碼上歡樂
相關內容    簡體    繁體

OSPF路由控制

本文轉載自   查看原文   2019-08-29 12:47   360    IP綜合實驗(2)

實驗拓撲

實驗需求

公司A使用OSPF路由協議實現公司設備全網互通,后來公司A擴張兼並了公司B,要求將公司B采用的IS-IS路由協議與公司A的OSPF協議互相引入,使得相應部門可以實現互通。
Router_3和Router_4作為公司核心設備負責各個部門間的通信。由於業務需要,現要求通過下列措施控制並調整網絡中的路由信息:

  1. 在Router_2上對引入的路由信息進行過濾,使得工程二部所在網段無法訪問市場一部、工程一部和財務部所在網段。
  2. 在Router_3上使用路由信息的過濾功能,使得市場一部所在網段無法訪問工程一部。
  3. 在Router_6上使用路由信息的過濾功能,使得工程一部和財務部所在網段無法訪問市場二部

實驗步驟

1.配置IP地址及環回口

2.公司B配置ISIS,實驗互通

R1

[Huawei]isis 1
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]network-entity 49.0001.0000.0001.00
[Huawei-isis-1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]isis enable 
[Huawei-GigabitEthernet0/0/2]int g0/0/1	
[Huawei-GigabitEthernet0/0/1]isis enable 
[Huawei-GigabitEthernet0/0/1]int g0/0/0	
[Huawei-GigabitEthernet0/0/0]isis enable

R2

[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0001.0000.0002.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable

3.公司A運行OSPF,配置相關區域

R2

[Huawei]ospf 1
[Huawei-ospf-1]A 3
[Huawei-ospf-1-area-0.0.0.3]NE	
[Huawei-ospf-1-area-0.0.0.3]network 192.168.6.0 0.0.0.255

R3

[Huawei]OSPF 1
[Huawei-ospf-1]A 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0  0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]A 2
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]A 3
[Huawei-ospf-1-area-0.0.0.3]NE 192.168.6.0 0.0.0.255

R4

[Huawei]ospf 1
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]a 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255

R5

[Huawei]OSPF 1
[Huawei-ospf-1]A 2
[Huawei-ospf-1-area-0.0.0.2]network 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.3.0 0.0.0.255

R6

[Huawei]OSPF 
[Huawei-ospf-1]A 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.5.0 0.0.0.255

在R2上ISIS和OSPF相互引入

[Huawei]ISIS 1
[Huawei-isis-1]import-route ospf 1
[Huawei]ospf
[Huawei-ospf-1]import-route isis 1

4. 在R2上對引入的路由信息進行過濾,使得工程二部所在網段無法訪問市場一部、工程一部和財務部所在網段。

R2

[Huawei]ACL 2000
[Huawei-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[Huawei]route-policy 4 deny node 10
[Huawei-route-policy]if-match acl 2000
[Huawei]route-policy 4 permit node 20
[Huawei]ospf 1
[Huawei-ospf-1]import-route isis 1 route-policy 4

5. 在R2上查看協議路由表

[Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

6. R2上查看OSPF協議路由表,工程二部網段已被過濾掉

[Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

OSPF routing table status : <Inactive>
         Destinations : 0        Routes : 0

7. 在R3上使用路由信息的過濾功能,使得市場一部所在網段無法訪問工程一部。

R3

[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[Huawei]route-policy 5 deny node 10
[Huawei-route-policy]if-match acl 2000	
[Huawei]route-policy 5 permit node 20
[Huawei]ospf 
[Huawei-ospf-1]a 2
[Huawei-ospf-1-area-0.0.0.2]filter route-policy 5 import

8. R5上OSPF協議路由表上,工程一部網段已被過濾

[Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.1.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.5.0/24  OSPF    10   4           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
   192.168.10.0/24  OSPF    10   3           D   192.168.8.2     GigabitEthernet
0/0/0

9.市場一部PING 工程一部

PC>ping 192.68.4.10

Ping 192.68.4.10: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.68.4.10 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet los

10. 在R6上使用路由信息的過濾功能,使得工程一部和財務部所在網段無法訪問市場二部

R6

[Huawei]ACL 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255 
[Huawei]route-policy 77 deny node 10
[Huawei-route-policy]if-match acl 2000 
[Huawei]route-policy 77 permit node 20
[Huawei-ospf-1]filter-policy route-policy 77 import

11.R6上查看OSPF協議路由表,市場二部的路由條目已過濾

[Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 5        Routes : 5        

OSPF routing table status : <Active>
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   4           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.8.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.10.2    GigabitEthernet
0/0/0

12.工程一部不能訪問市場二部

PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

13.財務部不能訪問市場二部

PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OSPF路由控制與過濾 OSPF的路由過濾(轉) OSPF 路由匯總 靜態路由與ospf OSPF路由匯總 OSPF路由配置 OSPF路由協議 OSPF路由協議 路由配置—OSPF、VLAN CISCO 動態路由(OSPF)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM