实验7 ISIS多区域配置

实验任务一：ISIS路由聚合和验证配置

1. 建立物理连接
   

2. 配置IS多区域
   [RTA-isis-1]network-entity 10.0000.0000.0001.00//配置网络实体
   [RTA-isis-1]is-level level-1//配置路由器类型
   [RTA-GigabitEthernet0/0]isis enable//使能接口
   [RTA-GigabitEthernet0/1]isis enable
   [RTA-GigabitEthernet0/1]isis circuit-level level-1//配置接口的链路邻接关系类型。

[RTB-isis-1]network-entity 10.0000.0000.0002.00
[RTB-isis-1]is-level level-1
[RTB-GigabitEthernet0/2]isis enable
[RTB-GigabitEthernet0/2]isis circuit-level level-1

[RTC-isis-1]network-entity 10.0000.0000.0003.00
[RTC-isis-1]is-level level-1-2//默认也是level-1-2
[RTC-GigabitEthernet0/0]isis enable
[RTC-GigabitEthernet0/0]isis circuit-level level-2
[RTC-GigabitEthernet0/2]isis enable
[RTC-GigabitEthernet0/2]isis circuit-level level-1
[RTC-GigabitEthernet0/1]isis enable
[RTC-GigabitEthernet0/1]isis circuit-level level-1

[RTD-isis-1]network-entity 20.0000.0000.0004.00
[RTD-isis-1]is-level level-2//默认也是level-1-2
[RTD-GigabitEthernet0/1]isis enable
[RTD-GigabitEthernet0/0]isis enable
[RTD-GigabitEthernet0/0]isis circuit-level level-2

3. isis路由表及LSDB查看
   [RTA]display isis route

                    Route information for IS-IS(1)
                    ------------------------------
   
                    Level-1 IPv4 Forwarding Table
                    -----------------------------
   

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

0.0.0.0/0 10 NULL GE0/1 172.16.1.2 R/-/-
172.16.2.0/24 20 NULL GE0/1 172.16.1.2 R/-/-
172.16.1.0/24 10 NULL GE0/1 Direct D/L/-
172.16.0.0/24 10 NULL GE0/0 Direct D/L/-

  Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set

[RTB]display isis route

                     Route information for IS-IS(1)
                     ------------------------------

                     Level-1 IPv4 Forwarding Table
                     -----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

0.0.0.0/0 10 NULL GE0/2 172.16.2.2 R/-/-
172.16.2.0/24 10 NULL GE0/2 Direct D/L/-
172.16.1.0/24 20 NULL GE0/2 172.16.2.2 R/-/-
172.16.0.0/24 30 NULL GE0/2 172.16.2.2 R/-/-

  Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set

//level-1路由器有一条缺省路由指向level-2的路由器。

[RTC]display isis route

                     Route information for IS-IS(1)
                     ------------------------------

                     Level-1 IPv4 Forwarding Table
                     -----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

172.16.2.0/24 10 NULL GE0/2 Direct D/L/-
172.16.1.0/24 10 NULL GE0/1 Direct D/L/-
172.16.0.0/24 20 NULL GE0/1 172.16.1.1 R/L/-

  Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set

                     Level-2 IPv4 Forwarding Table
                     -----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

172.16.2.0/24 10 NULL D/L/-
172.16.1.0/24 10 NULL D/L/-
192.168.2.0/24 20 NULL GE0/0 192.168.1.2 R/-/-
192.168.1.0/30 10 NULL GE0/0 Direct D/L/-

  Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set

//level-2路由器的路由表存放着level-1的路由，level-1路由器的路由表存放着缺省路由指向level2路由器。
例如：
RTA------------------------------------------RTB-------------------------------------------------RTC
Level-1 level-1-2 level-2
-----------------level-1的明细路由发送--------->>>>
<<------缺省路由指向level-2路由器

display ip routing-table

Destinations : 18 Routes : 18

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

//每条链路的开销值为10，ISIS缺省的路由开销类型为narrow
修改开销类型为wide，设置参考带宽，使能自动计算链路度量值
[RTA-isis-1]cost-style wide
[RTA-isis-1]bandwidth-reference 1000
[RTA-isis-1]auto-cost enable

[RTA]display ip routing-table

Destinations : 18 Routes : 18

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.1.0/30 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Wide或wide-campatible，根据公式开销=（参考值/带宽）*10

4. 配置is-is的聚合与验证
   (1)Level-1聚合到level-2
   [RTC-isis-1-ipv4]summary 172.16.0.0 16 level-2//配置聚合路由发往level-2的路由
   [RTD]display ip routing-table

Destinations : 18 Routes : 18

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/16 IS_L2 15 20 192.168.1.1 Ser1/0
192.168.1.0/30 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.0/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.1/32 Direct 0 0 192.168.1.1 Ser1/0
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.3/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.2.0/24 Direct 0 0 192.168.2.254 GE0/1
192.168.2.0/32 Direct 0 0 192.168.2.254 GE0/1
192.168.2.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.254 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

(1) Level-2聚合到level-1
[RTD-isis-1-ipv4]summary 192.168.0.0 16 level-1
//发现没能在RTA看到RTD聚合的路由，必须配置路由渗透。
display ip routing-table

Destinations : 20 Routes : 20

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.0.0/16 IS_L1 15 156261 172.16.1.2 GE0/1
192.168.1.0/30 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[RTC-isis-1-ipv4]import-route isis level-2 into level-1//路由渗透
[RTC-isis-1-ipv4]summary 192.168.0.0 16 level-1//路由聚合

display ip routing-table

Destinations : 19 Routes : 19

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.0.0/16 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
验证：
（1） 区域验证
[RTC-isis-1]domain-authentication-mode simple plain 123
[RTD-isis-1]domain-authentication-mode simple plain 111
[RTC-isis-1]display isis peer

                     Peer information for IS-IS(1)
                     -----------------------------

System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 25s Type: L1 PRI: 64

System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 26s Type: L1 PRI: 64

System ID: 0000.0000.0004
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 28s Type: L2 PRI: --

[RTD-Serial1/0]display isis route

                     Route information for IS-IS(1)
                     ------------------------------

                     Level-2 IPv4 Forwarding Table
                     -----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

192.168.3.0/24 0 NULL Loop1 Direct D/L/-
192.168.2.0/24 1 NULL GE0/1 Direct D/L/-
192.168.1.0/30 15625 NULL Ser1/0 Direct D/L/-

  Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set

配置路由域验证方式和验证密码后，验证密码将按照设定的方式插入到发送的Level-2报文（包括LSP、CSNP、PSNP）中并对收到的Level-2报文进行验证密码的检查。所以说，还是可以建立邻居，但是不能互相学习路由。
(2)接口验证
[RTC-Serial1/0]isis authentication-mode simple plain 111
[RTC-Serial1/0]display isis peer

                     Peer information for IS-IS(1)
                     -----------------------------

System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 28s Type: L1 PRI: 64

System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 26s Type: L1 PRI: 64

配置邻居关系验证方式和验证密码后，验证密码将会按照设定的方式封装到Hello报文中，并对接收到的Hello报文进行验证密码的检查，通过检查才会形成邻居关系，否则将不会形成邻居关系。
所以说，接口验证失败，不能够建立邻居。
补充：
问题1：当RTA的开销类型为narrow不能向RTC的开销类型为wide学习到路由。
[RTC-isis-1]cost-style wide
[RTC-isis-1]bandwidth-reference 1000
[RTC-isis-1]auto-cost enable

问题2：当RTC和RTD的邻居链路类型是不一样的，能建立邻居，但不能学习到各自的的路由。
（1） [RTC-Serial1/0]isis circuit-level level-2, [RTD-Serial1/0]isis circuit-level level-1-2,RTA和RTB是不能学习到level-2的默认路由。
[RTD]display isis peer

                     Peer information for IS-IS(1)
                     -----------------------------

System ID: 0000.0000.0003
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 22s Type: L2 PRI: --
（2） [RTC-Serial1/0]isis circuit-level level-1-2, [RTD-Serial1/0]isis circuit-level level-1-2,RTA和RTB是只能学习到RTC使能的接口下的level-1网段，并且学不到level-1的默认路由。RTD能学习到level-1的明细路由。
[RTD-Serial1/0]display ip routing-table

Destinations : 24 Routes : 24

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 IS_L2 15 15645 192.168.1.1 Ser1/0
172.16.1.0/24 IS_L2 15 15635 192.168.1.1 Ser1/0
172.16.2.0/24 IS_L2 15 15635 192.168.1.1 Ser1/0
192.168.1.0/30 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.0/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.1/32 Direct 0 0 192.168.1.1 Ser1/0
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.3/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.2.0/24 Direct 0 0 192.168.2.254 GE0/1
192.168.2.0/32 Direct 0 0 192.168.2.254 GE0/1
192.168.2.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.254 GE0/1
192.168.3.0/24 Direct 0 0 192.168.3.1 Loop1
192.168.3.0/32 Direct 0 0 192.168.3.1 Loop1
192.168.3.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.3.255/32 Direct 0 0 192.168.3.1 Loop1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[RTD]display isis peer

                     Peer information for IS-IS(1)
                     -----------------------------

System ID: 0000.0000.0003
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 22s Type: L2 PRI: --
(3) [RTC-Serial1/0]isis circuit-level level-1, [RTD-Serial1/0]isis circuit-level level-2,RTA和RTB能学习到RTC使能的接口下的level-1网段，且不和RTD建立邻居。
[RTC-Serial1/0]display isis peer

                     Peer information for IS-IS(1)
                     -----------------------------

System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 22s Type: L1 PRI: 64

System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 21s Type: L1 PRI: 64
(4) [RTC-Serial1/0]isis circuit-level level-2, [RTD-Serial1/0]isis circuit-level level-2,RTA和RTB才能学习到RTC使能的接口下的level-2网段。
display ip routing-table

Destinations : 18 Routes : 18

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

问题3：模拟器，isis区域之间，一个配置了区域验证，一个没有，但是还是可以学习到各自的路由，但是两个都配置区域验证，验证失败才不能学习到各自的路由。

解决问题2：level-1-2链路互相可以学习到路由。之前失败是因为左边的路由器开销类型都是wide,右边的不是，不能互相学习路由。
解决问题3：配置了验证的路由器，收到没配置验证的路由器发来的链路信息，验证路由器不会学习它的路由，但是未配置验证的路由器会学习到验证路由器发来的链路信息。