H3C OSPF综合实验

1、一：实验步骤：配置各台设备的ip地址测试直连的连通性配置OSPF路由协议和RIP路由协议配置虚链路查看全网连通性配置OSPF area 0 的认证和RIP的认证配置路由汇总，实现区域0中只有一条192网络的路由，且保证通讯。配置area 1为NSSA区域，保证area 1不出现 type 4和 type5 LSA。配置area 3为绝对末节区域，保证area 3不出现type 3和 type 4和type5 LSA配置包过滤防火墙，实现192网络的3网段用户不能够访问到area 0，其他网络均可以正常访问。且172网络0网段用户不能访问到area 0，area 1，area 2，area 3.

2、其他用户均可以访问。完成以上需求后，所有节点均能够访问到internet接口地址命令：wcg-RT1：interface GigabitEthernet0/0/0 ip address 10.1.14.1 255.255.255.0quitinterface GigabitEthernet0/0/1 ip address 10.1.16.2 255.255.255.0quitinterface LoopBack0 ip address 1.1.1.1 255.255.255.255wcg-RT2:interface GigabitEthernet0/0/0 ip address 10.1.23

3、.1 255.255.255.0quitinterface GigabitEthernet0/0/1 ip address 27.1.1.2 255.255.255.0quitinterface LoopBack0 ip address 2.2.2.2 255.255.255.255wcg-RT3:interface GigabitEthernet0/0/0 ip address 10.1.35.1 255.255.255.0quitinterface GigabitEthernet0/0/1 ip address 10.1.23.2 255.255.255.0quitinterface Gi

4、gabitEthernet0/0/2 ip address 10.1.34.2 255.255.255.0quitinterface LoopBack0 ip address 3.3.3.3 255.255.255.255wcg-RT4:interface GigabitEthernet0/0/0 ip address 10.1.45.1 255.255.255.0quitinterface GigabitEthernet0/0/1 ip address 10.1.14.2 255.255.255.0quitinterface GigabitEthernet0/0/2 ip address 1

5、0.1.34.1 255.255.255.0quitinterface LoopBack0 ip address 4.4.4.4 255.255.255.255wcg-RT5:interface GigabitEthernet0/0/0 ip address 202.112.1.1 255.255.255.240quitinterface GigabitEthernet0/0/1 ip address 10.1.45.2 255.255.255.0quitinterface GigabitEthernet0/0/2 ip address 10.1.35.2 255.255.255.0quiti

6、nterface LoopBack0 ip address 5.5.5.5 255.255.255.255quitinterface LoopBack10 ip address 172.16.5.100 255.255.255.255quitinterface LoopBack20 ip address 172.16.5.200 255.255.255.255wcg-RT6：interface GigabitEthernet0/0/0 ip address 10.1.16.1 255.255.255.0quitinterface LoopBack0 ip address 6.6.6.6 255

7、.255.255.255quitinterface LoopBack10 ip address 192.168.0.100 255.255.255.255quitinterface LoopBack20 ip address 192.168.1.100 255.255.255.255quitinterface LoopBack30 ip address 192.168.2.100 255.255.255.255quitinterface LoopBack40 ip address 192.168.3.100 255.255.255.255wcg-RT7：interface GigabitEth

8、ernet0/0/0 ip address 27.1.1.1 255.255.255.0quitinterface LoopBack0 ip address 7.7.7.7 255.255.255.255quitinterface LoopBack10 ip address 172.16.0.100 255.255.255.255quitinterface LoopBack20 ip address 172.16.1.100 255.255.255.255quitinterface LoopBack30 ip address 172.16.2.100 255.255.255.255quitin

9、terface LoopBack40 ip address 172.16.3.100 255.255.255.255wcg-RT8：interface GigabitEthernet0/0/1 ip address 202.112.1.14 255.255.255.240quitinterface LoopBack0 ip address 8.8.8.8 255.255.255.255测试直连接口的连通性-略OSPF配置命令wcg-RT1：ospf 1 router-id 1.1.1.1 area 0.0.0.2 network 10.1.14.1 0.0.0.0 network 1.1.1.

10、1 0.0.0.0quit area 0.0.0.3 network 10.1.16.2 0.0.0.0wcg-RT2:ospf 1 router-id 2.2.2.2 area 0.0.0.1 network 2.2.2.2 0.0.0.0 network 10.1.23.1 0.0.0.0quit wcg-RT3:ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.1.34.2 0.0.0.0 network 10.1.35.1 0.0.0.0quit area 0.0.0.1 network 10.1.23.2 0.0.0.0 network

11、 3.3.3.3 0.0.0.0quitwcg-RT4:ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.1.34.1 0.0.0.0 network 10.1.45.1 0.0.0.0quit area 0.0.0.2 network 10.1.14.2 0.0.0.0 network 4.4.4.4 0.0.0.0quitwcg-RT5:ospf 1 router-id 5.5.5.5 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 10.1.45.2 0.0.0.0 network 10.1.35.

12、2 0.0.0.0 network 172.16.5.0 0.0.0.255quitwcg-RT6:ospf 1 router-id 6.6.6.6 area 0.0.0.3 network 10.1.16.1 0.0.0.0 network 192.168.0.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255quit虚链路的配置命令wcg-RT1： ospf 1 area 0.0.0.2 vlink-peer 4.4.4.4 wcg-RT4

13、： ospf 1 area 0.0.0.2 vlink-peer 1.1.1.1 RIP协议配置命令wcg-RT2：rip 1 undo summary version 2 network 27.0.0.0RT7：wcg-rip 1 undo summary version 2 network 27.0.0.0 network 172.16.0.0路由的引入wcg-RT2：ospf 1 import-route rip 1 type 1quitwcg-rip 1 import-route ospf 1quit查看全网的路由,只许看wcg-RT5和wcg-RT2就行。dis ip routing

14、-table 用ping命令测试连通性NAT地址转换wcg-RT5: ip route-static 0.0.0.0 0.0.0.0 202.112.1.14acl number 2000 rule 0 permitquitinterface GigabitEthernet0/0/0 nat outbound 2000quitospf 1 default-route-advertise type 1用ping命令测试网络能去往Internet4.骨干区域为了协议安全要求启用OSPF认证,R2和R7之间要求保证rip协议安全OSPF的骨干区域认证命令wcg-RT5：ospf 1 area 0.0

15、.0.0 authentication-mode simplequitquitinterface GigabitEthernet0/0/1 ospf authentication-mode simple plain helloquitinterface GigabitEthernet0/0/2 ospf authentication-mode simple plain hellowcg-RT4:ospf 1 area 0.0.0.0 authentication-mode simplequitquitinterface GigabitEthernet0/0/0 ospf authenticat

16、ion-mode simple plain helloquitinterface GigabitEthernet0/0/2 ospf authentication-mode simple plain helloquitwcg-RT3:ospf 1 area 0.0.0.0 authentication-mode simplequitquitinterface GigabitEthernet0/0/0 ospf authentication-mode simple plain helloquitinterface GigabitEthernet0/0/2 ospf authentication-

17、mode simple plain hello区域 0 开启认证 虚链路必须开启认证wcg-RT4：ospf 1 area 0.0.0.2 vlink-peer 1.1.1.1 simple plain helloquitwcg-RT1：ospf 1 area 0.0.0.0 authentication-mode simplequit area 0.0.0.2 vlink-peer 4.4.4.4 simple plain helloquitwcg-RIP协议的认证RT2：interface GigabitEthernet0/0/1 rip authentication-mode simpl

18、e helloquitwcg-RT7:interface GigabitEthernet0/0/0 rip authentication-mode simple helloquit骨干区域要求只能出现一条192网络的路由，并且保证192网络下每个节点正常通讯wcg-RT1:ospf 1 area 0.0.0.3 abr-summary 192.168.0.0 255.255.252.0quit查看wcg-RT5的路由表，观察实验结果。区域1中要求不能存在 OSPF type 4和 type5 LSAwcg-RT2:ospf 1 area 0.0.0.1 nssaquitwcg-RT3:ospf

19、 1 area 0.0.0.1 nssa default-route-advertisequit在wcg-RT2上查看OSPF的LSDB 区域3中要求不能存在 OSPF type 3和 type 4和type5 LSAwcg-RT1:ospf 1 area 0.0.0.3 stub no-summaryquitwcg-RT6:ospf 1 area 0.0.0.3 stub no-summaryquit在wcg-RT6上查看OSPF的LSDB7.要求area 0中只能出现一条192网络的路由信息，并且R6下除192网络的3网段用户不能够访问到area 0中，其他网络均可以正常访问到area0 及其他区域wcg-RT6： firewall enableacl number 3000 rule deny ip source 192.168.3.0 0.0.0.255 destination 10.1.34.0 0.0.0.255 rule deny ip source 192.168.3.0 0.0.0.255 destination 1