华为OSPF多区域、认证配置

2022-06-19 05:42:20

此实验主要实现以下目的：

了解OSPF多区域设计的优点
理解OSPF多区域路由信息的交换方式
掌握OSPF多区域配置命令
掌握OSPF的认证配置方法
掌握OSPF邻居无法建立的故障排除方法

拓扑图

你是公司的网络管理员。现在公司的网络准备OSPF协议来进行路由信息的传递。为应对网络规模日益增大的问题，你决定使用OSPF的多区域模式来规划网络。此外为保证信息安全，你采用了OSPF的认证。在配置过程中你也了解了OSPF中各种了性LSA的作用。
学习任务
步骤一.基本配置：
[Huawei]sysnameR1
[R1]interfaces1/0/0
[R1-Serial1/0/0]ipadd 10.0.12.1 24
[R1-Serial1/0/0]descthis port connect to R2-S1/0/0
[R1-Serial1/0/0]interfacegi0/0/0
[R1-GigabitEthernet0/0/0]ipadd 10.0.13.1 24
[R1-GigabitEthernet0/0/0]
Jun 292014 16:29:10-05:13 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP o
n theinterface GigabitEthernet0/0/0 has entered the UP state.
[R1-GigabitEthernet0/0/0]descthis port connect to R3-Gi0/0/0
[R1-GigabitEthernet0/0/0]interfaceloopback0
[R1-LoopBack0]ipadd 10.0.1.1 24
[R1-LoopBack0]q
其它路由器参照R1的配置进行配置。
步骤二.OSPF多区域配置
R1为ABR，10.0.12.0/24网段属于区域0,10.0.13.0/24与10.0.1.0/24网段属于区域1.
[R1]ospf1 router-id 10.0.1.1
[R1-ospf-1]area0
[R1-ospf-1-area-0.0.0.0]network10.0.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]q
[R1-ospf-1]area1
[R1-ospf-1-area-0.0.0.1]network10.0.13.0 0.0.0.255
[R1-ospf-1-area-0.0.0.1]network10.0.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.1]
R2为骨干区域普通内部路由器，属于区域0.
[R2]ospf1 router-id 10.0.2.2
[R2-ospf-1]area0
[R2-ospf-1-area-0.0.0.0]network10.0.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network10.0.2.0 0.0.0.255
R3为ASBR，10.0.13.0/24和10.0.3.0/24两个网段属于区域1，172.64.0.0/24网段不属于ospf路由域，不通告进OSPF进程。
[R3]ospf1 router-id 10.0.3.3
[R3-ospf-1]area1
[R3-ospf-1-area-0.0.0.1]network10.0.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.1]network10.0.13.0 0.0.0.255
步骤三.OSPF路由验证
查看R1、R2、R3的路由表，确认各路由器已学习到如下红色突出显示部分路由条目。
[R1]disip routing-table protocol ospf
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
Publicrouting table : OSPF
Destinations : 2 Routes : 2
OSPFrouting table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.2/32 OSPF 10 48 D 10.0.12.2 Serial1/0/0
10.0.3.3/32 OSPF 10 1 D 10.0.13.3 GigabitEthernet0/0/0
OSPFrouting table status : <Inactive>
Destinations : 0 Routes : 0
[R2]disip routing-table protocol ospf
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
Publicrouting table : OSPF
Destinations : 3 Routes : 3
OSPFrouting table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 48 D 10.0.12.1 Serial1/0/0
10.0.3.3/32 OSPF 10 49 D 10.0.12.1 Serial1/0/0
10.0.13.0/24 OSPF 10 49 D 10.0.12.1 Serial1/0/0
OSPFrouting table status : <Inactive>
Destinations : 0 Routes : 0
[R3]disip routing-table protocol ospf
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
Publicrouting table : OSPF
Destinations : 3 Routes : 3
OSPFrouting table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1 D 10.0.13.1 GigabitEthernet/0/0
10.0.2.2/32 OSPF 10 49 D 10.0.13.1 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 49 D 10.0.13.1 GigabitEthernet0/0/0
OSPFrouting table status : <Inactive>
Destinations : 0 Routes : 0
[R3]ping10.0.1.1
PING 10.0.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.1.1: bytes=56 Sequence=1ttl=255 time=20 ms
Reply from 10.0.1.1: bytes=56 Sequence=2ttl=255 time=10 ms
Reply from 10.0.1.1: bytes=56 Sequence=3ttl=255 time=10 ms
Reply from 10.0.1.1: bytes=56 Sequence=4ttl=255 time=10 ms
Reply from 10.0.1.1: bytes=56 Sequence=5ttl=255 time=10 ms
--- 10.0.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/12/20 ms
[R3]ping10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1ttl=254 time=30 ms
Reply from 10.0.2.2: bytes=56 Sequence=2ttl=254 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=3ttl=254 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=4ttl=254 time=10 ms
Reply from 10.0.2.2: bytes=56 Sequence=5ttl=254 time=20 ms
--- 10.0.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
查看OSPF邻居状态
[R1]displayospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Serial1/0/0 10.0.2.2 Full
0.0.0.1 GigabitEthernet0/0/0 10.0.3.3 Full
----------------------------------------------------------------------------
[R1]
[R2]displayospf peer brief
OSPF Process 1 with Router ID 10.0.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Serial1/0/0 10.0.1.1 Full
----------------------------------------------------------------------------
[R2]
[R3]disospf peer brief
OSPF Process 1 with Router ID 10.0.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.1 GigabitEthernet0/0/0 10.0.1.1 Full
----------------------------------------------------------------------------
[R3]
确认以上个路由器ospf进程和Router ID正确，且邻居关系全部达到full状态。
步骤四.OSPF外部路由引入及验证
在R3上使inport-router命令引入直连外部路由。
[R3]ospf1
[R3-ospf-1]import-routedirect
查看R1和R2的路由表，确认已学到引入的路由10.0.3.0/24和172.64.0.0/24.
[R1]disip routing-table protocol ospf
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
Publicrouting table : OSPF
Destinations : 4 Routes : 4
OSPFrouting table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.2/32 OSPF 10 48 D 10.0.12.2 Serial1/0/0
10.0.3.0/24 O_ASE 150 1 D 10.0.13.3 GigabitEthernet0/0/0
10.0.3.3/32 OSPF 10 1 D 10.0.13.3 GigabitEthernet0/0/0
172.64.0.0/24 O_ASE 150 1 D 10.0.13.3 GigabitEthernet0/0/0
OSPFrouting table status : <Inactive>
Destinations : 0 Routes : 0
[R2]disip routing-table protocol ospf
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
Publicrouting table : OSPF
Destinations : 5 Routes : 5
OSPFrouting table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 48 D 10.0.12.1 Serial1/0/0
10.0.3.0/24 O_ASE 150 1 D 10.0.12.1 Serial1/0/0
10.0.3.3/32 OSPF 10 49 D 10.0.12.1 Serial1/0/0
10.0.13.0/24 OSPF 10 49 D 10.0.12.1 Serial1/0/0
172.64.0.0/24 O_ASE 150 1 D 10.0.12.1 Serial1/0/0
OSPFrouting table status : <Inactive>
Destinations : 0 Routes : 0
以上红色部分显示为引入的外部路由。Proto字段为O_ASE表示OSPF外部路由。
使用带源参数的ping命令测试网络的连通性。
[R2]ping-a 10.0.2.2 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1ttl=254 time=30 ms
Reply from 10.0.3.3: bytes=56 Sequence=2ttl=254 time=20 ms
Reply from 10.0.3.3: bytes=56 Sequence=3ttl=254 time=20 ms
Reply from 10.0.3.3: bytes=56 Sequence=4ttl=254 time=20 ms
Reply from 10.0.3.3: bytes=56 Sequence=5ttl=254 time=30 ms
--- 10.0.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
[R2]ping -a 10.0.2.2 172.64.0.1
PING 172.64.0.1: 56 data bytes, press CTRL_C to break
Reply from 172.64.0.1:bytes=56 Sequence=1 ttl=254 time=20 ms
Reply from 172.64.0.1:bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 172.64.0.1:bytes=56 Sequence=3 ttl=254 time=10 ms
Reply from 172.64.0.1:bytes=56 Sequence=4 ttl=254 time=10 ms
Reply from 172.64.0.1:bytes=56 Sequence=5 ttl=254 time=20 ms
--- 172.64.0.1 pingstatistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max =10/16/20 ms
使用displayospf lsdb命令查看R1的链路状态数据库。
[R1]dis ospf lsdb
OSPF Process 1 with Router ID 10.0.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.2.2 10.0.2.2 632 60 80000004 48
Router 10.0.1.1 10.0.1.1 651 48 80000004 48
Sum-Net 10.0.13.0 10.0.1.1 934 28 80000002 1
Sum-Net 10.0.3.3 10.0.1.1 374 28 80000002 1
Sum-Net 10.0.1.1 10.0.1.1 910 28 80000002 0
Sum-Asbr 10.0.3.3 10.0.1.1 1196 28 80000001 1
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.3.3 10.0.3.3 1197 48 80000005 1
Router 10.0.1.1 10.0.1.1 372 48 80000007 1
Network 10.0.13.1 10.0.1.1 372 32 80000003 0
Sum-Net 10.0.12.0 10.0.1.1 934 28 80000002 48
Sum-Net 10.0.2.2 10.0.1.1 631 28 80000002 48
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.0.3.0 10.0.3.3 1197 36 80000001 1
External 10.0.13.0 10.0.3.3 1197 36 80000001 1
External 172.64.0.0 10.0.3.3 1197 36 80000001 1
以上显示的是整个链路状态数据库的简要信息。突出显示的内容为LSA Type4和LSA Type5.
也可以使用如下命显示某个条目的具体信息，以下三条命令分别显示了LSA Type3、4、5三种类型的LSA数据结构。
[R1]displ ospf lsdb summary 10.0.3.3
OSPF Process 1 with Router ID 10.0.1.1
Area: 0.0.0.0
Link State Database
Type : Sum-Net
Ls id : 10.0.3.3
Adv rtr : 10.0.1.1
Ls age : 660
Len : 28
Options : E
seq# : 80000002
chksum : 0x4af4
Net mask : 255.255.255.255
Tos 0 metric: 1
Priority : Low
Area: 0.0.0.1
Link State Database
[R1]display ospf lsdb asbr
OSPF Process 1 with Router ID 10.0.1.1
Area: 0.0.0.0
Link State Database
Type : Sum-Asbr
Ls id : 10.0.3.3
Adv rtr : 10.0.1.1
Ls age : 1562
Len : 28
Options : E
seq# : 80000001
chksum : 0x3e01
Tos 0 metric: 1
Area: 0.0.0.1
Link State Database
<R1>display ospf lsdb ase 172.64.0.0
OSPF Process 1 with Router ID 10.0.1.1
Link State Database
Type : External
Ls id : 172.64.0.0
Adv rtr : 10.0.3.3
Ls age : 283
Len : 36
Options : E
seq# : 80000001
chksum : 0xb51e
Net mask : 255.255.255.0
TOS 0 Metric: 1
E type : 2
Forwarding Address : 0.0.0.0
Tag : 1
Priority : Low
步骤五.OSPF认证配置及验证
将R1接口S1/0/0配置为OSPF接口认证模式、明文、密码“Huawei”。
[R1]interface s1/0/0
[R1-Serial1/0/0]ospf auth
[R1-Serial1/0/0]ospf authentication-mode simple plain huawei
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.1 GigabitEthernet0/0/0 10.0.3.3 Full
----------------------------------------------------------------------------
[R1]
此时R1与R2的ospf认证方式不匹配，所以R1与R2无法建立邻居。
将R2接口S1/0/0配置为OSPF接口认证模式，明文，密码“Huawei”。
[R2]interface ser1/0/0
[R2-Serial1/0/0]ospf auth
[R2-Serial1/0/0]ospf authentication-mode simple plain huawei
在R1查看与R2的邻居状态。
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Serial1/0/0 10.0.2.2 Full
0.0.0.1 GigabitEthernet0/0/0 10.0.3.3 Full
----------------------------------------------------------------------------
[R1]
此时R1、与R2之间认证方式和密码均匹配，所以R1与R2重新建立了邻居关系。将R1的区域配置为OSPF区域认证模式，加密方式为MD5，密码问密文形式“Huawei”。
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher Huawei
在R1上查看与R3的邻居状态。
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Serial1/0/0 10.0.2.2 Full
----------------------------------------------------------------------------
[R1]
由于R1与R3之间OSPF认证方式不匹配，此时R1与R3无法建立邻居关系。
将R3上区域1配置为OSPF区域认证模式，加密方式为MD5，密码为密文形式“Huawei”。
[R3]ospf
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher huawei
在R1上查看与R3的邻居状态。
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Serial1/0/0 10.0.2.2 Full
0.0.0.1 GigabitEthernet0/0/0 10.0.3.3 Full
----------------------------------------------------------------------------
此时R1与R3之间认证方式和密码均匹配，所以R1与R3重新建立了邻居关系。

本文转自 zhuxtqw 51CTO博客，原文链接：http://blog.51cto.com/1054054/1434966，如需转载请自行联系原作者

码农公寓

相关文章