的通断

第二步:配置OSPF

R1路由器配置
[R1-ospf-1]ospf 1 router-id 10.1.1.1
Info: The configuration succeeded. You need to restart the OSPF process to valid
ate the new router ID.
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.31.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]authentication-mode simple plain huawei
[R1-ospf-1-area-0.0.0.0]quit
R2路由器配置
[R2-ospf-1]ospf 1 router-id 10.2.2.2
Info: The configuration succeeded. You need to restart the OSPF process to valid
ate the new router ID.
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.31.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]authentication-mode simple plain huawei
[R2-ospf-1-area-0.0.0.0]quit
R3路由器配置
[R3-ospf-1]ospf 1 router-id 10.3.3.3
Info: The configuration succeeded. You need to restart the OSPF process to valid
ate the new router ID.
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.31.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]authentication-mode simple plain huawei
[R3-ospf-1-area-0.0.0.0]quit
查看路由器的OSPF状况:

R1路由器配置

display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.0.1.0/24  Direct  0    0           D   10.0.1.1        LoopBack0
       10.0.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
     10.0.1.255/32  Direct  0    0           D   127.0.0.1       LoopBack0
       10.0.2.2/32  OSPF    10   1           D   192.168.31.2    GigabitEthernet0/0/0
       10.0.3.3/32  OSPF    10   1           D   192.168.31.3    GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.31.0/24  Direct  0    0           D   192.168.31.1    GigabitEthernet0/0/0
   192.168.31.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
 192.168.31.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

R2路由器配置

dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.0.1.1/32  OSPF    10   1           D   192.168.31.1    GigabitEthernet0/0/0
       10.0.2.0/24  Direct  0    0           D   10.0.2.2        LoopBack0
       10.0.2.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
     10.0.2.255/32  Direct  0    0           D   127.0.0.1       LoopBack0
       10.0.3.3/32  OSPF    10   1           D   192.168.31.3    GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.31.0/24  Direct  0    0           D   192.168.31.2    GigabitEthernet0/0/0
   192.168.31.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
 192.168.31.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

R3路由器配置

dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.0.1.1/32  OSPF    10   1           D   192.168.31.1    GigabitEthernet0/0/0
       10.0.2.2/32  OSPF    10   1           D   192.168.31.2    GigabitEthernet0/0/0
       10.0.3.0/24  Direct  0    0           D   10.0.3.3        LoopBack0
       10.0.3.3/32  Direct  0    0           D   127.0.0.1       LoopBack0
     10.0.3.255/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
   192.168.31.0/24  Direct  0    0           D   192.168.31.3    GigabitEthernet0/0/0
   192.168.31.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
 192.168.31.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1

注意:OSPF的状态的重置命令: reset ospf process

 步骤三:查看OSPF的建立过程

 

 步骤四. 配置 OSPF 中 Loopback 接口的网络类型 

[R1]interface LoopBack 0
[R1-LoopBack0]ospf network-type broadcast

 步骤五. 修改接口的 OSPF 代价值 

目前的开销值是1

 修改R1的G0/0/0接口代价值为20,修改R3的G0/0/0接口代价值为10。

[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ospf cost 20
[R1-GigabitEthernet0/0/0]quit

[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ospf cost 10
[R3-GigabitEthernet0/0/0]quit


重新查看R1到达R3的Loopback0接口路由的代价值,可以看到,开销值变化为设定的值

 步骤六. 配置 OSPF 的 Silent-interface 

       静默接口:是被silent的接口依然可以接受别人发来的更新。即该端口不开启OSPF进程,只是将网段宣告,该端口不收发hello包

       配置命令: silent-interface GigabitEthernet 0/0/0 

       不做演示

最后所有的配置:

display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
interface GigabitEthernet0/0/0
ip address 10.0.123.1 255.255.255.0
ospf cost 20
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
#
ospf 1 router-id 10.0.1.1
silent-interface LoopBack0
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.1.1 0.0.0.0
network 10.0.123.1 0.0.0.0
#
return
display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
interface GigabitEthernet0/0/0
ip address 10.0.123.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
silent-interface LoopBack0
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.2.2 0.0.0.0
network 10.0.123.2 0.0.0.0
#
return
display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
interface GigabitEthernet0/0/0
ip address 10.0.123.3 255.255.255.0
ospf cost 10
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
#
ospf 1 router-id 10.0.3.3
silent-interface LoopBack0
area 0.0.0.0
authentication-mode simple plain huawei
network 10.0.3.3 0.0.0.0
network 10.0.123.3 0.0.0.0
#
return
HCIP实验HCIP

相关

HCIP-security-IPSec虚拟专用网络主备链路2(隧道化)

HCIP-Security1.1多出口选路3(智能选路之全局与策略路由)

HCIP-路由策略

标签