《配置OSPF邻居认证》由会员分享,可在线阅读,更多相关《配置OSPF邻居认证(83页珍藏版)》请在金锄头文库上搜索。
1、6.9 配置配置OSPF邻居认证邻居认证 6.9.16.9.1操作内容和环境操作内容和环境 操作内容:本节主要介绍在思科路由器上配置操作内容:本节主要介绍在思科路由器上配置OSPFOSPF邻居认证的命令和邻居认证的命令和方法,通过学习,了解并掌握多区域中方法,通过学习,了解并掌握多区域中OSPFOSPF路由器之间邻居认证方路由器之间邻居认证方式:明文认证和式:明文认证和MD5MD5算法密文认证。算法密文认证。 组网环境:组网环境:Router3Router3是思科是思科CISCO 3725CISCO 3725路由器,路由器,IOSIOS为为c3725-jk9s-c3725-jk9s-mz.12
2、3-12amz.123-12a(版本为(版本为12.312.3),),Router1Router1和和Router2Router2是思科是思科CISCO CISCO 2621XM2621XM路由器,路由器,IOSIOS为为c2600-adventerprisek9-mz.123-11.T3c2600-adventerprisek9-mz.123-11.T3(版本(版本为为12.312.3)。)。PCPC机机3 3台,台,DTE-DCEDTE-DCE交叉电缆(交叉电缆(V35V35电缆)电缆)1 1对,交叉网线对,交叉网线1 1根根( (或一台交换机和或一台交换机和2 2根直通网线根直通网线)
3、),consoleconsole配置电缆配置电缆3 3根。根。 Router1Router1以太网口与以太网口与Router3Router3的以太网口通过交叉网线相连或通过交换机相连,的以太网口通过交叉网线相连或通过交换机相连,Router1Router1串口与串口与Router3Router3的串口通过的串口通过V35V35电缆相连。电缆相连。( (图中的图中的Fa0/0Fa0/0代表代表快速以太网快速以太网FastEtherent0/0FastEtherent0/0端口端口) )。1图6-11 OSPF邻居认证配置拓扑结构图2 6.9.2 6.9.2 相关知识介绍相关知识介绍( (基础知识
4、基础知识) ) OSPFOSPF协议支持基于接口的协议支持基于接口的OSPFOSPF报文认证,认证报文认证,认证OSPFOSPF相邻路由器相邻路由器的身份,以保证的身份,以保证OSPFOSPF报文来自经认证的邻居路由器,防止未授权报文来自经认证的邻居路由器,防止未授权的邻居向自己传递包含虚假路由信息的的的邻居向自己传递包含虚假路由信息的的OSPFOSPF报文报文 OSPFOSPF协议支持两种认证方式:在相邻路由器之间明文认证协议支持两种认证方式:在相邻路由器之间明文认证(SimpleSimple),或),或MD5MD5算法密文认证。算法密文认证。 采用明文认证时,认证密码在链路上以明文方式传送
5、,用数据包采用明文认证时,认证密码在链路上以明文方式传送,用数据包嗅探器就可以轻易地捕获嗅探器就可以轻易地捕获OSPFOSPF的分组,并解码出没有加密的密码。的分组,并解码出没有加密的密码。 如果使用密文认证,则路由器只在链路上传送密码的消息摘要或如果使用密文认证,则路由器只在链路上传送密码的消息摘要或哈希值,而不传送密码本身,只有接收的路由器配置了正确的认哈希值,而不传送密码本身,只有接收的路由器配置了正确的认证密钥,认证才能通过证密钥,认证才能通过3 6.9.2 6.9.2 相关知识介绍相关知识介绍( (注意要点注意要点) ) 当接口采用当接口采用MD5MD5密文认证时,除了设定认证字(即
6、认证密码),密文认证时,除了设定认证字(即认证密码),还要指定认证字键值还要指定认证字键值key-idkey-id,每个,每个key-idkey-id是一个是一个1 1255255之间的整数,之间的整数, 与与MD5MD5认证字配合使用。在一个接口上,后配置的认证字与认证字配合使用。在一个接口上,后配置的认证字与key-idkey-id将覆盖原有的认证字与将覆盖原有的认证字与key-idkey-id。 需要缺省情况下,接口不对报文进行认证。在配置对报文进行认需要缺省情况下,接口不对报文进行认证。在配置对报文进行认证时,其明文认证密码的最大长度为证时,其明文认证密码的最大长度为8 8个字符;个字
7、符;MD5MD5认证密码的最认证密码的最大长度为大长度为1616个字符;个字符;key-idkey-id为为MD5MD5认证方式时的认证字键值,取值认证方式时的认证字键值,取值范围为范围为1 1255255。 同一网段上的相邻路由器的接口配置的报文认证方式、认证密码同一网段上的相邻路由器的接口配置的报文认证方式、认证密码以及以及key-idkey-id都必须一致,否则认证会失败。都必须一致,否则认证会失败。46.9.2 6.9.2 相关知识介绍相关知识介绍( (认证格式认证格式) )(1 )(1 )相邻路由器明文认证的设置相邻路由器明文认证的设置 第一步:在区域中进入认证的路由器上启动区域明文
8、认证第一步:在区域中进入认证的路由器上启动区域明文认证 。 启动区域明文认证的命令格式如下:启动区域明文认证的命令格式如下: area area area_idarea_id authenticationauthentication 第二步,在接口上输入明文形式的密码第二步,在接口上输入明文形式的密码 在接口上配置明文认证方式和密码的命令格式如下:在接口上配置明文认证方式和密码的命令格式如下: ipip ospfospf authentication-key authentication-key passwordpassword 例:配置区域例:配置区域0 0内接口内接口Serial0/0 S
9、erial0/0 对对OSPF OSPF 报文采用简单认证,密码报文采用简单认证,密码为为abc123abc123,命令如下:,命令如下: Router(config)#Router(config)#routerrouter ospfospf 1 1 Router(configRouter(config-router)#-router)# area area 0 0 authenticationauthentication Router(config-router)#Router(config-router)#exitexit Router(config)#Router(config)#int
10、erfaceinterface s0/0 s0/0 Router(configRouter(config-if)# -if)# ipip ospfospf authentication-key abc123 authentication-key abc12356.9.2 6.9.2 相关知识介绍相关知识介绍( (认证格式认证格式) )(2)(2)相邻路由器相邻路由器MD5MD5密文认证的设置密文认证的设置 第一步:在区域中进入认证的路由器上启动第一步:在区域中进入认证的路由器上启动MD5MD5区域认证区域认证 。 启动区域启动区域启动区域启动区域MD5MD5密文认证的命令格式如下:密文认证的命
11、令格式如下:密文认证的命令格式如下:密文认证的命令格式如下: area area area_idarea_id authentication message-digest authentication message-digest 在接口上输入在接口上输入MD5MD5认证字(或称为认证密钥)及认证字键值认证字(或称为认证密钥)及认证字键值 在接口上配置在接口上配置MD5MD5认证字及认证字键值的命令格式如下:认证字及认证字键值的命令格式如下: ipip ospfospf message-digest-key message-digest-key keyidkeyid md5 md5 keyke
12、y 例:配置区域例:配置区域0 0内接口内接口Serial0/0 Serial0/0 采用采用MD5MD5密文认证,密文认证,MD5MD5认证密钥认证密钥为为bbbbbbbb,key-id key-id 为为178178,命令如下:,命令如下: Router(config)#Router(config)#routerrouter ospfospf 1 1 Router(configRouter(config-router)#-router)# areaarea 0 0 authentication message-digestauthentication message-digest Rout
13、er(config-router)#Router(config-router)#exitexit Router(config)#Router(config)#interfaceinterface s0/0 s0/0 Router(configRouter(config-if)#-if)# ipip ospfospf message-digest-key 178 md5 message-digest-key 178 md5 bbbbbbbb66.9.3 6.9.3 操作步骤操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端
14、口及认证方式 (1) (1) 配置配置 Router3Router3的的FA0/0FA0/0接口及接口认证方式接口及接口认证方式Router3Router3路由器型号为:思科路由器型号为:思科CISCO 3725CISCO 3725,其命令如下,其命令如下RouterRouterenableenable Router#Router#configconfig terminal terminalEnter configuration commands, one per line. End with CNTL/Z.Enter configuration commands, one per line.
15、 End with CNTL/Z.Router(config)#Router(config)#hostnamehostname Router3 Router3 Router3(config)#Router3(config)#interface fa0/0interface fa0/0Router3(config-if)#Router3(config-if)#ip address 10.10.1.2 255.255.255.0ip address 10.10.1.2 255.255.255.0Router3(config-if)#Router3(config-if)#no shutdownno
16、shutdownRouter3(config-if)#Router3(config-if)#ip ip ospfospf authentication-key authentication-key aaaaaaaa Router3(config-if)#Router3(config-if)#exitexitRouter3(config)#Router3(config)#router router ospfospf 1 1 # #进入进入ospfospf设置状态设置状态Router3(config-router)#Router3(config-router)#network 10.10.1.0
17、0.0.0.255 area 0network 10.10.1.0 0.0.0.255 area 0Router3(config-router)#Router3(config-router)#area 0 authenticationarea 0 authentication # #在区域在区域0 0路由器路由器上启动区域认证上启动区域认证Router3(config-router)#Router3(config-router)#endend76.9.3 6.9.3 操作步骤操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各
18、个端口及认证方式 (2) Router1(2) Router1的的FA0/0FA0/0、S0/0S0/0接口配置及接口认证方式:接口配置及接口认证方式: Router1 Router1路由器型号为:思科路由器型号为:思科CISCO2621XMCISCO2621XM,其命令如下,其命令如下 Router Routerenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z. Enter configuration com
19、mands, one per line. End with CNTL/Z. Router(config)#Router(config)#hostnamehostname Router1 Router1 Router1(config)# Router1(config)#interface fa0/0interface fa0/0 Router1(config-if)# Router1(config-if)#ip address 10.10.1.1 255.255.255.0ip address 10.10.1.1 255.255.255.0 Router1(config-if)# Router1
20、(config-if)#no shutdownno shutdown Router1(config-if)# Router1(config-if)#ip ip ospfospf authentication-key authentication-key aaaaaaaa Router1(config-if)#interface s0/0 Router1(config-if)#interface s0/0 Router1(config-if)#ip address 192.168.1.1 255.255.255.0 Router1(config-if)#ip address 192.168.1.
21、1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#no shutdown Router1(config-if)#clockrate 64000 # Router1(config-if)#clockrate 64000 #连接该端口的电缆若连接该端口的电缆若连接该端口的电缆若连接该端口的电缆若是是是是DTEDTE电缆,则不用配置电缆,则不用配置电缆,则不用配置电缆,则不用配置 Router1(config-if)# Router1(config-if)#ip ip ospfospf message-digest-k
22、ey 178 md5 message-digest-key 178 md5 bbbbbbbb 8 Router1(config-if)# Router1(config-if)#exitexit Router1(config)# Router1(config)#router router ospfospf 1 1 # #进入进入ospfospf设置状态设置状态 Router1(config-router)# Router1(config-router)#network 192.168.1.0 0.0.0.255 area 1network 192.168.1.0 0.0.0.255 area 1
23、 Router1(config-router)# Router1(config-router)#network 10.10.1.0 0.0.0.255 area 0network 10.10.1.0 0.0.0.255 area 0 Router1(config-router)# Router1(config-router)#area 0 authenticationarea 0 authentication # #在区域在区域0 0路由器上路由器上启动区域明文认证启动区域明文认证 Router1(config-router)# Router1(config-router)#area 1 au
24、thenticationarea 1 authentication message-digestmessage-digest # #在区域在区域1 1路由器上启动路由器上启动MD5MD5区域认证区域认证 Router1(config-router)# Router1(config-router)#endend Router1# Router1#96.9.3 6.9.3 操作步骤操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (3) Router2 (3) Router2的的S0/0S0/0接口的配置及认证
25、方式接口的配置及认证方式 Router2 Router2的型号为:思科的型号为:思科CISCO 2621XMCISCO 2621XM路由器,配置命令如下:路由器,配置命令如下: Router Routerenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z. Enter configuration commands, one per line. End with CNTL/Z. Router(config)#Rou
26、ter(config)#hostnamehostname Router2 Router2 Router2(config)# Router2(config)#interface s0/0interface s0/0 Router2(config-if)# Router2(config-if)#ip address 192.168.1.2 255.255.255.0ip address 192.168.1.2 255.255.255.0 Router2(config-if)# Router2(config-if)#no shutno shut Router2(config-if)# Router2
27、(config-if)#clockrate 64000 clockrate 64000 # #连接该端口的电缆若是连接该端口的电缆若是 DTEDTE电缆,则不用设置电缆,则不用设置 Router2(config-if)# Router2(config-if)#ip ip ospfospf message-digest-key 178 md5 message-digest-key 178 md5 bbbbbbbb Router2(config-if)# Router2(config-if)#exitexit Router2(config)# Router2(config)#router rout
28、er ospfospf 1 1 Router2(config-router)# Router2(config-router)#network 192.168.1.0 0.0.0.255 area 1network 192.168.1.0 0.0.0.255 area 1 Router2(config-router)# Router2(config-router)#area 1 authenticationarea 1 authentication message-digestmessage-digest106.9.3 6.9.3 操作步骤操作步骤2. 2. 测试认证方式的正确性测试认证方式的正
29、确性测试认证方式的正确性测试认证方式的正确性 Router2# Router2#ping 10.10.1.1ping 10.10.1.1 Type escape sequence to abort. Type escape sequence to abort. Sending 5, 100-byte ICMP Sending 5, 100-byte ICMP EchosEchos to 10.10.1.1, timeout is 2 to 10.10.1.1, timeout is 2 seconds:seconds: ! ! Success rate is 100 percent (5/5)
30、, round-trip min/ Success rate is 100 percent (5/5), round-trip min/avgavg/max = /max = 28/28/32 ms28/28/32 ms 从结果看,从结果看,Router2Router2能能pingping通通Router1,Router1,线路是连通的,线路是连通的,MD5MD5密文认证密文认证通过。再测试其它网段。通过。再测试其它网段。 Router2# Router2#ping 192.168.1.1ping 192.168.1.1 # #测试结果是连通的测试结果是连通的 Router2# Router2
31、#ping 10.10.1.2ping 10.10.1.2 # #测试结果是连通的测试结果是连通的 通过通过pingping命令测试,命令测试,Router2Router2能能pingping通通Router3Router3,线路是连通的,明,线路是连通的,明文认证也通过,并且文认证也通过,并且OSPFOSPF协议工作正常。协议工作正常。116.9.3 6.9.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(1(1) )查看查看Router2Router2和和Router3Router3的路由表,
32、测试认证方式的正确性的路由表,测试认证方式的正确性 Router2#Router2#show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets O IA 10.10.1.0 110/65 via 192.168.1.1, 00:11:36, Serial0/0O IA 10.10.1.0 110/65 via 192.168.
33、1.1, 00:11:36, Serial0/0 C 192.168.1.0/24 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, Serial0/0 Router3# Router3#show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnetted, 1 subnets, 1
34、subnets C 10.10.1.0 is directly connected, FastEthernet0/0 C 10.10.1.0 is directly connected, FastEthernet0/0 O IA 192.168.1.0/24 110/65 via 10.10.1.1, 00:13:08, O IA 192.168.1.0/24 110/65 via 10.10.1.1, 00:13:08, FastEthernet0/0FastEthernet0/0 通过显示的路由表内容可知,通过显示的路由表内容可知,Router2Router2和和Router3Router
35、3通过通过OSPFOSPF协议,获协议,获得了非直连网段路由信息,这说明链路是连通的得了非直连网段路由信息,这说明链路是连通的, ,邻居认证通过。邻居认证通过。126.9.3 6.9.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(1(1) )查看在查看在Router1Router1上查看端口信息,测试认证方式的正确性上查看端口信息,测试认证方式的正确性 Router1#Router1#show show ipip ospfospf interface interface FastEthernet
36、0/0 is up, line protocol is up FastEthernet0/0 is up, line protocol is up Internet Address 10.10.1.1/24, Area 0 Internet Address 10.10.1.1/24, Area 0 Process ID 1, Router ID 192.168.1.1, Network Type BROADCAST, Cost: 1 Process ID 1, Router ID 192.168.1.1, Network Type BROADCAST, Cost: 1 Transmit Del
37、ay is 1 sec, State DR, Priority 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.1.1, Interface address 10.10.1.1 Designated Router (ID) 192.168.1.1, Interface address 10.10.1.1 Backup Designated router (ID) 10.10.1.2, Interface address 10.10.1.2 Backup Designated route
38、r (ID) 10.10.1.2, Interface address 10.10.1.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resyncoob-resync timeout 40 timeout 40 Hello due in 00:00:02 Hello due in 00:00:02 Supports Link-local Signaling
39、 (LLS) Supports Link-local Signaling (LLS) Index 1/2, flood queue length 0 Index 1/2, flood queue length 0 Next 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan length is 1, maximum is 1 Last flood scan time is 0 Last flood scan time is 0 msecmsec, maximum i
40、s 0 , maximum is 0 msecmsec13 Neighbor Count is 1, Adjacent neighbor count is 1 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.10.1.2 (Backup Designated Router) Adjacent with neighbor 10.10.1.2 (Backup Designated Router) Suppress hello for 0 Suppress hello for 0 neighbor
41、(sneighbor(s) ) Simple password authentication enabledSimple password authentication enabled Serial0/0 is up, line protocol is up Serial0/0 is up, line protocol is up Internet Address 192.168.1.1/24, Area 1 Internet Address 192.168.1.1/24, Area 1 Process ID 1, Router ID 192.168.1.1, Network Type Pro
42、cess ID 1, Router ID 192.168.1.1, Network Type POINT_TO_POINT, Cost: 64POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Timer intervals configured, Hello 10, Dead
43、 40, Wait 40, Retransmit 5 oob-resyncoob-resync timeout 40 timeout 40 Hello due in 00:00:07 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last flood s
44、can length is 1, maximum is 1 Last flood scan length is 1, maximum is 114 Last flood scan time is 0 Last flood scan time is 0 msecmsec, maximum is 0 , maximum is 0 msecmsec Neighbor Count is 1, Adjacent neighbor count is 1 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.
45、168.1.2 Adjacent with neighbor 192.168.1.2 Suppress hello for 0 Suppress hello for 0 neighbor(sneighbor(s) ) Message digest authentication enabledMessage digest authentication enabled Youngest key id is 178 Youngest key id is 178 由由Router1Router1上的端口信息可知:在上的端口信息可知:在FastEthernet0/0FastEthernet0/0上明文认
46、证方式已启上明文认证方式已启动,在动,在Serial0/0Serial0/0上上MD5MD5密文认证方式已启动,其最新设置的认证字密文认证方式已启动,其最新设置的认证字key-key-idid号为号为178178,这与我们配置相符。,这与我们配置相符。 在路由器之间进行邻居认证时,认证双方的认证方式与密码必须一致,在路由器之间进行邻居认证时,认证双方的认证方式与密码必须一致,否则,不能通过认证。下面我们修改认证一方的认证密码,使其与对否则,不能通过认证。下面我们修改认证一方的认证密码,使其与对方不一致,再测试邻居认证情况。方不一致,再测试邻居认证情况。156.9.3 6.9.3 操作步骤操作步
47、骤4. 4. 修改修改修改修改S2S2端口的端口的端口的端口的OSPFOSPF认证密码:认证密码:认证密码:认证密码:(1)(1)修改修改S0/0S0/0端口的端口的OSPFOSPF认证密码,使其与对端不一致认证密码,使其与对端不一致 Router2#Router2#config terminalconfig terminal Router2(config)# Router2(config)#interface s0/0interface s0/0 Router2(config-if)# Router2(config-if)#nono ipip ospfospf message-digest-
48、key 178 md5 message-digest-key 178 md5 bbbbbbbb Router2(config-if)# Router2(config-if)#ip ip ospfospf message-digest-key 123 md5 message-digest-key 123 md5 abcdabcd(2)(2)用用pingping命令测试连通性命令测试连通性 Router2#Router2#ping 10.10.1.1ping 10.10.1.1Type escape sequence to abort.Type escape sequence to abort.S
49、ending 5, 100-byte ICMP Sending 5, 100-byte ICMP EchosEchos to 10.1.1.1, timeout is 2 seconds: to 10.1.1.1, timeout is 2 seconds:.Success rate is 0 percent (0/5)Success rate is 0 percent (0/5)(不通)(不通)(不通)(不通)在在Router2Router2上执行上执行ping 10.10.1.1ping 10.10.1.1,则后发现此时链路不通,说明,则后发现此时链路不通,说明Router2Router2
50、与与Router1Router1之间的之间的MD5MD5密文认证方式没有通过。密文认证方式没有通过。166.9.3 6.9.3 操作步骤操作步骤4. 4. 修改修改修改修改S2S2端口的端口的端口的端口的OSPFOSPF认证密码:认证密码:认证密码:认证密码:(3)(3)查看路由表信息查看路由表信息 Router2#Router2#show show ipip route route Gateway of last resort is not set Gateway of last resort is not set C 192.168.1.0/24 is directly connected
51、, Serial0/0 C 192.168.1.0/24 is directly connected, Serial0/0 从路由表信息可知,由于邻居之间认证失败,所以链路不通,从路由表信息可知,由于邻居之间认证失败,所以链路不通,OSPFOSPF协协议无法正确执行,路由表中不含通过议无法正确执行,路由表中不含通过OSPFOSPF获得的到远端网络的路由信获得的到远端网络的路由信息。息。 由此说明在邻居之间进行身份认证时,必须设置统一的认证密码。由此说明在邻居之间进行身份认证时,必须设置统一的认证密码。176.9.3 6.9.3 操作步骤操作步骤4. 4. 修改修改修改修改S2S2端口的端口的端
52、口的端口的OSPFOSPF认证密码:认证密码:认证密码:认证密码:(4)(4)测试测试Router1Router1与与Router2Router2 Router2#Router2#ping 192.168.1.1ping 192.168.1.1 Type escape sequence to abort. Type escape sequence to abort. Sending 5, 100-byte ICMP Sending 5, 100-byte ICMP EchosEchos to 192.168.1.1, timeout is 2 to 192.168.1.1, timeout i
53、s 2 seconds:seconds: ! ! Success rate is 100 percent (5/5), round-trip min/ Success rate is 100 percent (5/5), round-trip min/avgavg/max = /max = 28/28/28 ms28/28/28 ms 这时这时Router2Router2与与Router1Router1之间的链路还是激活的,之间的链路还是激活的,Router2Router2能能pingping通通Router1Router1。但是。但是Router2Router2与与Router1Router
54、1之间不构成邻居关系,因为不能互相之间不构成邻居关系,因为不能互相通过认证,下面的命令能证实这一点。通过认证,下面的命令能证实这一点。 Router2#Router2#show show ipip ospfospf neighbor neighbor (空白行)(空白行) 显示空白,说明显示空白,说明Router2Router2没有邻居。没有邻居。186.9.3 6.9.3 操作步骤操作步骤5. 5. 密码改回:密码改回:密码改回:密码改回: Router2#Router2#config terminalconfig terminal Router2(config)# Router2(conf
55、ig)#interface s0/0interface s0/0 Router2(config-if)# Router2(config-if)#nono ipip ospfospf message-digest-key 123 md5 message-digest-key 123 md5 abcdabcd Router2(config-if)# Router2(config-if)#ip ip ospfospf message-digest-key 178 md5 message-digest-key 178 md5 bbbbbbbb6.6.小结小结小结小结 OSPF OSPF 支持在相邻路由
56、器之间进行明文认证(支持在相邻路由器之间进行明文认证(支持在相邻路由器之间进行明文认证(支持在相邻路由器之间进行明文认证(SimpleSimple)或)或)或)或MD5MD5密文认密文认密文认密文认证,同一网段上的路由器接口配置的报文认证方式、认证密码、证,同一网段上的路由器接口配置的报文认证方式、认证密码、证,同一网段上的路由器接口配置的报文认证方式、认证密码、证,同一网段上的路由器接口配置的报文认证方式、认证密码、key-key-idid(如果有的话)必须一致。(如果有的话)必须一致。(如果有的话)必须一致。(如果有的话)必须一致。 并非不同的区域才可配置不同的认证方式,同一区域的不同网段
57、可用并非不同的区域才可配置不同的认证方式,同一区域的不同网段可用并非不同的区域才可配置不同的认证方式,同一区域的不同网段可用并非不同的区域才可配置不同的认证方式,同一区域的不同网段可用不同的认证方式,因此,把前面配置中不同的认证方式,因此,把前面配置中不同的认证方式,因此,把前面配置中不同的认证方式,因此,把前面配置中Router1Router1和和和和Router2Router2之间的链之间的链之间的链之间的链路由区域路由区域路由区域路由区域1 1改成区域改成区域改成区域改成区域0 0也是可以的。也是可以的。也是可以的。也是可以的。19 附:各路由器最终配置信息附:各路由器最终配置信息: R
58、outer1#show runRouter1#show run Building configuration.Building configuration. Current configuration : 1092 bytesCurrent configuration : 1092 bytes ! ! version 12.3version 12.3 service timestamps debug service timestamps debug datetimedatetime msecmsec service timestamps log service timestamps log d
59、atetimedatetime msecmsec no service password-encryptionno service password-encryption ! ! hostname Router1hostname Router1 ! ! boot-start-markerboot-start-marker boot-end-markerboot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate slot 1 no network-clock-participate no
60、 network-clock-participate wicwic 0 0 ipip subnet-zero subnet-zero ! !20 ipip cefcef ipip ipsips popo max-events 100 max-events 100 no no aaaaaa new-model new-model no ftp-server write-enableno ftp-server write-enable voice-card 1voice-card 1 ! ! interface FastEthernet0/0interface FastEthernet0/0 ip
61、ip address 10.10.1.1 255.255.255.0 address 10.10.1.1 255.255.255.0 ipip ospfospf authentication-key authentication-key aaaaaaaa duplex auto duplex auto speed auto speed auto ! ! interface Serial0/0interface Serial0/0 ipip address 192.168.1.1 255.255.255.0 address 192.168.1.1 255.255.255.0 ipip ospfo
62、spf message-digest-key 178 md5 message-digest-key 178 md5 bbbbbbbb clockrateclockrate 64000 64000 ! !21 interface FastEthernet0/1interface FastEthernet0/1 no no ipip address address shutdown shutdown duplex auto duplex auto speed auto speed auto ! ! interface Serial0/1interface Serial0/1 no no ipip
63、address address shutdown shutdown ! ! router router ospfospf 1 1 log-adjacency-changeslog-adjacency-changes area 0 authenticationarea 0 authentication area 1 authentication message-digest area 1 authentication message-digest network 10.10.1.0 0.0.0.255 area 0 network 10.10.1.0 0.0.0.255 area 0 netwo
64、rk 192.168.1.0 0.0.0.255 area 1 network 192.168.1.0 0.0.0.255 area 1 ! !22 ipip classless classless ! ! no no ipip http server http server no no ipip http secure-server http secure-server ! ! control-planecontrol-plane ! ! line con 0line con 0 line aux 0line aux 0 line line vtyvty 0 4 0 4 ! ! endend
65、23 Router2#show runRouter2#show run hostname Router2hostname Router2 interface Serial0/0interface Serial0/0 ipip address 192.168.1.2 255.255.255.0 address 192.168.1.2 255.255.255.0 ipip ospfospf message-digest-key 178 md5 message-digest-key 178 md5 bbbbbbbb ! ! router router ospfospf 1 1 log-adjacen
66、cy-changes log-adjacency-changes area 1 authentication message-digestarea 1 authentication message-digest network 192.168.1.0 0.0.0.255 area 1 network 192.168.1.0 0.0.0.255 area 1 24 Router3#show runRouter3#show run hostname Router3hostname Router3 interface FastEthernet0/0interface FastEthernet0/0
67、ipip address 10.10.1.2 255.255.255.0 address 10.10.1.2 255.255.255.0 ipip ospfospf authentication-key authentication-key aaaaaaaa ! ! router router ospfospf 1 1 log-adjacency-changes log-adjacency-changes area 0 authenticationarea 0 authentication network 10.10.1.0 0.0.0.255 area 0 network 10.10.1.0
68、 0.0.0.255 area 0 256.10 配置配置OSPF路由聚合路由聚合 6.10.16.10.1操作内容和环境操作内容和环境 操作内容:本节主要介绍在思科路由器上配置操作内容:本节主要介绍在思科路由器上配置OSPFOSPF网段聚合的方法,网段聚合的方法,通过学习,了解多区域中通过学习,了解多区域中OSPFOSPF路由聚合的意义,掌握把多条路由聚合的意义,掌握把多条ASAS外部外部路由聚合成一条汇总路由的方法,通过路由聚合,可以减少路由器上路由聚合成一条汇总路由的方法,通过路由聚合,可以减少路由器上路由信息的数量,改善网络性能路由信息的数量,改善网络性能。 组网环境:组网环境:Rou
69、ter1Router1是思科是思科CISCO 3725CISCO 3725路由器,路由器,IOSIOS为为c3725-jk9s-c3725-jk9s-mz.123-12amz.123-12a(版本为(版本为12.312.3),),Router2Router2和和Router3Router3是思科是思科CISCO CISCO 2621XM2621XM路由器,路由器,IOSIOS为为c2600-adventerprisek9-mz.123-11.T3c2600-adventerprisek9-mz.123-11.T3(版本(版本为为12.312.3)。)。PCPC机机3 3台,交叉网线台,交叉网线
70、3 3根,根,DTE-DCEDTE-DCE交叉电缆(交叉电缆(V35V35电缆)电缆)2 2对,对,consoleconsole配置电缆配置电缆3 3根。路由器以太网端口与根。路由器以太网端口与PCPC机相连。图中的机相连。图中的Fa0/0Fa0/0代表快速以太网代表快速以太网FastEtherent0/0FastEtherent0/0端口。端口。26图6-12 OSPF网段聚合配置拓扑结构图27 6.10.2 6.10.2 相关知识介绍相关知识介绍( (基础知识基础知识) ) 当路由信息在当路由信息在ABRABR(或(或ASBRASBR)中进行处理时,如果在)中进行处理时,如果在ABRABR
71、(或(或ASBRASBR)上配置了路由聚合,)上配置了路由聚合,ABRABR(或(或ASBRASBR)只发送一条聚合路由,)只发送一条聚合路由,该聚合路由包含了属于该网段的多个子网段。一个区域可多次配该聚合路由包含了属于该网段的多个子网段。一个区域可多次配置路由聚合。置路由聚合。 “ “area range”area range”命令的用法。该命令只在命令的用法。该命令只在ABRABR上使用,上使用,ABRABR检查自检查自身路由表,对每个目的网络地址的类型是网络(而不是路由器)身路由表,对每个目的网络地址的类型是网络(而不是路由器)的路由项,以网段为单位生成网络汇总的路由项,以网段为单位生成
72、网络汇总LSALSA(3 3类类LSALSA),再向该),再向该LSALSA的目的网络所在区域外的其它区域发送该的目的网络所在区域外的其它区域发送该3 3类类LSA LSA 。 缺省情况下,缺省情况下,OSPFOSPF不进行区域内路由聚合。分配非骨干区域的网不进行区域内路由聚合。分配非骨干区域的网段时请尽量连续可聚合,否则以后网络扩容时,维护难度会加大段时请尽量连续可聚合,否则以后网络扩容时,维护难度会加大很多。很多。 28 6.10.2 6.10.2 相关知识介绍相关知识介绍( (认证格式认证格式) ) 配置配置OSPFOSPF路由聚合命令如下路由聚合命令如下 ; summary-addre
73、ss summary-address ip_addressip_address mask_addressmask_address no summary-address no summary-address ip_addressip_address mask_addressmask_address 其中:其中:ipip-address -address 和和mask_addressmask_address 为网络为网络IP IP 地址和掩码,点分十地址和掩码,点分十进制格式。进制格式。 例:例: ASBRASBR用汇总路由用汇总路由40.1.0.0/1640.1.0.0/16代替被覆盖的代替被覆
74、盖的ASAS外部网段外部网段40.1.1.0/2440.1.1.0/24、 40.1.2.0/2440.1.2.0/24、40.1.3.0/2440.1.3.0/24,并以,并以5 5类类LSALSA的形式把的形式把 总路由总路由40.1.0.0/1640.1.0.0/16传播到整个传播到整个ASAS内。内。 Router(config-router)#Router(config-router)#summary-addresssummary-address 40.1.0.0 255.255.0.0 40.1.0.0 255.255.0.0 区域内路由汇总,即把多条路由合并成一条。区域内路由汇总
75、,即把多条路由合并成一条。 area area area-idarea-id rangerange summary-address mask summary-address mask no area no area area-id area-id rangerange summary-address masksummary-address mask296.10.3 6.10.3 操作步骤操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (1) (1) 配置配置 Router1Router1的的Fa0/0Fa
76、0/0、S1/0S1/0口:口:Router1Router1路由器型号为:思科路由器型号为:思科CISCO 3725CISCO 3725路由器,其命令如下路由器,其命令如下RouterRouterenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z.Enter configuration commands, one per line. End with CNTL/Z.Router(config)#Router(co
77、nfig)#hostnamehostname Router1 Router1 Router1(config)#Router1(config)#interfaceinterfacefa0/0fa0/0Router1(config-if)#Router1(config-if)#ip address 10.1.1.1 255.255.255.0ip address 10.1.1.1 255.255.255.0Router1(config-if)#Router1(config-if)#no shutdownno shutdownRouter1(config-if)#Router1(config-if)
78、#interface s1/0interface s1/0Router1(config-if)#Router1(config-if)#ip address 20.1.1.1 255.255.255.0ip address 20.1.1.1 255.255.255.0Router1(config-if)#Router1(config-if)#no shutdownno shutdownRouter1(config-if)#Router1(config-if)#clockrate 64000 clockrate 64000 # #连接该端口的电缆若是连接该端口的电缆若是DTEDTE电缆,则不用配置
79、电缆,则不用配置Router1(config-if)#Router1(config-if)#exitexitRouter1(config)#Router1(config)#router router ospfospf 1 1 Router1(config-router)#Router1(config-router)#network 10.1.1.0 0.0.0.255 area 0network 10.1.1.0 0.0.0.255 area 0Router1(config-router)#Router1(config-router)#network 20.1.1.0 0.0.0.255 ar
80、ea 0network 20.1.1.0 0.0.0.255 area 0306.10.3 6.10.3 操作步骤操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (2) Router2(2) Router2的的S0/0S0/0、S0/1S0/1口配置口配置路由器路由器Router2Router2的型号为:思科的型号为:思科CISCO 2621XCISCO 2621X路由器,该路由器是边路由器,该路由器是边界路由器,注意其所属界路由器,注意其所属OSPFOSPF区域的设置。其命令如下:区域的设置。其命令如下
81、:RouterRouterenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z.Enter configuration commands, one per line. End with CNTL/Z.Router(config)#Router(config)#hostnamehostname Router2 Router2 Router2(config)#Router2(config)#interface s0/0
82、interface s0/0Router2(config-if)#Router2(config-if)#ip address 30.1.1.1 255.255.255.0ip address 30.1.1.1 255.255.255.0Router2(config-if)#Router2(config-if)#no shutdownno shutdownRouter2(config-if)#Router2(config-if)#clockrate 64000 clockrate 64000 Router2(config-if)#Router2(config-if)#interface s0/1
83、 interface s0/1 Router2(config-if)#Router2(config-if)#ip address 20.1.1.2 255.255.255.0ip address 20.1.1.2 255.255.255.0Router2(config-if)#Router2(config-if)#no shutdownno shutdownRouter2(config-if)#Router2(config-if)#clockrate 64000 clockrate 64000 Router2(config-if)#Router2(config-if)#exitexitRout
84、er2(config)#Router2(config)#router router ospfospf 1 1 Router2(config-router)#Router2(config-router)#network 30.1.1.0 0.0.0.255 area 1network 30.1.1.0 0.0.0.255 area 1Router2(config-router)#Router2(config-router)#network 20.1.1.0 0.0.0.255 area 0network 20.1.1.0 0.0.0.255 area 031 6.10.3 6.10.3 操作步骤
85、操作步骤1.1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (3) Router3 (3) Router3的接口配置的接口配置路由器路由器Router3Router3型号为:思科型号为:思科CISCO2621XCISCO2621X型路由器,其命令如下:型路由器,其命令如下:RouterRouterenableenable Router#Router#configconfig terminal terminal Router(config)#Router(config)#hostnamehostname Router3
86、 Router3 Router3(config)#Router3(config)#interface fa0/0interface fa0/0Router3(config-if)#Router3(config-if)#ip address 40.1.1.1 255.255.255.0ip address 40.1.1.1 255.255.255.0Router3(config-if)#Router3(config-if)#no shutdownno shutdownRouter3(config-if)#Router3(config-if)#interface fa0/1interface fa
87、0/1Router3(config-if)#Router3(config-if)#ip address 40.1.2.1 255.255.255.0ip address 40.1.2.1 255.255.255.0Router3(config-if)#Router3(config-if)#no shutdownno shutdownRouter3(config-if)#Router3(config-if)#interface s0/0interface s0/0Router3(config-if)#Router3(config-if)#ip address 30.1.1.2 255.255.2
88、55.0ip address 30.1.1.2 255.255.255.0Router3(config-if)#Router3(config-if)#no shutdownno shutdownRouter3(config-if)#Router3(config-if)#clockrate 64000 clockrate 64000 Router3(config-if)#Router3(config-if)#interface Loopback0interface Loopback0Router3(config-if)#Router3(config-if)#ip address 40.1.3.1
89、 255.255.255.0ip address 40.1.3.1 255.255.255.0Router3(config-if)#Router3(config-if)#exitexitRouter3(config)#Router3(config)#router router ospfospf 1 1 Router3(config-router)#Router3(config-router)#network 30.1.1.0 0.0.0.255 area 1network 30.1.1.0 0.0.0.255 area 1326.10.3 6.10.3 操作步骤操作步骤2. 2. 测试端口连通
90、性测试端口连通性测试端口连通性测试端口连通性 Router1#ping 20.1.1.2 # Router1#ping 20.1.1.2 #测试结果是连通的测试结果是连通的测试结果是连通的测试结果是连通的 Router1#ping 30.1.1.1 Router1#ping 30.1.1.1 #测试结果是连通的测试结果是连通的测试结果是连通的测试结果是连通的 Router1#ping 30.1.1.2 # Router1#ping 30.1.1.2 #测试结果是连通的测试结果是连通的测试结果是连通的测试结果是连通的 Router1#ping 40.1.1.1 Router1#ping 40.1
91、.1.1 # #测试结果不通,因为测试结果不通,因为测试结果不通,因为测试结果不通,因为Router3Router3在在在在 40.1.1.0/2440.1.1.0/24上没有启用上没有启用上没有启用上没有启用OSPFOSPF协议,到网段协议,到网段协议,到网段协议,到网段40.1.1.0/2440.1.1.0/24的路由信息的路由信息的路由信息的路由信息 没有在没有在没有在没有在 ASAS内传播内传播内传播内传播 Router1#ping 40.1.2.1 Router1#ping 40.1.2.1 #测试结果不通,原因同上测试结果不通,原因同上测试结果不通,原因同上测试结果不通,原因同上3
92、36.10.3 6.10.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(1)(1)查看查看Router1Router1的路由表信息的路由表信息 Router1#Router1#show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/24 is 20.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subn
93、ets C 20.1.1.0 is directly connected, Serial1/0 C 20.1.1.0 is directly connected, Serial1/0 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C 10.1.1.0 is directly connected, FastEthernet0/0 C 10.1.1.0 is directly connected, FastEthernet0/0 30.0.0.0/24 is 30.0.0.0/24 is subnett
94、edsubnetted, 1 subnets, 1 subnets O IA 30.1.1.0 110/128 via 20.1.1.2, 00:06:18, Serial1/0O IA 30.1.1.0 110/128 via 20.1.1.2, 00:06:18, Serial1/0 从上面显示的信息可知,对于从上面显示的信息可知,对于Router1Router1来说,通过来说,通过OSPFOSPF协议学习获协议学习获得了得了1 1条区域外部路由:条区域外部路由: 30.1.1.030.1.1.0,但不包括到,但不包括到40.1.1.0/2440.1.1.0/24、40.1.2.0/244
95、0.1.2.0/24、40.1.3.0/2440.1.3.0/24的路由。的路由。346.10.3 6.10.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(1)(1)查看查看Router1Router1的路由表信息的路由表信息 Router1#Router1# show show ipip ospfospf database database OSPF Router with ID (20.1.1.1) (Process ID 1) OSPF Router with ID (20.1.1.1)
96、(Process ID 1) Router Link States (Area 0) Router Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countcount20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 1394 0x80000003 0x0021E7 3 1394 0x80000003 0x0021E7 330.1.1.1 30.1.1.1 30.1.1.130.1.1.1 659 0x8000000
97、3 0x00D841 2 659 0x80000003 0x00D841 2 Summary Net Link States (Area 0) Summary Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum 30.1.1.0 30.1.1.1 655 0x80000001 0x004972 30.1.1.0 30.1.1.1 655 0x80000001 0x004972 Router1Router1的的OSPFOSPF数据库显示,数据库显示,Rou
98、ter1Router1收到了收到了1 1条区域外部的网络汇条区域外部的网络汇总总LSALSA(3 3类类LSALSA),它们是由),它们是由ABRABR(Router2Router2)传入的。因为)传入的。因为Router3Router3在在40.1.1.0/2440.1.1.0/24、40.1.2.0/2440.1.2.0/24、40.1.3.0/2440.1.3.0/24上没有启用上没有启用OSPFOSPF协议,这些区域协议,这些区域1 1中的网络地址没有传入区域中的网络地址没有传入区域0 0。356.10.3 6.10.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由
99、信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(2) (2) 查看查看Router2Router2的的OSPFOSPF路由信息路由信息 Router2#show Router2#show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/24 is 20.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C 20.1.1.0 is directly connected, S
100、erial0/1 C 20.1.1.0 is directly connected, Serial0/1 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets O 10.1.1.0 110/65 via 20.1.1.1, 02:19:46, Serial0/1 O 10.1.1.0 110/65 via 20.1.1.1, 02:19:46, Serial0/1 30.0.0.0/24 is 30.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C
101、 30.1.1.0 is directly connected, Serial0/0 C 30.1.1.0 is directly connected, Serial0/0 从上面显示的信息可知,从上面显示的信息可知,Router2Router2通过通过OSPFOSPF协议获得了协议获得了1 1条路由:条路由:10.1.1.010.1.1.0。366.10.3 6.10.3 操作步骤操作步骤3. 3. 查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式查看路由信息,确定其认证方式(2) (2) 查看查看Router2Router2的的OSPFOSPF路由信息路
102、由信息 Router2#show Router2#show ipip ospfospf database database OSPF Router with ID (30.1.1.1) (Process ID 1) OSPF Router with ID (30.1.1.1) (Process ID 1) Router Link States (Area 0) Router Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countco
103、unt20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 1414 0x80000007 0x0019EB 3 1414 0x80000007 0x0019EB 330.1.1.1 30.1.1.1 30.1.1.130.1.1.1 437 0x80000007 0x00D045 2 437 0x80000007 0x00D045 2 Summary Net Link States (Area 0) Summary Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Che
104、cksum# Checksum30.1.1.0 30.1.1.1 437 0x80000005 0x00417630.1.1.0 30.1.1.1 437 0x80000005 0x004176 Router Link States (Area 1) Router Link States (Area 1) Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countcount30.1.1.1 30.1.1.1 30.1.1.130.1.1.1 437 0x80000007 0x
105、008E5E 2 437 0x80000007 0x008E5E 240.1.3.1 40.1.3.1 40.1.3.140.1.3.1 355 0x80000006 0x00429F 2 355 0x80000006 0x00429F 2 37Summary Net Link States (Area 1)Summary Net Link States (Area 1) Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum 10.1.1.0 30.1.1.1 437 0x80000005 0x0050
106、7A 10.1.1.0 30.1.1.1 437 0x80000005 0x00507A 20.1.1.0 30.1.1.1 439 0x80000005 0x00C3FD 20.1.1.0 30.1.1.1 439 0x80000005 0x00C3FD 从上面显示的信息可知,从上面显示的信息可知,从上面显示的信息可知,从上面显示的信息可知,Router2Router2是区域边界路由器,它连接区域是区域边界路由器,它连接区域是区域边界路由器,它连接区域是区域边界路由器,它连接区域0 0和和和和区域区域区域区域1 1,在区域,在区域,在区域,在区域0 0中保存了中保存了中保存了中保存了1 1条
107、目的网络位于其它区域的条目的网络位于其它区域的条目的网络位于其它区域的条目的网络位于其它区域的3 3类类类类LSALSA,在区,在区,在区,在区域域域域1 1中保存了中保存了中保存了中保存了2 2条目的网络位于其它区域的条目的网络位于其它区域的条目的网络位于其它区域的条目的网络位于其它区域的3 3类类类类LSALSA,这和我们的拓扑设,这和我们的拓扑设,这和我们的拓扑设,这和我们的拓扑设计一致。计一致。计一致。计一致。38 6.10.3 6.10.3 操作步骤操作步骤4.4.配置路由网段聚合配置路由网段聚合配置路由网段聚合配置路由网段聚合 :ASAS外部路由的聚合需在外部路由的聚合需在ASAS
108、边界路由器(边界路由器(Router3Router3)上配置。)上配置。 Router3# Router3#config terminalconfig terminal Router3(config)# Router3(config)#router router ospfospf 1 1 Router3(config-router)# Router3(config-router)#redistribute connected subnetredistribute connected subnet# #把不属于本自治系统的直连网段作为把不属于本自治系统的直连网段作为ASAS外部路由重新发布到外部
109、路由重新发布到ASAS中中 Router3(config-router)# Router3(config-router)#summary-address 40.1.0.0 255.255.0.0summary-address 40.1.0.0 255.255.0.0 # #把把ASBRASBR拥有的拥有的ASAS外部路由的网络地址进行汇总,汇总网段地址是外部路由的网络地址进行汇总,汇总网段地址是 40.1.0.0/24,40.1.0.0/24,此地址覆盖的此地址覆盖的ASAS外部路由外部路由40.1.1.0/2440.1.1.0/24、40.1.2.0/2440.1.2.0/24、40.1.3
110、.0/2440.1.3.0/24被合并成一条汇总路由(被合并成一条汇总路由(40.1.0.0/2440.1.0.0/24) ,然后重新发布到,然后重新发布到本自治系统(即本自治系统(即OSPFOSPF路由域)中。路由域)中。 Router3(config-router)# Router3(config-router)#endend396.10.3 6.10.3 操作步骤操作步骤5.5.查看路由信息,验证查看路由信息,验证查看路由信息,验证查看路由信息,验证OSPFOSPF聚合聚合聚合聚合 :(1) (1) 查看查看查看查看Router2Router2的的的的OSPFOSPF信息信息信息信息 R
111、outer2#Router2# show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/24 is 20.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C 20.1.1.0 is directly connected, Serial0/1 C 20.1.1.0 is directly connected, Serial0/1 40.0.0.0/16 is 40.0.0.0/16 is
112、subnettedsubnetted, 1 subnets, 1 subnets O E2 40.1.0.0 110/20 via 30.1.1.2, 00:03:57, Serial0/0O E2 40.1.0.0 110/20 via 30.1.1.2, 00:03:57, Serial0/0 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets O 10.1.1.0 110/65 via 20.1.1.1, 02:54:54, Serial0/1 O 10.1.1.0 110/65 via 20.1.
113、1.1, 02:54:54, Serial0/1 30.0.0.0/24 is 30.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C 30.1.1.0 is directly connected, Serial0/0 C 30.1.1.0 is directly connected, Serial0/0 此时,在此时,在Router2Router2的路由表中通过的路由表中通过OSPFOSPF协议获得了聚合(即汇总)后的协议获得了聚合(即汇总)后的ASAS外部路由外部路由40.1.0.0/1640.1.0.0/16。406.10.3
114、6.10.3 操作步骤操作步骤5.5.查看路由信息,验证查看路由信息,验证查看路由信息,验证查看路由信息,验证OSPFOSPF聚合聚合聚合聚合 :(1) (1) 查看查看查看查看Router2Router2的的的的OSPFOSPF信息信息信息信息 Router2#Router2# show show ipip ospfospf database database OSPF Router with ID (30.1.1.1) (Process ID 1) OSPF Router with ID (30.1.1.1) (Process ID 1) Router Link States (Area
115、0) Router Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countcount20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 1519 0x80000008 0x0017EC 3 1519 0x80000008 0x0017EC 330.1.1.1 30.1.1.1 30.1.1.130.1.1.1 533 0x80000008 0x00CE46 2 533 0x80000008 0x00CE46 2 S
116、ummary Net Link States (Area 0) Summary Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum30.1.1.0 30.1.1.1 533 0x80000006 0x003F7730.1.1.0 30.1.1.1 533 0x80000006 0x003F77 Summary ASB Link States (Area 0) Summary ASB Link States (Area 0)Link ID ADV Rout
117、er Age Link ID ADV Router Age SeqSeq# Checksum# Checksum40.1.3.1 30.1.1.1 468 0x80000001 0x00981540.1.3.1 30.1.1.1 468 0x80000001 0x009815 41Router Link States (Area 1)Router Link States (Area 1)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countcount30.1.1.1 30
118、.1.1.1 30.1.1.130.1.1.1 533 0x80000008 0x008C5F 2 533 0x80000008 0x008C5F 240.1.3.1 40.1.3.1 40.1.3.140.1.3.1 434 0x80000008 0x004499 2 434 0x80000008 0x004499 2 Summary Net Link States (Area 1) Summary Net Link States (Area 1)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum1
119、0.1.1.0 30.1.1.1 535 0x80000006 0x004E7B10.1.1.0 30.1.1.1 535 0x80000006 0x004E7B20.1.1.0 30.1.1.1 535 0x80000006 0x00C1FE20.1.1.0 30.1.1.1 535 0x80000006 0x00C1FE Type-5 AS External Link States Type-5 AS External Link StatesLink ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Tag# Checksu
120、m Tag40.1.0.0 40.1.3.1 401 0x80000001 0x004505 040.1.0.0 40.1.3.1 401 0x80000001 0x004505 0 从上面显示的信息可知,从上面显示的信息可知,Router2Router2收到了聚合后的收到了聚合后的ASAS外部路由外部路由40.1.0.0/1640.1.0.0/16,该聚合路由是由作为,该聚合路由是由作为ASBRASBR的的Router3Router3(40.1.3.140.1.3.1)以)以5 5类类LSALSA的形式通告的,传播范围是整个的形式通告的,传播范围是整个ASAS。426.10.3 6.10.3
121、 操作步骤操作步骤5.5.查看路由信息,验证查看路由信息,验证查看路由信息,验证查看路由信息,验证OSPFOSPF聚合聚合聚合聚合 :(2) (2) 查看查看查看查看Router1Router1的路由表信息的路由表信息的路由表信息的路由表信息 Router1#Router1# show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/24 is 20.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 sub
122、nets C 20.1.1.0 is directly connected, Serial1/0 C 20.1.1.0 is directly connected, Serial1/0 40.0.0.0/16 is 40.0.0.0/16 is subnettedsubnetted, 1 subnets, 1 subnets O E2 40.1.0.0 110/20 via 20.1.1.2, 00:46:39, Serial1/0O E2 40.1.0.0 110/20 via 20.1.1.2, 00:46:39, Serial1/0 10.0.0.0/24 is 10.0.0.0/24
123、is subnettedsubnetted, 1 subnets, 1 subnets C 10.1.1.0 is directly connected, FastEthernet0/0 C 10.1.1.0 is directly connected, FastEthernet0/0 30.0.0.0/24 is 30.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets O IA 30.1.1.0 110/128 via 20.1.1.2, 03:37:35, Serial1/0 O IA 30.1.1.0 110/128 via 20.
124、1.1.2, 03:37:35, Serial1/0 此时,此时,Router1Router1的路由表显示,的路由表显示,Router1Router1通过通过OSPFOSPF协议获得了协议获得了ASAS外部路外部路由由40.1.0.0/1640.1.0.0/16。436.10.3 6.10.3 操作步骤操作步骤5.5.查看路由信息,验证查看路由信息,验证查看路由信息,验证查看路由信息,验证OSPFOSPF聚合聚合聚合聚合 :(2) (2) 查看查看查看查看Router1Router1的的的的OSPFOSPF信息信息信息信息 Router1#Router1# show show ipip osp
125、fospf database database OSPF Router with ID (20.1.1.1) (Process ID 1)OSPF Router with ID (20.1.1.1) (Process ID 1) Router Link States (Area 0) Router Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link # Checksum Link countcount20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 9
126、48 0x8000000A 0x0013EE 3 948 0x8000000A 0x0013EE 330.1.1.1 30.1.1.1 30.1.1.130.1.1.1 1981 0x80000009 0x00CC47 2 1981 0x80000009 0x00CC47 2 Summary Net Link States (Area 0) Summary Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum30.1.1.0 30.1.1.1 1981 0
127、x80000007 0x003D7830.1.1.0 30.1.1.1 1981 0x80000007 0x003D78 Summary ASB Link States (Area 0) Summary ASB Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum40.1.3.1 30.1.1.1 1981 0x80000002 0x00961640.1.3.1 30.1.1.1 1981 0x80000002 0x00961644Type-5 AS Extern
128、al Link StatesType-5 AS External Link StatesLink ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum # Checksum TagTag40.1.0.0 40.1.3.1 1878 0x80000002 0x004306 040.1.0.0 40.1.3.1 1878 0x80000002 0x004306 0 从上面显示的信息可知,从上面显示的信息可知,从上面显示的信息可知,从上面显示的信息可知,Router1Router1收到了聚合后的收到了聚合后的收到了聚合后的收到了聚合后的A
129、SAS外部路由外部路由外部路由外部路由40.1.0.0/1640.1.0.0/16,该聚合路由是由作为,该聚合路由是由作为,该聚合路由是由作为,该聚合路由是由作为ASBRASBR的的的的Router3Router3(40.1.3.140.1.3.1)以)以)以)以5 5类类类类LSALSA的形式通告的,传播范围是整个的形式通告的,传播范围是整个的形式通告的,传播范围是整个的形式通告的,传播范围是整个ASAS。456.10.3 6.10.3 操作步骤操作步骤5.5.查看路由信息,验证查看路由信息,验证查看路由信息,验证查看路由信息,验证OSPFOSPF聚合聚合聚合聚合 :(3 3)测试)测试)测
130、试)测试Router1Router1到到到到ASAS外部网段的可达性外部网段的可达性外部网段的可达性外部网段的可达性 Router1#Router1# show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/24 is 20.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets O IA 20.1.1.0 110/128 via 30.1.1.1, 01:16:23, Serial0/0 O
131、IA 20.1.1.0 110/128 via 30.1.1.1, 01:16:23, Serial0/0 40.0.0.0/8 is variably 40.0.0.0/8 is variably subnettedsubnetted, 4 subnets, 2 masks, 4 subnets, 2 masks C 40.1.1.0/24 is directly connected, FastEthernet0/0 C 40.1.1.0/24 is directly connected, FastEthernet0/0 O 40.1.0.0/16 is a summary, 01:15:1
132、3, Null0 O 40.1.0.0/16 is a summary, 01:15:13, Null0 C 40.1.3.0/24 is directly connected, Loopback0 C 40.1.3.0/24 is directly connected, Loopback0 C 40.1.2.0/24 is directly connected, FastEthernet0/1 C 40.1.2.0/24 is directly connected, FastEthernet0/1 10.0.0.0/24 is 10.0.0.0/24 is subnettedsubnette
133、d, 1 subnets, 1 subnets O IA 10.1.1.0 110/129 via 30.1.1.1, 01:16:23, Serial0/0 O IA 10.1.1.0 110/129 via 30.1.1.1, 01:16:23, Serial0/0 30.0.0.0/24 is 30.0.0.0/24 is subnettedsubnetted, 1 subnets, 1 subnets C 30.1.1.0 is directly connected, Serial0/0 C 30.1.1.0 is directly connected, Serial0/046 Rou
134、ter1#Router1#ping 40.1.1.1ping 40.1.1.1 # #测试结果是连通的测试结果是连通的 Router1# Router1#ping 40.1.3.1ping 40.1.3.1# #测试结果是连通的测试结果是连通的 在在Router3Router3上配置上配置“ “redistribute connected subnet”redistribute connected subnet”命令及命令及“ “summary-address 40.1.0.0 255.255.0.0”summary-address 40.1.0.0 255.255.0.0”命令以前,命令以前
135、,Router1Router1无法无法连通节点连通节点40.1.1.140.1.1.1,但现在可以连通了。原因是,但现在可以连通了。原因是Router3Router3把把ASAS外部外部路由路由40.1.1.0/2440.1.1.0/24、40.1.2.0/2440.1.2.0/24、40.1.3.0/2440.1.3.0/24合并成一条汇总路由合并成一条汇总路由(40.1.0.0/2440.1.0.0/24),然后重新发布到本自治系统(即),然后重新发布到本自治系统(即OSPFOSPF路由域)路由域)中的中的Router1Router1和和Router2Router2,使得,使得Router
136、1Router1及及Router2Router2能够到达汇总路由能够到达汇总路由所覆盖的网段所覆盖的网段40.1.1.0/2440.1.1.0/24、40.1.2.0/2440.1.2.0/24、40.1.3.0/2440.1.3.0/24。47 附:各路由器最终配置信息附:各路由器最终配置信息: Router1#show runRouter1#show run Building configuration.Building configuration. Current configuration : 954 bytesCurrent configuration : 954 bytes ! !
137、 version 12.3version 12.3 service timestamps debug service timestamps debug datetimedatetime msecmsec service timestamps log service timestamps log datetimedatetime msecmsec no service password-encryptionno service password-encryption hostname Router1hostname Router1 boot-start-markerboot-start-mark
138、er boot-end-markerboot-end-marker ! ! no no aaaaaa new-model new-model ipip subnet-zero subnet-zero ipip cefcef ! !48 interface FastEthernet0/0interface FastEthernet0/0 ipip address 10.1.1.1 255.255.255.0 address 10.1.1.1 255.255.255.0 duplex auto duplex auto speed auto speed auto ! ! interface Fast
139、Ethernet0/1interface FastEthernet0/1 no no ipip address address shutdown shutdown duplex auto duplex auto speed auto speed auto ! ! interface Serial1/0interface Serial1/0 ipip address 20.1.1.1 255.255.255.0 address 20.1.1.1 255.255.255.0 serial restart-delay 0 serial restart-delay 0 ! ! interface Se
140、rial1/1interface Serial1/1 no no ipip address address shutdown shutdown serial restart-delay 0 serial restart-delay 0 ! !49 interface Serial1/2interface Serial1/2 no no ipip address address shutdown shutdown serial restart-delay 0 serial restart-delay 0 ! ! interface Serial1/3interface Serial1/3 no
141、no ipip address address shutdown shutdown serial restart-delay 0 serial restart-delay 0 ! ! router router ospfospf 1 1 log-adjacency-changes log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0network 10.1.1.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 !
142、! no no ipip http server http server no no ipip http secure-server http secure-server ipip classless classless ! ! line con 0line con 0 line aux 0line aux 0 line line vtyvty 0 4 0 4 ! ! endend50 Router2#show runRouter2#show run hostname Router2hostname Router2 ! ! interface Serial0/0interface Serial
143、0/0 ipip address 30.1.1.1 255.255.255.0 address 30.1.1.1 255.255.255.0 clockrateclockrate 64000 64000 ! ! interface Serial0/1interface Serial0/1 ipip address 20.1.1.2 255.255.255.0 address 20.1.1.2 255.255.255.0 clockrateclockrate 64000 64000 ! ! router router ospfospf 1 1 log-adjacency-changes log-
144、adjacency-changes network 20.1.1.0 0.0.0.255 area 0network 20.1.1.0 0.0.0.255 area 0 network 30.1.1.0 0.0.0.255 area 1 network 30.1.1.0 0.0.0.255 area 1 ! ! 51 Router3#show runRouter3#show run hostname Router3hostname Router3 interface Loopback0interface Loopback0 ipip address 40.1.3.1 255.255.255.0
145、 address 40.1.3.1 255.255.255.0 ! ! interface FastEthernet0/0interface FastEthernet0/0 ipip address 40.1.1.1 255.255.255.0 address 40.1.1.1 255.255.255.0 duplex autoduplex auto speed auto speed auto ! ! interface Serial0/0interface Serial0/0 ipip address 30.1.1.2 255.255.255.0 address 30.1.1.2 255.2
146、55.255.0 no fair-queue no fair-queue ! !52 interface FastEthernet0/1interface FastEthernet0/1 ipip address 40.1.2.1 255.255.255.0 address 40.1.2.1 255.255.255.0 duplex auto duplex auto speed auto speed auto ! ! router router ospfospf 1 1 log-adjacency-changes log-adjacency-changes summary-address 40
147、.1.0.0 255.255.0.0summary-address 40.1.0.0 255.255.0.0 redistribute connected subnets redistribute connected subnets network 30.1.1.0 0.0.0.255 area 1 network 30.1.1.0 0.0.0.255 area 1 ! ! 536.11 配置配置OSPF虚链路 6.11.16.11.1操作内容和环境操作内容和环境 操作内容:操作内容:本节主要介绍在思科路由器上配置本节主要介绍在思科路由器上配置OSPFOSPF虚链路,实现非主虚链路,实现非主干
148、区域通过传输区域干区域通过传输区域(transit area)(transit area)与主干区域的连接的方法。与主干区域的连接的方法。 组网环境:组网环境:Router1Router1是思科是思科CISCO 3725CISCO 3725路由器,路由器,IOSIOS为为c3725-jk9s-c3725-jk9s-mz.123-12amz.123-12a(版本为(版本为12.312.3),),Router2Router2和和Router3Router3是思科是思科CISCO CISCO 2621XM2621XM路由器,路由器,IOSIOS为为c2600-adventerprisek9-mz.1
149、23-11.T3c2600-adventerprisek9-mz.123-11.T3(版本(版本为为12.312.3)。)。PCPC机机3 3台,台,DTE-DCEDTE-DCE交叉电缆(交叉电缆(V35V35电缆)电缆)1 1对,交叉网线对,交叉网线2 2根根( (或一台交换机,或一台交换机,4 4根直通网线根直通网线) );consoleconsole配置电缆配置电缆3 3根。根。 Router1Router1以太网口与以太网口与Router2Router2的以太网口通过交叉网线相连或通过交换机相连,的以太网口通过交叉网线相连或通过交换机相连,Router2Router2串口与串口与Rou
150、ter3Router3的串口通过的串口通过V35V35电缆相连。电缆相连。Router3Router3的以太网口的以太网口与与PCPC机相连。机相连。 54图6-13 OSPF虚链路配置拓扑结构图 55 6.11.2 6.11.2 相关知识介绍相关知识介绍( (基础知识基础知识) ) OSPF OSPF 划分区域之后,并非所有的区域都是平等的关系,有一个主划分区域之后,并非所有的区域都是平等的关系,有一个主干区域(区域干区域(区域0 0)如果一个区域没有与主干区域)如果一个区域没有与主干区域0 0形成直接的物理形成直接的物理连接,就必须建立一条虚链路连接,就必须建立一条虚链路 虚链路是指在两台
151、虚链路是指在两台ABRABR(区域边界路由器)之间通过一个非主干(区域边界路由器)之间通过一个非主干区域的内部通路而建立的一条逻辑上的连接。区域的内部通路而建立的一条逻辑上的连接。 虚链路在穿过传输区域、连接虚链路两端虚链路在穿过传输区域、连接虚链路两端ABRABR的路由计算出来后的路由计算出来后被激活,相当于在两个端点之间形成了一个点到点的连接被激活,相当于在两个端点之间形成了一个点到点的连接 。 虚链路只能跨越一个传输区域,也就是说:非主干区域只能跨越虚链路只能跨越一个传输区域,也就是说:非主干区域只能跨越一个传输区域和主干区域建立虚链路一个传输区域和主干区域建立虚链路。56 6.11.2
152、 6.11.2 相关知识介绍相关知识介绍( (注意要点注意要点) ) 组网时请尽量避免虚链路!组网时请尽量避免虚链路! 虚链路的性能较差,常用于临时性故障修复,不适合长期使用虚链路的性能较差,常用于临时性故障修复,不适合长期使用 虚链路无法穿过虚链路无法穿过stubstub域和域和nssanssa域。域。576.11.2 6.11.2 相关知识介绍相关知识介绍( (认证格式认证格式) ) 配置环回口地址作为配置环回口地址作为router IDrouter ID号:号: interface loopback interface loopback numbernumber ipip address
153、 address ipip-address subnet-mask-address subnet-mask 例:将环回口例:将环回口例:将环回口例:将环回口lo0lo0地址设置为地址设置为地址设置为地址设置为192.168.11.1/24192.168.11.1/24 Router(configRouter(config)# interface loopback 0)# interface loopback 0 Router(config-if)#Router(config-if)#ipip address 192.168.11.1 255.255.255.0 address 192.168.
154、11.1 255.255.255.0 利用利用router idrouter id命令配置命令配置OSPFOSPF路由器的路由器的IDID号号 router-id router-id id-addressid-address 例:设置例:设置OSPFOSPF路由器的路由器的IDID号为号为1.1.1.11.1.1.1 Router(config)#Router(config)#routerrouter ospfospf 1 1 # #进入进入ospfospf进程配置状态进程配置状态 Router(config-router)#Router(config-router)#routerrouter
155、 id 1.1.1.1 id 1.1.1.1 配置虚链路命令配置虚链路命令配置虚链路命令配置虚链路命令virtual-linkvirtual-link的格式的格式的格式的格式 area area area-id area-id virtual-link virtual-link router-idrouter-id hello-interval hello-interval secondsseconds retransmit-interval retransmit-interval secondsseconds transmit-delay transmit-delay secondsseco
156、nds dead-interval dead-interval secondsseconds authentication-key authentication-key keykey | | message-digest-key message-digest-key key-idkey-id md5 md5 keykey no area no area area-id area-id586.11.3 6.11.3 操作步骤操作步骤1.1.配置三台路由器的各端口,并配置配置三台路由器的各端口,并配置配置三台路由器的各端口,并配置配置三台路由器的各端口,并配置OSPFOSPF虚链路虚链路虚链路虚链
157、路 (1)(1)在路由器在路由器Router1Router1上的配置上的配置 Router1 Router1路由器型号为:思科路由器型号为:思科CISCO 3725CISCO 3725路由器,其命令如下路由器,其命令如下 Router Routerenableenable Router#Router#configconfig terminal terminal Router(config)#Router(config)#hostnamehostname Router1 Router1 Router1(config)# Router1(config)# interface loopback0 i
158、nterface loopback0 # #配置配置LoopbackLoopback接口,接口,用于确定用于确定Router-idRouter-id号号 Router1(config-if)# Router1(config-if)#ip add 10.1.1.1 255.255.255.0ip add 10.1.1.1 255.255.255.0 Router1(config-if)# Router1(config-if)#interface fa0/0interface fa0/0 Router1(config-if)# Router1(config-if)#ip address 192.1
159、68.1.1 255.255.255.0ip address 192.168.1.1 255.255.255.0 Router1(config-if)# Router1(config-if)#no shutdownno shutdown Router1(config-if)# Router1(config-if)#exitexit Router1(config)# Router1(config)#router router ospfospf 1 1 # #进入进入ospfospf设置状态设置状态 Router1(config-router)# Router1(config-router)#ne
160、twork 192.168.1.0 0.0.0.255 area 0network 192.168.1.0 0.0.0.255 area 0 Router1(config-router)# Router1(config-router)#network 10.1.1.0 0.0.0.255 area 0network 10.1.1.0 0.0.0.255 area 0 # #设置设置OSPF1OSPF1的的0 0区域地址范围区域地址范围 Router1(config-router)# Router1(config-router)#endend 596.11.3 6.11.3 操作步骤操作步骤1.
161、1.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (2)(2)配置配置Router2Router2的接口及虚链路的接口及虚链路 : 路由器路由器Router2Router2为区域边界路由器为区域边界路由器, ,配置命令如下:配置命令如下: Router Routerenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z. Enter conf
162、iguration commands, one per line. End with CNTL/Z. Router(config)#Router(config)#hostnamehostname Router2 Router2 Router2(config)# Router2(config)# interface loopback0 interface loopback0 # #配置配置LoopbackLoopback接口,接口,用于确定用于确定Router-idRouter-id号号 Router2(config-if)# Router2(config-if)#ip add 20.1.1.1
163、 255.255.255.0ip add 20.1.1.1 255.255.255.0 Router2(config)# Router2(config)#interface fa0/0interface fa0/0 Router2(config-if)# Router2(config-if)#ip address 192.168.1.2 255.255.255.0ip address 192.168.1.2 255.255.255.0 Router2(config-if)# Router2(config-if)#no shutdownno shutdown Router2(config-if)
164、# Router2(config-if)#interface s0/0interface s0/0 Router2(config-if)# Router2(config-if)#ip address 192.168.10.2 255.255.255.0ip address 192.168.10.2 255.255.255.0 Router2(config-if)# Router2(config-if)#no shutdownno shutdown 60 Router2(config-if)#Router2(config-if)#clockrate 64000 clockrate 64000 #
165、 #连接该端口的电缆若是连接该端口的电缆若是DTEDTE电缆,则不用配置电缆,则不用配置 Router2(config-if)# Router2(config-if)#exitexit Router2(config)# Router2(config)#router router ospfospf 1 1 Router2(config-router)# Router2(config-router)#network 192.168.1.0 0.0.0.255 area 0network 192.168.1.0 0.0.0.255 area 0 Router2(config-router)# Rou
166、ter2(config-router)#network 192.168.10.0 0.0.0.255 area 1network 192.168.10.0 0.0.0.255 area 1 Router2(config-router)# Router2(config-router)#network 20.1.1.0 0.0.0.255 area 1network 20.1.1.0 0.0.0.255 area 1 Router2(config-router)# Router2(config-router)#area 1 virtual-link 30.1.1.1area 1 virtual-l
167、ink 30.1.1.1 # #区域区域0 0的的ABRABR与区域与区域2 2的的ABRABR通过区域通过区域1 1建立虚链路,这里建立虚链路,这里的的30.1.1.130.1.1.1是虚链路的对端路由器是虚链路的对端路由器Router3Router3的的IDID号,号,Router3Router3的环回接口的环回接口地址地址30.1.1.130.1.1.1作为其路由器作为其路由器IDID号。号。 Router2(config-router)# Router2(config-router)#endend Router2# Router2#616.11.3 6.11.3 操作步骤操作步骤1.1
168、.按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式按拓扑图配置各个端口及认证方式 (3) (3) 配置配置Router3Router3的接口及虚链路:的接口及虚链路: Router3 Router3为区域边界路由器,配置命令如下:为区域边界路由器,配置命令如下: Router Routerenableenable Router#Router#configconfig terminal terminal Enter configuration commands, one per line. End with CNTL/Z. Enter configura
169、tion commands, one per line. End with CNTL/Z. Router(config)#Router(config)#hostnamehostname Router3 Router3 Router3(config)# Router3(config)# interface loopback0 interface loopback0 # #配置配置LoopbackLoopback接口,接口,用于确定用于确定Router-idRouter-id号号 Router3(config-if)# Router3(config-if)#no shutdownno shutdo
170、wn Router3(config-if)# Router3(config-if)#ip add 30.1.1.1 255.255.255.0ip add 30.1.1.1 255.255.255.0 Router3(config)# Router3(config)#interface fa0/0interface fa0/0 Router3(config-if)# Router3(config-if)#ip address 192.168.20.1 255.255.255.0ip address 192.168.20.1 255.255.255.0 Router3(config-if)# R
171、outer3(config-if)#no shutdownno shutdown Router3(config-if)# Router3(config-if)#interface s0/0interface s0/0 Router3(config-if)# Router3(config-if)#ip address 192.168.10.1 255.255.255.0ip address 192.168.10.1 255.255.255.0 Router3(config-if)# Router3(config-if)#no shutdownno shutdown62 Router3(confi
172、g-if)# Router3(config-if)#clockrate 64000clockrate 64000# #连接该端口的电缆若是连接该端口的电缆若是DTEDTE电缆,则不用配置电缆,则不用配置 Router3(config-if)# Router3(config-if)#exitexit Router3(config)# Router3(config)#router router ospfospf 1 1 Router3(config-router)# Router3(config-router)#network 192.168.10.0 0.0.0.255 area 1networ
173、k 192.168.10.0 0.0.0.255 area 1 Router3(config-router)# Router3(config-router)#network 192.168.20.0 0.0.0.255 area 2network 192.168.20.0 0.0.0.255 area 2 Router3(config-router)# Router3(config-router)#network 30.1.1.0 0.0.0.255 area 2network 30.1.1.0 0.0.0.255 area 2 Router3(config-router)# Router3(
174、config-router)#area 1 virtual-link 20.1.1.1area 1 virtual-link 20.1.1.1# #区域区域2 2的的ABRABR与区域与区域0 0的的ABRABR通过区域通过区域1 1建立虚链路,应在虚链路两端建立虚链路,应在虚链路两端点的路由器上配置虚链路,这里的点的路由器上配置虚链路,这里的20.1.1.120.1.1.1是虚链路的对端路由器是虚链路的对端路由器Router2Router2的的IDID号,号,Router2Router2的环回接口地址的环回接口地址20.1.1.120.1.1.1作为其路由器作为其路由器IDID号。号。 Ro
175、uter3(config-router)# Router3(config-router)#endend Router3# Router3#636.11.3 6.11.3 操作步骤操作步骤2. 2. 查看路由信息,测试各端口连通性查看路由信息,测试各端口连通性查看路由信息,测试各端口连通性查看路由信息,测试各端口连通性 Router1#Router1#ping 192.168.1.2 ping 192.168.1.2 # #测试结果是连通的测试结果是连通的 Router1#Router1#ping 192.168.10.2 ping 192.168.10.2 # #测试结果是连通的测试结果是连通
176、的 Router1#Router1# ping 192.168.10.1 ping 192.168.10.1 # #测试结果是连通的测试结果是连通的 Router1#Router1# ping 192.168.20.1 ping 192.168.20.1 # #测试结果是连通的测试结果是连通的64 6.11.3 6.11.3 操作步骤操作步骤3.3.通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性 (1)(1)查看查看Router1Router1的信息的信息 Router1#Rout
177、er1#show show ipip route route Gateway of last resort is not set Gateway of last resort is not set 20.0.0.0/32 is 20.0.0.0/32 is subnettedsubnetted, 1 subnets, 1 subnets O IA 20.1.1.1 110/2 via 192.168.1.2, 00:00:09,O IA 20.1.1.1 110/2 via 192.168.1.2, 00:00:09, FastEthernet0/0FastEthernet0/0 O IA 1
178、92.168.10.0/24 110/65 via 192.168.1.2, 00:00:09,O IA 192.168.10.0/24 110/65 via 192.168.1.2, 00:00:09, FastEthernet0/0FastEthernet0/0 O IA 192.168.20.0/24 110/66 via 192.168.1.2, 00:00:09O IA 192.168.20.0/24 110/66 via 192.168.1.2, 00:00:09, , FastEthernet0/0FastEthernet0/0 10.0.0.0/24 is 10.0.0.0/2
179、4 is subnettedsubnetted, 1 subnets, 1 subnets C 10.1.1.0 is directly connected, Loopback0 C 10.1.1.0 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is 30.0.0.0/32 is subnettedsubnetted, 1 su
180、bnets, 1 subnets O IA 30.1.1.1 110/66 via 192.168.1.2, 00:00:09, O IA 30.1.1.1 110/66 via 192.168.1.2, 00:00:09, FastEthernet0/0FastEthernet0/065 6.11.3 6.11.3 操作步骤操作步骤3.3.通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性 (2)(2)查看查看Router1Router1的的OSPFOSPF数据库信息数据库信息 Ro
181、uter1#Router1#show show ipip ospfospf database database OSPF Router with ID (10.1.1.1) (Process ID 1) OSPF Router with ID (10.1.1.1) (Process ID 1)Router Link States (Area 0)Router Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum Link count# Checksum Link count 10.1
182、.1.1 10.1.1.1 10.1.1.110.1.1.1 87 0x80000003 0x00C858 2 87 0x80000003 0x00C858 2 20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 87 0x80000004 0x00E35C 2 87 0x80000004 0x00E35C 2 30.1.1.1 30.1.1.1 30.1.1.130.1.1.1 6 (DNA) 0x80000002 0x001909 1 6 (DNA) 0x80000002 0x001909 1Net Link States (Area 0)Net Link States
183、(Area 0) Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum 192.168.1.2 20.1.1.1 88 0x80000001 0x004250192.168.1.2 20.1.1.1 88 0x80000001 0x00425066Summary Net Link States (Area 0)Summary Net Link States (Area 0) Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# C
184、hecksum 20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 485 0x80000001 0x00A36A 485 0x80000001 0x00A36A 20.1.1.1 30.1.1.1 12 (DNA) 0x80000001 0x00CBF720.1.1.1 30.1.1.1 12 (DNA) 0x80000001 0x00CBF7 30.1.1.1 30.1.1.1 12 (DNA) 0x80000001 0x00C63330.1.1.1 30.1.1.1 12 (DNA) 0x80000001 0x00C633 192.168.10.0 20.1.1.1 3
185、58 0x80000001 0x002250 192.168.10.0 20.1.1.1 358 0x80000001 0x002250 192.168.10.0 30.1.1.1 12 (DNA) 0x80000001 0x00C7A0192.168.10.0 30.1.1.1 12 (DNA) 0x80000001 0x00C7A0 192.168.20.0 30.1.1.1 12 (DNA) 0x80000001 0x00E0BC192.168.20.0 30.1.1.1 12 (DNA) 0x80000001 0x00E0BC 从显示信息可知:从显示信息可知:Router1Router
186、1是区域是区域0 0的内部路由器的内部路由器, ,它收到来自它收到来自10.1.1.1(Router1)10.1.1.1(Router1)、20.1.1.1(Router2)20.1.1.1(Router2)和和30.1.1.1(Router3)30.1.1.1(Router3)路由器发送路由器发送的的1 1类类LSA(LSA(路由器路由器LSA)LSA) 区域区域0 0的路由器收到的网络汇总的路由器收到的网络汇总LSALSA中包含了中包含了4 4条条30.1.1.1(Router3)30.1.1.1(Router3)路由路由器发送的信息,器发送的信息,Router3Router3路由器被当作
187、是区域路由器被当作是区域0 0的区域边界路由器,这的区域边界路由器,这再次说明已经在再次说明已经在Router2Router2和和Router3Router3之间建立了一条虚链路,使区域之间建立了一条虚链路,使区域2 2通通过区域过区域1 1与区域与区域0 0相连。相连。67 10.0.0.0/32 is 10.0.0.0/32 is subnettedsubnetted, 1 subnets, 1 subnets O 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0 O 10.1.1.1 110/2 via 192.168.1
188、.1, 00:02:00, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is 30.0.0.0/32 is subnettedsubnetted, 1 subnets, 1 subnets O IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0O IA 30.1.1.1 110/65 via 192.
189、168.10.1, 00:02:00, Serial0/0 从路由表显示的信息可知,从路由表显示的信息可知,Router2Router2已经通过已经通过OSPFOSPF协议,获得了区协议,获得了区域间路由域间路由192.168.20.0/24(192.168.20.0/24(区域区域2 2中的网段中的网段) )和和30.1.1.1/32(30.1.1.1/32(区域区域2 2中中的主机路由的主机路由) )。 Router2#Router2#show show ipip ospfospf database database OSPF Router with ID (20.1.1.1) (Proc
190、ess ID 1) OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Router Link States (Area 0) Link ID ADV Router Age Link ID ADV Router Age SeqSeq# # Checksum Link countChecksum Link count 10.1.1.1 10.1.1.1 10.1.1.110.1.1.1 146 0x80000003 0x00C858 2 146 0x80000003 0x00C858 2 20.1.1.1
191、 20.1.1.1 20.1.1.120.1.1.1 146 0x80000004 0x00E35C 2 146 0x80000004 0x00E35C 2 30.1.1.1 30.1.1.1 30.1.1.130.1.1.1 5 (DNA) 0x80000002 0x001909 1 5 (DNA) 0x80000002 0x001909 110.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly conn
192、ected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Are
193、a 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 168 Net Link States (Area 0)Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# C
194、hecksum192.168.1.2 20.1.1.1 146 0x80000001 0x004250192.168.1.2 20.1.1.1 146 0x80000001 0x004250Summary Net Link States (Area 0)Summary Net Link States (Area 0)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Checksum# Checksum20.1.1.1 20.1.1.1 20.1.1.120.1.1.1 543 0x80000001 0x00A36A 543 0x8000
195、0001 0x00A36A20.1.1.1 30.1.1.1 11 (DNA) 0x80000001 0x00CBF720.1.1.1 30.1.1.1 11 (DNA) 0x80000001 0x00CBF730.1.1.1 30.1.1.1 30.1.1.130.1.1.1 11 (DNA) 0x80000001 0x00C633 11 (DNA) 0x80000001 0x00C633192.168.10.0 20.1.1.1 416 0x80000001 0x002250192.168.10.0 20.1.1.1 416 0x80000001 0x002250192.168.10.0
196、30.1.1.1 11 (DNA) 0x80000001 0x00C7A0192.168.10.0 30.1.1.1 11 (DNA) 0x80000001 0x00C7A0192.168.20.0 30.1.1.1 11 (DNA) 0x80000001 0x00E0BC192.168.20.0 30.1.1.1 11 (DNA) 0x80000001 0x00E0BCRouter Link States (Area 1)Router Link States (Area 1)Link ID ADV Router Age Link ID ADV Router Age SeqSeq# Check
197、sum# Checksum20.1.1.1 20.1.1.1 334 0x80000005 0x001C1F 320.1.1.1 20.1.1.1 334 0x80000005 0x001C1F 330.1.1.1 30.1.1.1 30.1.1.130.1.1.1 345 0x80000003 0x002F31 2 345 0x80000003 0x002F31 210.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is d
198、irectly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link
199、 States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 169 Summary Net Link States (Area 1)Summary Net Link States (Area 1) Link ID ADV Router Age Link ID ADV R
200、outer Age SeqSeq# Checksum# Checksum 10.1.1.1 20.1.1.1 134 0x80000001 0x0030E6 10.1.1.1 20.1.1.1 134 0x80000001 0x0030E6 10.1.1.1 30.1.1.1 134 0x80000001 0x005874 10.1.1.1 30.1.1.1 134 0x80000001 0x005874 30.1.1.1 30.1.1.1 30.1.1.130.1.1.1 345 0x80000001 0x00C633 345 0x80000001 0x00C633 192.168.1.0
201、20.1.1.1 139 0x80000003 0x0009AF 192.168.1.0 20.1.1.1 139 0x80000003 0x0009AF 192.168.1.0 30.1.1.1 139 0x80000003 0x00313D 192.168.1.0 30.1.1.1 139 0x80000003 0x00313D 192.168.20.0 30.1.1.1 345 0x80000001 0x00E0BC 192.168.20.0 30.1.1.1 345 0x80000001 0x00E0BC 从显示信息可知,从显示信息可知,Router2Router2是区域边界路由器,它
202、连接了区域是区域边界路由器,它连接了区域0 0和区域和区域1 1。它的它的OSPFOSPF链路数据库信息也表明,链路数据库信息也表明,Router3Router3在区域在区域0 0内通告了内通告了1 1类类LSALSA,因此因此Router3Router3是区域是区域0 0的区域边界路由器。的区域边界路由器。10.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly connected, FastEtherne
203、t0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Link ID ADV Ro
204、uter Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 170 6.11.3 6.11.3 操作步骤操作步骤3.3.通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性 (4)(4)查看虚链路两端的虚链路信息查看虚链路
205、两端的虚链路信息 在在在在Router2Router2上查看上查看上查看上查看OSPFOSPF虚链路信息虚链路信息虚链路信息虚链路信息 Router2# Router2#show show ipip ospfospf virtual-links virtual-links Virtual Link OSPF_VL0 to router 30.1.1.1 is upVirtual Link OSPF_VL0 to router 30.1.1.1 is up Run as demand circuit Run as demand circuit DoNotAgeDoNotAge LSA allow
206、ed. LSA allowed. Transit area 1, via interface Serial0/0, Cost of using 64Transit area 1, via interface Serial0/0, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT,Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Timer i
207、ntervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Hello due in 00:00:06 Adjacency State FULL (Hello suppressed)Adjacency State FULL (Hello suppressed) Index 1/2, retransmission queue length 0, number of retransmission 1Index 1/2, retransmission queue length 0, numbe
208、r of retransmission 1 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 1 Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 0 Last retransmission scan time is 0 msecmsec, maximum is 0 , max
209、imum is 0 msecmsec10.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由1
210、92.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1
211、5 (DNA) 0x80000002 0x001909 171 6.11.3 6.11.3 操作步骤操作步骤3.3.通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性 (4)(4)查看虚链路两端的虚链路信息查看虚链路两端的虚链路信息 在在在在Router3Router3上查看上查看上查看上查看OSPFOSPF虚链路信息虚链路信息虚链路信息虚链路信息 Router3# Router3#show show ipip ospfospf virtual-links virtual-links
212、Virtual Link OSPF_VL0 to router 20.1.1.1 is upVirtual Link OSPF_VL0 to router 20.1.1.1 is up Run as demand circuit Run as demand circuit DoNotAgeDoNotAge LSA allowed. LSA allowed. Transit area 1, via interface Serial0/0, Cost of using 64Transit area 1, via interface Serial0/0, Cost of using 64 Trans
213、mit Delay is 1 sec, State POINT_TO_POINT,Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:00 Hello due in 00:00:00 Adjacency State FULL (Hello sup
214、pressed)Adjacency State FULL (Hello suppressed) Index 1/2, retransmission queue length 0, number of retransmission 1Index 1/2, retransmission queue length 0, number of retransmission 1 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 1,
215、 maximum is 1 Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 0 Last retransmission scan time is 0 msecmsec, maximum is 0 , maximum is 0 msecmsec10.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is direc
216、tly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link Sta
217、tes (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 172 6.11.3 6.11.3 操作步骤操作步骤3.3.通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确性通过查看信息及结果,验证虚链路配置正确
218、性 (5)(5)查看查看Router3Router3的的OSPFOSPF信息信息 在在在在Router3Router3上查看上查看上查看上查看OSPFOSPF信息信息信息信息 Router3# Router3#show show ipip ospfospf Routing Process Routing Process ospfospf 1 with ID 30.1.1.1 1 with ID 30.1.1.1 Supports only single TOS(TOS0) routes Supports only single TOS(TOS0) routes Supports opaque
219、LSA Supports opaque LSA Supports Link-local Signaling (LLS) Supports Link-local Signaling (LLS) It is an area border routerIt is an area border router Initial SPF schedule delay 5000 Initial SPF schedule delay 5000 msecsmsecs Minimum hold time between two consecutive Minimum hold time between two co
220、nsecutive SPFsSPFs 10000 10000 msecsmsecs Maximum wait time between two consecutive Maximum wait time between two consecutive SPFsSPFs 10000 10000 msecsmsecs Minimum LSA interval 5 Minimum LSA interval 5 secssecs. Minimum LSA arrival 1 . Minimum LSA arrival 1 secssecs LSA group pacing timer 240 LSA
221、group pacing timer 240 secssecs Interface flood pacing timer 33 Interface flood pacing timer 33 msecsmsecs Retransmission pacing timer 66 Retransmission pacing timer 66 msecsmsecs10.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directl
222、y connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link State
223、s (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 173 Number of external LSA 0. Checksum Sum 0x000000Number of external LSA 0. Checksum Sum 0x000000 Number of op
224、aque AS LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of Number of DCbitlessDCbitless external and opaque AS LSA 0 external and opaque AS LSA 0 Number of Number of DoNotAgeDoNotAge external and opaque AS LSA 0 external and opaque AS LSA 0 Number of areas in thi
225、s router is 3. 3 normal 0 stub 0 Number of areas in this router is 3. 3 normal 0 stub 0 nssanssa External flood list length 0 External flood list length 0 Area BACKBONE(0) Area BACKBONE(0) Number of interfaces in this area is 1 Number of interfaces in this area is 1 Area has no authenticationArea ha
226、s no authentication SPF algorithm last executed 00:08:03.300 agoSPF algorithm last executed 00:08:03.300 ago SPF algorithm executed 6 timesSPF algorithm executed 6 times Area ranges areArea ranges are Number of LSA 10. Checksum Sum 0x06074DNumber of LSA 10. Checksum Sum 0x06074D Number of opaque lin
227、k LSA 0. Checksum Sum 0x000000 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of Number of DCbitlessDCbitless LSA 0 LSA 0 Number of indication LSA 0 Number of indication LSA 0 Number of Number of DoNotAgeDoNotAge LSA 5 LSA 5 Flood list length 0 Flood list length 010.0.0.0/32 is subnetted,
228、 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机
229、路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 174 Area 1Area
230、1Number of interfaces in this area is 1Number of interfaces in this area is 1Area has no authenticationArea has no authenticationSPF algorithm last executed 00:11:22.328 agoSPF algorithm last executed 00:11:22.328 agoSPF algorithm executed 5 timesSPF algorithm executed 5 timesArea ranges areArea ran
231、ges areNumber of LSA 8. Checksum Sum 0x02B685Number of LSA 8. Checksum Sum 0x02B685Number of opaque link LSA 0. Checksum Sum 0x000000Number of opaque link LSA 0. Checksum Sum 0x000000Number of Number of DCbitlessDCbitless LSA 0 LSA 0Number of indication LSA 0Number of indication LSA 0Number of Numbe
232、r of DoNotAgeDoNotAge LSA 0 LSA 0Flood list length 0Flood list length 010.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02
233、:00, Serial0/0从路由表显示的信息可知,Router2已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1
234、 20.1.1.1 146 0x80000004 0x00E35C 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 175 Area 2Area 2Number of interfaces in this area is 2 (1 loopback)Number of interfaces in this area is 2 (1 loopback)Area has no authenticationArea has no authenticationSPF algorithm last executed 00:11:32.332 agoSPF a
235、lgorithm last executed 00:11:32.332 agoSPF algorithm executed 4 timesSPF algorithm executed 4 timesArea ranges areArea ranges areNumber of LSA 5. Checksum Sum 0x02E6BBNumber of LSA 5. Checksum Sum 0x02E6BBNumber of opaque link LSA 0. Checksum Sum 0x000000Number of opaque link LSA 0. Checksum Sum 0x0
236、00000Number of Number of DCbitlessDCbitless LSA 0 LSA 0Number of indication LSA 0Number of indication LSA 0Number of Number of DoNotAgeDoNotAge LSA 0 LSA 0Flood list length 0Flood list length 0 从路由信息可以看出,从路由信息可以看出,Router3Router3的路由器的路由器IDID是是30.1.1.130.1.1.1,它被认为是区,它被认为是区域边界路由器,它连接了三个域边界路由器,它连接了三个OS
237、PFOSPF区域:区域区域:区域0 0、区域、区域1 1、区域、区域2 2。10.0.0.0/32 is subnetted, 1 subnetsO 10.1.1.1 110/2 via 192.168.1.1, 00:02:00, FastEthernet0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0 30.0.0.0/32 is subnetted, 1 subnetsO IA 30.1.1.1 110/65 via 192.168.10.1, 00:02:00, Serial0/0从路由表显示的信息可知,Router2
238、已经通过OSPF协议,获得了区域间路由192.168.20.0/24(区域2中的网段)和30.1.1.1/32(区域2中的主机路由)。Router2#show ip ospf database OSPF Router with ID (20.1.1.1) (Process ID 1)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.1.1.1 10.1.1.1 146 0x80000003 0x00C858 220.1.1.1 20.1.1.1 146 0x80000004 0x00E35C
239、 230.1.1.1 30.1.1.1 5 (DNA) 0x80000002 0x001909 1764. 4. 小结小结小结小结 通过前面的配置及验证信息我们可以知道,当非主干区域没有与主干通过前面的配置及验证信息我们可以知道,当非主干区域没有与主干区域区域0 0形成直接的物理连接时,我们可以在边界路由器上配置一条虚链形成直接的物理连接时,我们可以在边界路由器上配置一条虚链路,实现非主干区域通过传输区域与主干区域的连接路,实现非主干区域通过传输区域与主干区域的连接。77 附:各路由器最终配置信息附:各路由器最终配置信息: Router1#show runRouter1#show run Bu
240、ilding configuration.Building configuration. Current configuration : 1007 bytesCurrent configuration : 1007 bytes ! ! version 12.3version 12.3 service timestamps debug service timestamps debug datetimedatetime msecmsec service timestamps log service timestamps log datetimedatetime msecmsec no servic
241、e password-encryptionno service password-encryption ! ! hostname Router1hostname Router1 ! ! boot-start-markerboot-start-marker boot-end-markerboot-end-marker ! ! no no aaaaaa new-model new-model ipip subnet-zero subnet-zero ! ! ipip cefcef ! !78 interface Loopback0interface Loopback0 ipip address 1
242、0.1.1.1 255.255.255.0 address 10.1.1.1 255.255.255.0 ! ! interface FastEthernet0/0 interface FastEthernet0/0 ipip address 192.168.1.1 255.255.255.0 address 192.168.1.1 255.255.255.0 duplex auto duplex auto speed auto speed auto ! ! interface FastEthernet0/1 interface FastEthernet0/1 no no ipip addre
243、ss address shutdown shutdown duplex auto duplex auto speed auto speed auto ! ! interface Serial1/0interface Serial1/0 no no ipip address address shutdown shutdown79 serial restart-delay 0serial restart-delay 0 ! ! interface Serial1/1interface Serial1/1 no no ipip address address shutdown shutdown se
244、rial restart-delay 0 serial restart-delay 0 ! ! interface Serial1/2interface Serial1/2 no no ipip address address shutdown shutdown serial restart-delay 0 serial restart-delay 0 ! ! interface Serial1/3interface Serial1/3 no no ipip address address shutdownshutdown serial restart-delay 0 serial resta
245、rt-delay 0 ! !80 router router ospfospf 1 1 log-adjacency-changes log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0network 10.1.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0network 192.168.1.0 0.0.0.255 area 0 ! ! no no ipip http server http server no no ipip http secure-server htt
246、p secure-server ipip classless classless ! ! line con 0line con 0 line aux 0line aux 0 line line vtyvty 0 4 0 4 ! ! endend81 Router2#show run Router2#show run hostname Router2 hostname Router2 interface Loopback0 interface Loopback0 ipip address 20.1.1.1 255.255.255.0 address 20.1.1.1 255.255.255.0
247、interface FastEthernet0/0 interface FastEthernet0/0 ipip address 192.168.1.2 255.255.255.0 address 192.168.1.2 255.255.255.0 duplex auto duplex auto speed auto speed auto ! ! interface Serial0/0interface Serial0/0 ipip address 192.168.10.2 255.255.255.0 address 192.168.10.2 255.255.255.0 clockratecl
248、ockrate 64000 64000 ! ! router router ospfospf 1 1 log-adjacency-changes log-adjacency-changes area 1 virtual-link 30.1.1.1area 1 virtual-link 30.1.1.1 network 20.1.1.0 0.0.0.255 area 1 network 20.1.1.0 0.0.0.255 area 1 network 192.168.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 networ
249、k 192.168.10.0 0.0.0.255 area 1 network 192.168.10.0 0.0.0.255 area 1 82 Router3#show runRouter3#show run hostname Router3hostname Router3 interface Loopback0interface Loopback0 ipip address 30.1.1.1 255.255.255.0 address 30.1.1.1 255.255.255.0 ! ! interface FastEthernet0/0interface FastEthernet0/0
250、ipip address 192.168.20.1 255.255.255.0 address 192.168.20.1 255.255.255.0 duplex autoduplex auto speed auto speed auto ! ! interface Serial0/0interface Serial0/0 ipip address 192.168.10.1 255.255.255.0 address 192.168.10.1 255.255.255.0 ! ! router router ospfospf 1 1 log-adjacency-changeslog-adjacency-changes area 1 virtual-link 20.1.1.1 area 1 virtual-link 20.1.1.1 network 30.1.1.0 0.0.0.255 area 2 network 30.1.1.0 0.0.0.255 area 2 network 192.168.10.0 0.0.0.255 area 1 network 192.168.10.0 0.0.0.255 area 1 network 192.168.20.0 0.0.0.255 area 2 network 192.168.20.0 0.0.0.255 area 2 83
