OSPF 特殊区域、虚链路 、区域认证 综合实验
拓扑:
由于机器原因,不能启动8台路由器,只好启动6台路由器,所以R7 R8 的不做
R1 R2 R4 构成的是HUB-SPOKE R2是中心路由器
R1#sh ip os nei
Neighbor ID Pri State Dead Time Address Interface
192.168.1.2 255 FULL/DR 00:01:57 192.168.1.2 Serial1/2
修改了优先级,让R2成为DR,R2 R3成为DROTHER
R2#sh ip os nei
Neighbor ID Pri State Dead Time Address Interface
192.168.1.1 0 FULL/DROTHER 00:01:59 192.168.1.1 Serial1/2
192.168.1.4 0 FULL/DROTHER 00:01:59 192.168.1.4 Serial1/2
一:区域认证
R1(config)#router os 1
R1(config-router)#area 0 authentication (第一步是启动认证)
R1(config-router)#int s1/2
R1(config-if)#ip os authentication-key ccxx (第二步在接口下配置认证)
要配置区域认证需将一个区域内的所有路由器都配置认证,这里配置的是area 0的区域认证,所以R1 R2 R4都需配置认证
R2(config)#router os 1
R2(config-router)#area 0 authentication
R2(config-router)#int s1/2
R2(config-if)#ip os authentication-key ccxx
R4(config)#router os 1
R4(config-router)#area 0 authentication
R4(config-router)#int s1/2
R4(config-if)#ip os authentication-key ccxx
二:将RIP封装进OSPF
R3(config)#router os 1
R3(config-router)#redistribute rip subnets
到R1上查看路由表,会看OE2的路由来之外部路由
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O IA 200.200.200.0/24 [110/128] via 192.168.1.2, 00:01:15, Serial1/2
172.16.0.0/24 is subnetted, 2 subnets
O E2 172.16.4.0 [110/20] via 192.168.1.2, 00:00:42, Serial1/2
O E2 172.16.3.0 [110/20] via 192.168.1.2, 00:00:42, Serial1/2
C 192.168.1.0/24 is directly connected, Serial1/2
三:特殊区域
R2(config)#router os 1
R2(config-router)#area 4 nssa default-information-originate
(要加一条默认路由到R3)
R3(config)#router os 1
R3(config-router)#area 4 nssa
验证:
R3#sh ip os da
OSPF Router with ID (172.16.4.3) (Process ID 1)
Router Link States (Area 4)
Link ID ADV Router Age Seq# Checksum Link count
172.16.4.3 172.16.4.3 1030 0x80000004 0x006A84 2
192.168.1.2 192.168.1.2 1035 0x80000004 0x00D372 2
Summary Net Link States (Area 4)
Link ID ADV Router Age Seq# Checksum
192.168.1.0 192.168.1.2 1041 0x80000002 0x00D34B
Type-7 AS External Link States (Area 4)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 192.168.1.2 1041 0x80000001 0x0038B1 0
172.16.3.0 172.16.4.3 1035 0x80000001 0x004472 0
172.16.4.0 172.16.4.3 1035 0x80000001 0x00397C 0
四:虚链路
R4与R5是area 2因此形成了区域分割,我们知道OSPF子区域必须与骨干区域(area0)相连才能通信,此时R6与R5的area3被分割了,R6会学部到外部路由,就需要做虚链路了。
R4(config)#router os 1
R4(config-router)#area 2 virtual-link 192.168.2.2 authentication
R4(config-router)#area 2 virtual-link 192.168.2.2 authentication-key ccxx
R5(config)#router os 1
R5(config-router)#area 2 virtual-link 192.168.1.4 authentication
R5(config-router)#area 2 virtual-link 192.168.1.4 authentication-key ccxx
验证:
R6#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O IA 200.200.200.0/24 [110/256] via 172.16.2.1, 00:00:08, Serial1/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.4.0 [110/20] via 172.16.2.1, 00:00:08, Serial1/0
C 172.16.2.0 is directly connected, Serial1/0
O E2 172.16.3.0 [110/20] via 172.16.2.1, 00:00:08, Serial1/0
O IA 192.168.1.0/24 [110/192] via 172.16.2.1, 00:00:08, Serial1/0
O IA 192.168.2.0/24 [110/128] via 172.16.2.1, 00:00:18, Serial1/0