OSPF综合实验

一. 实验要求

1.R4为ISP，其上只能配置IP地址；R4与其他所有直连设备间使用公有IP；
2.R3…R5/6/7为MGRE环境，R3为中心站点；
3.整个OSPF环境IP地址为172.16.0.0/16；
4.所有设备均可访问R4的环回；
5.减少LSA的更新值，加快收敛，保障更新安全；
6.全网可达；

二. 实验拓扑

三. 实验步骤

1.IP配置

172.16.32.0/19 -区域0
172.16.32.0/21 -tunnel
172.16.40.0/21 -R5环回
172.16.48.0/21 -R6环回
172.16.56.0/21 -R7环回
172.16.64.0/19 -区域1
172.16.64.0/21 -R1/2/3-SW
172.16.72.0/21 -R1环回
172.16.80.0/21 -R2环回
172.16.88.0/21 -R3环回
172.16.96.0/19 -区域2
172.16.96.0/21 -R6-R11
172.16.104.0/21 -R11-R12
172.16.112.0/21 -R11环回
172.16.120.0/21
172.16.128.0/19 -区域3
172.16.128.0/21 -R7-R8
172.16.136.0/21 -R8-R9
172.16.144.0/21 -R8环回
172.16.152.0/21
172.16.160.0/19 -区域4
172.16.160.0/21 -R9-R10
172.16.168.0/21 -R9环回
172.16.176.0/21 -R10环回
172.16.184.0/21
172.16.192.0/19 -rip
172.16.192.0/20
172.16.208.0/20

2.MGRE环境配置（R3为中心站点）

R3:
		interface Tunnel0/0/0
		 ip address 172.16.32.1 255.255.248.0 
		 tunnel-protocol gre p2mp
		 source 34.1.1.1
		 nhrp entry multicast dynamic
		 nhrp network-id 100

R5:
		interface Tunnel0/0/0
		 ip address 172.16.32.2 255.255.248.0 
		 tunnel-protocol gre p2mp
		 source 45.1.1.1
		 nhrp network-id 100
		 nhrp entry 172.16.32.1 34.1.1.1 register

R6:
		interface Tunnel0/0/0
		 ip address 172.16.32.3 255.255.248.0 
		 tunnel-protocol gre p2mp
		 source 46.1.1.1
		 nhrp network-id 100
		 nhrp entry 172.16.32.1 34.1.1.1 register

R7:
		interface Tunnel0/0/0
		 ip address 172.16.32.4 255.255.248.0 
		 tunnel-protocol gre p2mp
		 source 47.1.1.1
		 nhrp network-id 100
		 nhrp entry 172.16.32.1 34.1.1.1 register

3. OSPF配置

R1:
		ospf 1 router-id 1.1.1.1 
		 area 0.0.0.1 
		  network 172.16.0.0 0.0.255.255 

R2:
		ospf 1 router-id 2.2.2.2 
		 area 0.0.0.1 
		  network 172.16.0.0 0.0.255.255 

R3:
		ospf 1 router-id 3.3.3.3 
		 area 0.0.0.0 
		  network 172.16.32.1 0.0.0.0 
		 area 0.0.0.1 
		  network 172.16.64.3 0.0.0.0 
		  network 172.16.88.1 0.0.0.0 

R5:
		ospf 1 router-id 5.5.5.5 
		 area 0.0.0.0 
		  network 172.16.0.0 0.0.255.255 

R6:
		ospf 1 router-id 6.6.6.6 
		 area 0.0.0.0 
		  network 172.16.32.3 0.0.0.0 
		  network 172.16.48.1 0.0.0.0 
		 area 0.0.0.2 
		  network 172.16.96.1 0.0.0.0

R7:
		ospf 1 router-id 7.7.7.7 
		 area 0.0.0.0 
		  network 172.16.32.4 0.0.0.0 
		  network 172.16.56.1 0.0.0.0 
		 area 0.0.0.3 
		  network 172.16.128.1 0.0.0.0 

R8:
		ospf 1 router-id 8.8.8.8 
		 area 0.0.0.3 
		  network 172.16.0.0 0.0.255.255 

R9:
		ospf 1 router-id 9.9.9.9 
		 import-route ospf 2
		 area 0.0.0.3 
		  network 172.16.136.2 0.0.0.0 
		ospf 2 router-id 9.9.9.9 
		 import-route ospf 1
		 area 0.0.0.4 
		  network 172.16.160.1 0.0.0.0 
		  network 172.16.168.1 0.0.0.0 

R10:
		ospf 2 router-id 10.10.10.10 
		 area 0.0.0.4 
		  network 172.16.0.0 0.0.255.255 

R11:
		ospf 1 router-id 11.11.11.11 
		 area 0.0.0.2 
		  network 172.16.0.0 0.0.255.255 

R12:
		ospf 1 router-id 12.12.12.12 
		 import-route rip 1
		 area 0.0.0.2 
		  network 172.16.104.2 0.0.0.0 

4.不规则区域a4

注意：a4是一个远离骨干区域的非骨干区域 是一个不规则区域
这里采用OSPF多进程重发布的方式解决重发布问题

R9:
		ospf 1 router-id 9.9.9.9 
		 import-route ospf 2
		 area 0.0.0.3 
		  network 172.16.136.2 0.0.0.0 
		ospf 2 router-id 9.9.9.9 
		 asbr-summary 172.16.160.0 255.255.224.0
		 import-route ospf 1
		 area 0.0.0.4 
		  network 172.16.160.1 0.0.0.0 
		  network 172.16.168.1 0.0.0.0 

R10:
		ospf 2 router-id 10.10.10.10 
		 area 0.0.0.4 
		  network 172.16.0.0 0.0.255.255 

5.R12的配置

RIP配置：

R12:
		rip 1
		 version 2
		 network 172.16.0.0

在R12上实现路由过滤；

asbr-summary 172.16.160.0 255.255.224.0 not-advertise

6.域内路由汇总

1、AREA1的汇总

R3:
		 area 0.0.0.1 
		  abr-summary 172.16.32.0 255.255.224.0

2、AREA2的汇总

R6:
		 area 0.0.0.2 
		  abr-summary 172.16.96.0 255.255.224.0

3、AREA3的汇总

R7:
		area 0.0.0.3 
		 abr-summary 172.16.128.0 255.255.224.0

7.域外路由汇总

1、ospf2进程汇总

R9:
		ospf 2
		 asbr-summary 172.16.160.0 255.255.224.0

2、RIP的汇总

R12:
		ospf 1 router-id 12.12.12.12 
		 asbr-summary 172.16.208.0 255.255.240.0 not-advertise
		 asbr-summary 172.16.192.0 255.255.240.0 not-advertise

9.特殊区域

1、AREA1的完全末梢区域

R1:
		ospf 1
		 area 1
		 stub

R2:
		ospf 1
		 area 1
		 stub

R3:
		ospf 1
		 area 1
		 stub no-summary

2、AREA2/3的完全NSSA

AREA2:
	R6:
			ospf 1
			 area 2
			 nssa no-summary

	R11:
			ospf 1
			 area 2
			 nssa 
		 
	R12:
			ospf 1
			 area 2
			 nssa 

AREA3:
	R7:
			ospf 1
			 area 3
			 nssa no-summary

	R8:
			ospf 1
			 area 3
			 nssa 

	R9:
			ospf 1
			 area 3
			 nssa 

10.NAT配置

R3:
		acl  2000  
		 rule 5 permit source 172.16.0.0 0.0.255.255 
		int s3/0/0
		 nat outbound 2000

R6:
		acl  2000  
		 rule 5 permit source 172.16.0.0 0.0.255.255 
		int s4/0/0
		 nat outbound 2000

R7:
		acl  2000  
		 rule 5 permit source 172.16.0.0 0.0.255.255 
		int s4/0/1
		 nat outbound 2000