OSPF路由匯總及OSPF驗證實驗
1、OSPF基本配置
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#interface f0/0
R1(config-if)#ip add 200.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface loopback 0
R1(config-if)#ip add 192.168.12.1 255.255.255.0
R1(config-if)#interface loopback 1
R1(config-if)#ip add 192.168.13.1 255.255.255.0
R1(config-if)#ip add 192.168.14.1 255.255.255.0
R1(config-if)#interface loopback 3
R1(config-if)#ip add 192.168.15.1 255.255.255.0
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#network 200.1.1.0 0.0.0.255 area 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 1
R1(config-router)#network 192.168.14.0 0.0.0.255 area 1
R1(config-router)#network 192.168.15.0 0.0.0.255 area 1
R1(config-router)#
Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 200.1.1.2 255.255.255.0
R2(config)#interface FastEthernet0/1
R2(config-if)#ip address 200.1.2.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-R2)#network 200.1.1.0 0.0.0.255 area 1
R2(config-R2)#network 200.1.2.0 0.0.0.255 area 0
Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config)#interface FastEthernet0/0
R3(config-if)#ip address 200.1.2.2 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#
R3(config-if)#ip add 172.16.1.1 255.255.255.0
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-R3)#network 172.16.1.0 0.0.0.255 area 0
R3(config-R3)#network 200.1.2.0 0.0.0.255 area 0
R3(config-R3)#end
2、在R3 上查看路由條目
R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
-
- candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
- candidate default, U - per-user static route, o - ODR
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Loopback0
192.168.12.0/32 is subnetted, 1 subnets
O IA 192.168.12.1 [110/3] via 200.1.2.1, 00:04:53, FastEthernet0/0
192.168.13.0/32 is subnetted, 1 subnets
O IA 192.168.13.1 [110/3] via 200.1.2.1, 00:04:53, FastEthernet0/0
192.168.14.0/32 is subnetted, 1 subnets
O IA 192.168.14.1 [110/3] via 200.1.2.1, 00:04:53, FastEthernet0/0
192.168.15.0/32 is subnetted, 1 subnets
O IA 192.168.15.1 [110/3] via 200.1.2.1, 00:04:53, FastEthernet0/0
O IA 200.1.1.0/24 [110/2] via 200.1.2.1, 00:04:53, FastEthernet0/0
C 200.1.2.0/24 is directly connected, FastEthernet0/0
R3#
3、思考如何減少路由條目---方法進行路由匯總 (ABR)
可以看到區域間路由條目很多,具體子網路由是看到的,我們希望減少路由條目,提高路由查詢及轉發效率,就要把這些子網進行匯總,匯總成;一個超網 。
192.168.12.0
192.168.13.0
192.168.14.0
192.168.15.0
如何匯總成一個網絡?
192.168.00001100.0
192.168.00001101.0
192.168.00001110.0
192.168.00001111.0
匯總後的超網
192.168.12.0/22
4、在ABR上進行路由匯總
R2(config)#router os
R2(config)#router ospf 1
R2(config-router)#area 1 range 192.168.12.0 255.255.252.0
5、匯總後在R3上查看路由表,會看到匯總後的路由實驗即成功。
R3#show ip route
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Loopback0
O IA 192.168.12.0/22 [110/3] via 200.1.2.1, 00:00:05, FastEthernet0/0
O IA 200.1.1.0/24 [110/2] via 200.1.2.1, 00:17:36, FastEthernet0/0
C 200.1.2.0/24 is directly connected, FastEthernet0/0
R3#
OSPF驗證方式:
接口驗證和區域驗證
一 、接口驗證下的簡單密碼身份驗證
要求R1和R2之間的鏈路做OSPF接口明文驗證
R1>en
R1#conf t
R1(config)#in
R1(config)#interface f0/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key 666
R1(config-if)#end
R1#
R1#show ip ospf ne
R1#show ip ospf neighbor 鄰居關系不存在了
R1#show ip rou
R1#show ip route OSPF路由條目消失
C 192.168.12.0/24 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, Loopback1
C 192.168.14.0/24 is directly connected, Loopback2
C 192.168.15.0/24 is directly connected, Loopback3
C 200.1.1.0/24 is directly connected, FastEthernet0/0
R1#
在R2上做一樣的配置
R2>en
R2#conf t
R2(config)#interface f0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key 666
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
01:10:47: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.15.1 on FastEthernet0/0 from LOADING to FULL, Loading Done 驗證成功後的FULL狀態
Router(config)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
show ip osn
R2#show ip ospf neighbor 查看鄰居關系正常
Neighbor ID Pri State Dead Time Address Interface
192.168.15.1 1 FULL/BDR 00:00:33 200.1.1.1 FastEthernet0/0
172.16.1.1 1 FULL/BDR 00:00:39 200.1.2.2 FastEthernet0/1
R2#show ip ospf interface 查看接口屬性
FastEthernet0/0 is up, line protocol is up
Internet address is 200.1.1.2/24, Area 1
Process ID 1, Router ID 200.1.2.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 200.1.2.1, Interface address 200.1.1.2
Backup Designated Router (ID) 192.168.15.1, Interface address 200.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.15.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
二、接口驗證下的密文密碼身份驗證
要求R1和R2之間的鏈路做OSPF接口密文驗證
R1(config)#interface f0/0
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 888
R2(config)#interface f0/0
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 888
R2(config-if)#end
OSPF路由匯總及OSPF驗證實驗