华为OSPF多区域、认证配置

此实验主要实现以下目的:

  • 了解OSPF多区域设计的优点

  • 理解OSPF多区域路由信息的交换方式

  • 掌握OSPF多区域配置命令

  • 掌握OSPF的认证配置方法

  • 掌握OSPF邻居无法建立的故障排除方法

拓扑图

  •         华为OSPF多区域、认证配置

  • 你是公司的网络管理员。现在公司的网络准备OSPF协议来进行路由信息的传递。为应对网络规模日益增大的问题,你决定使用OSPF的多区域模式来规划网络。此外为保证信息安全,你采用了OSPF的认证。在配置过程中你也了解了OSPF中各种了性LSA的作用。

  •  

  • 学习任务

  •          步骤一.基本配置:

  • [Huawei]sysnameR1

  • [R1]interfaces1/0/0

  • [R1-Serial1/0/0]ipadd 10.0.12.1 24

  • [R1-Serial1/0/0]descthis port connect to R2-S1/0/0

  • [R1-Serial1/0/0]interfacegi0/0/0

  • [R1-GigabitEthernet0/0/0]ipadd 10.0.13.1 24

  • [R1-GigabitEthernet0/0/0]

  • Jun 292014 16:29:10-05:13 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP o

  • n theinterface GigabitEthernet0/0/0 has entered the UP state.

  • [R1-GigabitEthernet0/0/0]descthis port connect to R3-Gi0/0/0

  • [R1-GigabitEthernet0/0/0]interfaceloopback0

  • [R1-LoopBack0]ipadd 10.0.1.1 24

  • [R1-LoopBack0]q

  • 其它路由器参照R1的配置进行配置。

  • 步骤二.OSPF多区域配置

  •          R1ABR10.0.12.0/24网段属于区域0,10.0.13.0/2410.0.1.0/24网段属于区域1.

  • [R1]ospf1 router-id 10.0.1.1

  • [R1-ospf-1]area0

  • [R1-ospf-1-area-0.0.0.0]network10.0.12.0 0.0.0.255

  • [R1-ospf-1-area-0.0.0.0]q

  • [R1-ospf-1]area1

  • [R1-ospf-1-area-0.0.0.1]network10.0.13.0 0.0.0.255

  • [R1-ospf-1-area-0.0.0.1]network10.0.1.0 0.0.0.255

  • [R1-ospf-1-area-0.0.0.1]

  • R2为骨干区域普通内部路由器,属于区域0.

  • [R2]ospf1 router-id 10.0.2.2

  • [R2-ospf-1]area0

  • [R2-ospf-1-area-0.0.0.0]network10.0.12.0 0.0.0.255

  • [R2-ospf-1-area-0.0.0.0]network10.0.2.0 0.0.0.255

  • R3ASBR10.0.13.0/2410.0.3.0/24两个网段属于区域1172.64.0.0/24网段不属于ospf路由域,不通告进OSPF进程。

  • [R3]ospf1 router-id 10.0.3.3

  • [R3-ospf-1]area1

  • [R3-ospf-1-area-0.0.0.1]network10.0.3.0 0.0.0.255

  • [R3-ospf-1-area-0.0.0.1]network10.0.13.0 0.0.0.255

  • 步骤三.OSPF路由验证

  •          查看R1R2R3的路由表,确认各路由器已学习到如下红色突出显示部分路由条目。

  • [R1]disip routing-table protocol ospf

  • RouteFlags: R - relay, D - download to fib

  • ------------------------------------------------------------------------------

  • Publicrouting table : OSPF

  •          Destinations : 2        Routes : 2       

  •  

  • OSPFrouting table status : <Active>

  •          Destinations : 2        Routes : 2

  •  

  • Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface

  •  

  •        10.0.2.2/32  OSPF   10   48         D   10.0.12.2       Serial1/0/0

  •        10.0.3.3/32  OSPF   10   1           D  10.0.13.3     GigabitEthernet0/0/0

  •  

  • OSPFrouting table status : <Inactive>

  •          Destinations : 0        Routes : 0

  •  

  • [R2]disip routing-table protocol ospf

  • RouteFlags: R - relay, D - download to fib

  • ------------------------------------------------------------------------------

  • Publicrouting table : OSPF

  •          Destinations : 3        Routes : 3       

  •  

  • OSPFrouting table status : <Active>

  •          Destinations : 3        Routes : 3

  •  

  • Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface

  •  

  •        10.0.1.1/32  OSPF   10   48          D  10.0.12.1       Serial1/0/0

  •        10.0.3.3/32  OSPF   10   49          D  10.0.12.1       Serial1/0/0

  •       10.0.13.0/24  OSPF   10   49          D  10.0.12.1       Serial1/0/0

  •  

  • OSPFrouting table status : <Inactive>

  •          Destinations : 0        Routes : 0

  •  

  • [R3]disip routing-table protocol ospf

  • RouteFlags: R - relay, D - download to fib

  • ------------------------------------------------------------------------------

  • Publicrouting table : OSPF

  •          Destinations : 3        Routes : 3       

  •  

  • OSPFrouting table status : <Active>

  •          Destinations : 3        Routes : 3

  •  

  • Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface

  •  

  •        10.0.1.1/32 OSPF    10   1          D   10.0.13.1       GigabitEthernet/0/0

  •        10.0.2.2/32  OSPF   10   49          D  10.0.13.1      GigabitEthernet0/0/0

  •       10.0.12.0/24  OSPF   10   49          D  10.0.13.1     GigabitEthernet0/0/0

  •  

  • OSPFrouting table status : <Inactive>

  •          Destinations : 0        Routes : 0

  • [R3]ping10.0.1.1

  •   PING 10.0.1.1: 56  data bytes, press CTRL_C to break

  •     Reply from 10.0.1.1: bytes=56 Sequence=1ttl=255 time=20 ms

  •     Reply from 10.0.1.1: bytes=56 Sequence=2ttl=255 time=10 ms

  •     Reply from 10.0.1.1: bytes=56 Sequence=3ttl=255 time=10 ms

  •     Reply from 10.0.1.1: bytes=56 Sequence=4ttl=255 time=10 ms

  •     Reply from 10.0.1.1: bytes=56 Sequence=5ttl=255 time=10 ms

  •  

  •   --- 10.0.1.1 ping statistics ---

  •     5 packet(s) transmitted

  •     5 packet(s) received

  •     0.00% packet loss

  •     round-trip min/avg/max = 10/12/20 ms

  •  

  • [R3]ping10.0.2.2

  •   PING 10.0.2.2: 56  data bytes, press CTRL_C to break

  •     Reply from 10.0.2.2: bytes=56 Sequence=1ttl=254 time=30 ms

  •     Reply from 10.0.2.2: bytes=56 Sequence=2ttl=254 time=20 ms

  •     Reply from 10.0.2.2: bytes=56 Sequence=3ttl=254 time=20 ms

  •     Reply from 10.0.2.2: bytes=56 Sequence=4ttl=254 time=10 ms

  •     Reply from 10.0.2.2: bytes=56 Sequence=5ttl=254 time=20 ms

  •  

  •   --- 10.0.2.2 ping statistics ---

  •     5 packet(s) transmitted

  •     5 packet(s) received

  •     0.00% packet loss

  • 查看OSPF邻居状态

  • [R1]displayospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.0          Serial1/0/0                      10.0.2.2         Full       

  •  0.0.0.1          GigabitEthernet0/0/0             10.0.3.3         Full       

  •  ----------------------------------------------------------------------------

  • [R1]

  • [R2]displayospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.2.2

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.0         Serial1/0/0                      10.0.1.1         Full       

  •  ----------------------------------------------------------------------------

  • [R2]

  •  

  • [R3]disospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.3.3

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.1          GigabitEthernet0/0/0             10.0.1.1         Full       

  •  ----------------------------------------------------------------------------

  • [R3]

  • 确认以上个路由器ospf进程和Router ID正确,且邻居关系全部达到full状态。

  • 步骤四.OSPF外部路由引入及验证

  •          R3上使inport-router命令引入直连外部路由。

  • [R3]ospf1

  • [R3-ospf-1]import-routedirect

  •          查看R1R2的路由表,确认已学到引入的路由10.0.3.0/24172.64.0.0/24.

  • [R1]disip routing-table protocol ospf

  • RouteFlags: R - relay, D - download to fib

  • ------------------------------------------------------------------------------

  • Publicrouting table : OSPF

  •          Destinations : 4        Routes : 4       

  •  

  • OSPFrouting table status : <Active>

  •          Destinations : 4        Routes : 4

  •  

  • Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface

  •  

  •        10.0.2.2/32  OSPF   10   48          D  10.0.12.2       Serial1/0/0

  •        10.0.3.0/24  O_ASE  150  1           D  10.0.13.3      GigabitEthernet0/0/0

  •        10.0.3.3/32  OSPF   10   1           D  10.0.13.3      GigabitEthernet0/0/0

  •      172.64.0.0/24 O_ASE   150  1          D   10.0.13.3      GigabitEthernet0/0/0

  •  

  • OSPFrouting table status : <Inactive>

  •          Destinations : 0        Routes : 0

  •  

  • [R2]disip routing-table protocol ospf

  • RouteFlags: R - relay, D - download to fib

  • ------------------------------------------------------------------------------

  • Publicrouting table : OSPF

  •          Destinations : 5        Routes : 5       

  •  

  • OSPFrouting table status : <Active>

  •          Destinations : 5        Routes : 5

  •  

  • Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface

  •  

  •        10.0.1.1/32  OSPF   10   48          D  10.0.12.1       Serial1/0/0

  •        10.0.3.0/24  O_ASE  150  1           D  10.0.12.1       Serial1/0/0

  •        10.0.3.3/32  OSPF   10   49          D  10.0.12.1       Serial1/0/0

  •       10.0.13.0/24  OSPF   10   49          D  10.0.12.1       Serial1/0/0

  •      172.64.0.0/24  O_ASE  150  1           D  10.0.12.1       Serial1/0/0

  •  

  • OSPFrouting table status : <Inactive>

  •          Destinations : 0        Routes : 0

  •  

  • 以上红色部分显示为引入的外部路由。Proto字段为O_ASE表示OSPF外部路由。

  • 使用带源参数的ping命令测试网络的连通性。

  • [R2]ping-a 10.0.2.2 10.0.3.3

  •   PING 10.0.3.3: 56  data bytes, press CTRL_C to break

  •     Reply from 10.0.3.3: bytes=56 Sequence=1ttl=254 time=30 ms

  •     Reply from 10.0.3.3: bytes=56 Sequence=2ttl=254 time=20 ms

  •     Reply from 10.0.3.3: bytes=56 Sequence=3ttl=254 time=20 ms

  •     Reply from 10.0.3.3: bytes=56 Sequence=4ttl=254 time=20 ms

  •     Reply from 10.0.3.3: bytes=56 Sequence=5ttl=254 time=30 ms

  •  

  •   --- 10.0.3.3 ping statistics ---

  •     5 packet(s) transmitted

  •     5 packet(s) received

  •     0.00% packet loss

  • round-trip min/avg/max = 20/24/30 ms

  •  

  • [R2]ping -a 10.0.2.2 172.64.0.1

  •   PING 172.64.0.1: 56  data bytes, press CTRL_C to break

  •     Reply from 172.64.0.1:bytes=56 Sequence=1 ttl=254 time=20 ms

  •     Reply from 172.64.0.1:bytes=56 Sequence=2 ttl=254 time=20 ms

  •     Reply from 172.64.0.1:bytes=56 Sequence=3 ttl=254 time=10 ms

  •     Reply from 172.64.0.1:bytes=56 Sequence=4 ttl=254 time=10 ms

  •     Reply from 172.64.0.1:bytes=56 Sequence=5 ttl=254 time=20 ms

  •  

  •   --- 172.64.0.1 pingstatistics ---

  •     5 packet(s) transmitted

  •     5 packet(s) received

  •     0.00% packet loss

  •     round-trip min/avg/max =10/16/20 ms

  • 使用displayospf lsdb命令查看R1的链路状态数据库。

  • [R1]dis ospf lsdb

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                     Link State Database

  •  

  •                             Area: 0.0.0.0

  •  Type      LinkState ID    AdvRouter          Age Len   Sequence   Metric

  •  Router    10.0.2.2        10.0.2.2           632 60    80000004      48

  •  Router    10.0.1.1        10.0.1.1           651 48    80000004      48

  •  Sum-Net   10.0.13.0       10.0.1.1           934 28    80000002       1

  •  Sum-Net   10.0.3.3        10.0.1.1           374 28    80000002       1

  •  Sum-Net   10.0.1.1        10.0.1.1           910 28    80000002       0

  •  Sum-Asbr  10.0.3.3        10.0.1.1          1196 28    80000001       1

  •  

  •                             Area: 0.0.0.1

  •  Type      LinkState ID    AdvRouter          Age Len   Sequence   Metric

  •  Router    10.0.3.3        10.0.3.3          1197 48    80000005       1

  •  Router    10.0.1.1        10.0.1.1           372 48    80000007       1

  •  Network   10.0.13.1      10.0.1.1           372  32   80000003       0

  •  Sum-Net   10.0.12.0       10.0.1.1           934 28    80000002      48

  •  Sum-Net   10.0.2.2        10.0.1.1           631 28    80000002      48

  •  

  •  

  •                     AS External Database

  •  Type      LinkState ID    AdvRouter          Age Len   Sequence   Metric

  •  External  10.0.3.0        10.0.3.3          1197 36    80000001       1

  •  External 10.0.13.0       10.0.3.3          1197 36    80000001       1

  •  External 172.64.0.0      10.0.3.3          1197  36   80000001       1

  • 以上显示的是整个链路状态数据库的简要信息。突出显示的内容为LSA Type4LSA Type5.

  • 也可以使用如下命显示某个条目的具体信息,以下三条命令分别显示了LSA Type345三种类型的LSA数据结构。

  • [R1]displ ospf lsdb summary 10.0.3.3

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                             Area: 0.0.0.0

  •                     Link State Database

  •  

  •  

  •   Type      : Sum-Net

  •   Ls id     : 10.0.3.3

  •   Adv rtr   : 10.0.1.1 

  •   Ls age    : 660

  •   Len       : 28

  •   Options   : E 

  •   seq#      : 80000002

  •   chksum    : 0x4af4

  •   Net mask  : 255.255.255.255

  •   Tos 0  metric: 1

  •   Priority  : Low

  •                             Area: 0.0.0.1

  •                     Link State Database

  •  

  • [R1]display ospf lsdb asbr

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                             Area: 0.0.0.0

  •                     Link State Database

  •  

  •  

  •   Type      : Sum-Asbr

  •   Ls id     : 10.0.3.3

  •   Adv rtr   : 10.0.1.1 

  •   Ls age    : 1562

  •   Len       : 28

  •   Options   : E 

  •   seq#      : 80000001

  •   chksum    : 0x3e01

  •   Tos 0  metric: 1

  •                             Area: 0.0.0.1

  •                     Link State Database

  •  

  • <R1>display ospf lsdb ase 172.64.0.0

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                     Link State Database

  •  

  •  

  •   Type      : External

  •   Ls id     : 172.64.0.0

  •   Adv rtr   : 10.0.3.3 

  •   Ls age    : 283

  •   Len       : 36

  •   Options   : E 

  •   seq#      : 80000001

  •   chksum    : 0xb51e

  •   Net mask  : 255.255.255.0

  •   TOS 0  Metric: 1

  •   E type    : 2

  •   Forwarding Address : 0.0.0.0

  •  Tag       : 1

  •  Priority  : Low

  • 步骤五.OSPF认证配置及验证

  •          R1接口S1/0/0配置为OSPF接口认证模式、明文、密码“Huawei”。

  • [R1]interface s1/0/0

  • [R1-Serial1/0/0]ospf auth        

  • [R1-Serial1/0/0]ospf authentication-mode simple plain huawei

  •  

  • [R1]display ospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.1          GigabitEthernet0/0/0             10.0.3.3         Full       

  •  ----------------------------------------------------------------------------

  • [R1]

  • 此时R1R2ospf认证方式不匹配,所以R1R2无法建立邻居。

  • R2接口S1/0/0配置为OSPF接口认证模式,明文,密码“Huawei”。

  • [R2]interface ser1/0/0

  • [R2-Serial1/0/0]ospf auth        

  • [R2-Serial1/0/0]ospf authentication-mode simple plain huawei

  • R1查看与R2的邻居状态。

  • [R1]display ospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.0          Serial1/0/0                      10.0.2.2         Full       

  •  0.0.0.1          GigabitEthernet0/0/0             10.0.3.3         Full       

  •  ----------------------------------------------------------------------------

  • [R1]

  • 此时R1、与R2之间认证方式和密码均匹配,所以R1R2重新建立了邻居关系。将R1的区域配置为OSPF区域认证模式,加密方式为MD5,密码问密文形式“Huawei”。

  • [R1]ospf 1

  • [R1-ospf-1]area 1

  • [R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher Huawei

  • R1上查看与R3的邻居状态。

  • [R1]display ospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.0          Serial1/0/0                      10.0.2.2         Full       

  •  ----------------------------------------------------------------------------

  • [R1]

  • 由于R1R3之间OSPF认证方式不匹配,此时R1R3无法建立邻居关系。

  • R3上区域1配置为OSPF区域认证模式,加密方式为MD5,密码为密文形式“Huawei”。

  • [R3]ospf

  • [R3-ospf-1]area 1

  • [R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei

  • R1上查看与R3的邻居状态。

  • [R1]display ospf peer brief

  •  

  •           OSPF Process 1 with Router ID 10.0.1.1

  •                      Peer Statistic Information

  •  ----------------------------------------------------------------------------

  •  Area Id          Interface                        Neighbor id      State   

  •  0.0.0.0          Serial1/0/0                      10.0.2.2         Full        

  •  0.0.0.1          GigabitEthernet0/0/0             10.0.3.3         Full       

  •  ----------------------------------------------------------------------------

  • 此时R1R3之间认证方式和密码均匹配,所以R1R3重新建立了邻居关系。



本文转自 zhuxtqw 51CTO博客,原文链接:http://blog.51cto.com/1054054/1434966,如需转载请自行联系原作者
上一篇:部署Ganglia监控Hadoop&Hbase


下一篇:BSCI—3:配置EIGRP-MD5认证