实验拓扑:
实验思路:
1.规划IP,配置环回,接口IP
2.把R1,R2优先级改为0,让R1、R2放弃选举,
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ospf dr-priority 0
<r1>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
注:若参选接口的优先级为0,表示退出选举,无需重启进程;
[r2]interface Eth0/0/0
[r2-Ethernet0/0/0]ospf dr-priority 2
3.在R4边界路由器上的OSPF协议中设置缺省路由,完成全网可达
[r4]ospf 1
[r4-ospf-1]default-route-advertise always
4.在ABR路由器上设置区域汇总,空接口防环
[r3]ospf 1
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]abr-summary 192.168.1.0 255.255.255.128
在ABR路由器上做一个空行接口------目的:防止环路
[r3]ip route-static 192.168.1.0 25 NULL 0
ABR -- 区域边界路由器
5.保障更新安全,在R1R2R3骨干接口上设置认证
[r1]interface GigabitEthernet0/0/1
[r1-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
- 认证 --直连邻居的接口加密即可,两端需要一致
[r1]interface GigabitEthernet0/0/1
[r1-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
邻居间的秘钥编号与密码均需一致
R1:
[Huawei]sysname r1
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 192.168.1.33 27
[r1-LoopBack0]q
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 27
Jun 3 2024 15:12:02-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0][r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
Jun 3 2024 15:55:22-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[0]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, Neighb
orEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init)
[r1-ospf-1-area-0.0.0.0]
Jun 3 2024 15:55:26-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[1]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, Neighb
orEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=ExStart) [r1-ospf-1-area-0.0.0.0]
Jun 3 2024 15:55:26-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[2]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, Neighb
orEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=Exc
hange)
[r1-ospf-1-area-0.0.0.0]
Jun 3 2024 15:55:26-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[3]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, Neighb
orEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loadi
ng)
[r1-ospf-1-area-0.0.0.0]
Jun 3 2024 15:55:26-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, Neighb
orEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
[r1-ospf-1-area-0.0.0.0]放弃选举DR
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ospf dr-priority 0在接口上进行加密
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456R2:
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/0]
R3:
[r3]display ospf peer OSPF Process 1 with Router ID 3.3.3.3Neighbors Area 0.0.0.0 interface 192.168.1.3(GigabitEthernet0/0/0)'s neighborsRouter ID: 1.1.1.1 Address: 192.168.1.1 State: Full Mode:Nbr is Slave Priority: 1DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0 Dead timer due in 35 sec Retrans timer interval: 0 Neighbor is up for 00:03:19 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 State: Full Mode:Nbr is Slave Priority: 1DR: 192.168.1.1 BDR: 192.168.1.2 MTU: 0 Dead timer due in 30 sec Retrans timer interval: 5 Neighbor is up for 00:03:19 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.1 interface 192.168.1.129(GigabitEthernet0/0/1)'s neighborsRouter ID: 4.4.4.4 Address: 192.168.1.130 State: Full Mode:Nbr is Master Priority: 1DR: 192.168.1.129 BDR: 192.168.1.130 MTU: 0 Dead timer due in 35 sec Retrans timer interval: 5 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] [r3]display ospf peer brief OSPF Process 1 with Router ID 3.3.3.3Peer Statistic Information----------------------------------------------------------------------------Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full 0.0.0.0 GigabitEthernet0/0/0 2.2.2.2 Full 0.0.0.1 GigabitEthernet0/0/1 4.4.4.4 Full ----------------------------------------------------------------------------手工汇总
[r3]ospf 1
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]abr-summary 192.168.1.0 255.255.255.128[r3-ospf-1-area-0.0.0.0]display ospf peer OSPF Process 1 with Router ID 3.3.3.3Neighbors Area 0.0.0.0 interface 192.168.1.3(GigabitEthernet0/0/0)'s neighborsRouter ID: 1.1.1.1 Address: 192.168.1.1 State: Full Mode:Nbr is Slave Priority: 0DR: 192.168.1.3 BDR: None MTU: 0 Dead timer due in 37 sec Retrans timer interval: 4 Neighbor is up for 00:14:45 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 State: Full Mode:Nbr is Slave Priority: 0DR: 192.168.1.3 BDR: None MTU: 0 Dead timer due in 29 sec Retrans timer interval: 5 Neighbor is up for 00:14:17 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.1 interface 192.168.1.129(GigabitEthernet0/0/1)'s neighborsRouter ID: 4.4.4.4 Address: 192.168.1.130 State: Full Mode:Nbr is Master Priority: 1DR: 192.168.1.129 BDR: 192.168.1.130 MTU: 0 Dead timer due in 36 sec Retrans timer interval: 5 Neighbor is up for 00:23:29 Authentication Sequence: [ 0 ] [r3-ospf-1-area-0.0.0.0]display ospf peer brief OSPF Process 1 with Router ID 3.3.3.3Peer Statistic Information----------------------------------------------------------------------------Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full 0.0.0.0 GigabitEthernet0/0/0 2.2.2.2 Full 0.0.0.1 GigabitEthernet0/0/1 4.4.4.4 Full ----------------------------------------------------------------------------
[r3-ospf-1-area-0.0.0.0]在ABR路由器上做一个空行接口------目的:防止环路
[r3]ip route-static 192.168.1.0 25 NULL 0[r3]interface g0/0/0
[r3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/0]
R4:
[Huawei]sysname r4
[r4]interface g0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.1.130 25
[r4]interface LoopBack 0
[r4-LoopBack0]ip address 4.4.4.4 24[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 1
[r4-ospf-1-area-0.0.0.1]network 192.168.1.130 0.0.0.0
[r4-ospf-1-area-0.0.0.1][r4-ospf-1-area-0.0.0.1]ping 192.168.1.33PING 192.168.1.33: 56 data bytes, press CTRL_C to breakReply from 192.168.1.33: bytes=56 Sequence=1 ttl=254 time=60 msReply from 192.168.1.33: bytes=56 Sequence=2 ttl=254 time=70 msReply from 192.168.1.33: bytes=56 Sequence=3 ttl=254 time=40 msReply from 192.168.1.33: bytes=56 Sequence=4 ttl=254 time=40 msReply from 192.168.1.33: bytes=56 Sequence=5 ttl=254 time=30 ms[r4]display ospf peer OSPF Process 1 with Router ID 4.4.4.4Neighbors Area 0.0.0.1 interface 192.168.1.130(GigabitEthernet0/0/0)'s neighborsRouter ID: 3.3.3.3 Address: 192.168.1.129 State: Full Mode:Nbr is Slave Priority: 1DR: 192.168.1.129 BDR: 192.168.1.130 MTU: 0 Dead timer due in 40 sec Retrans timer interval: 5 Neighbor is up for 00:25:59 Authentication Sequence: [ 0 ] [r4]display ospf peer b
[r4]display ospf peer brief OSPF Process 1 with Router ID 4.4.4.4Peer Statistic Information----------------------------------------------------------------------------Area Id Interface Neighbor id State 0.0.0.1 GigabitEthernet0/0/0 3.3.3.3 Full ----------------------------------------------------------------------------边界路由器设置缺省路由
[r4]ospf 1
[r4-ospf-1]default-route-advertise always
[r4-ospf-1]
