ISIS 综合实验
实验拓扑
实验需求
1、 如图配置 IP 地址
2、 如图配置 IS-IS,要求全网互通,R8的Loop X口暂不宣告
3、 R1和R3直连,要求 R3 成为 DIS,但只允许在 R1上配置
4、 R3与R4之间不允许有 DIS 选举
5、 R8引入 8.8.X.0/24 网段路由
6、 要求区域 49.0010只学习到 8.8.X.0/24 的汇总路由(精确汇总),有数据访问时走最优路径
7、 R6和R8之间需要提高报文交互的安全性
8、 49.0010区域提高安全性
实验步骤
1.配置相应接口IP地址及环回口地址
AR1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.13.2 24
AR3
[Huawei]int s4/0/0
[Huawei-Serial4/0/0]ip address 10.1.35.1 24
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.34.1 24
[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.13.1 24
AR4
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.46.1 24
AR5
[Huawei]int s4/0/0
[Huawei-Serial4/0/0]ip address 10.1.35.2 24
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.56.1 24
AR6
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.56.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.46.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.68.2 24
AR7
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.68.1 24
[Huawei-GigabitEthernet0/0/0]int l0
[Huawei-LoopBack0]ip address 8.8.3.1 24
[Huawei-LoopBack1]ip address 8.8.4.1 24
[Huawei-LoopBack1]int l2
[Huawei-LoopBack2]ip address 8.8.5.1 24
2.配置 IS-IS,要求全网互通,R8的Loop X口暂不宣告
AR1
[Huawei]isis
[Huawei-isis-1]network-entity 49.0010.0000.0001.00
[Huawei-isis-1]is-level level-1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
AR3
[Huawei]isis
[Huawei-isis-1]network-entity 49.0010.0000.0003.00
[Huawei-isis-1]is-level level-1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei]int S4/0/0
[Huawei-S4/0/0]isis enable 1
AR4
[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0010.0000.0004.00
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis enable 1
AR5
[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0010.0000.0005.00
[Huawei-isis-1]int s4/0/0
[Huawei-Serial4/0/0]isis enable 1
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis enable 1
AR6
[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0020.0000.0006.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis enable 1
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]isis enable 1
AR8
[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0020.0000.0008.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
3、 R1和R3直连,要求 R3 成为 DIS,但只允许在 R1上配置
DIS 优先级默认为64,把AR1的优先级改小
AR1上配置优先级
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis dis-priority 0
AR3上查看接口
[Huawei]dis isis interface g0/0/0
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 002 Up Down 1497 L1/L2 Yes/
4、 R3与R4之间不允许有 DIS 选举
AR3
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis circuit-type p2p
AR4
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis circuit-type p2p
在AR3上查看链路类型
[Huawei]dis isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 Yes/No
GE0/0/1 001 Up Down 1497 L1/L2 --
S4/0/0 002 Up Down 1500 L1/L2 --
在AR4上查看链路类型
[Huawei]dis isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 --
GE0/0/1 001 Up Down 1497 L1/L2 No/No
5. R8引入 8.8.X.0/24 网段路由
AR8
[Huawei-isis-1]import-route direct
6、 要求区域 49.0010只学习到 8.8.X.0/24 的汇总路由(精确汇总),有数据访问时走最优路径
AR8
[Huawei-isis-1] summary 8.8.0.0 255.255.248.0
AR4
[Huawei]isis 1
[Huawei-isis-1]import-route isis level-2 into level-1
AR5
[Huawei]isis 1
[Huawei-isis-1]import-route isis level-2 into level-1
在AR5上改变开销,默认为10
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis cost 30
在AR3上查看路由表,去往8.8.0.0的路由,下一跳是10.1.34.2,为最优路径。
[Huawei]dis ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 4 Routes : 4
ISIS routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
8.8.0.0/21 ISIS-L2 15 94 D 10.1.34.2 GigabitEthernet
0/0/1
10.1.46.0/24 ISIS-L1 15 20 D 10.1.34.2 GigabitEthernet
0/0/1
10.1.56.0/24 ISIS-L1 15 40 D 10.1.35.2 Serial4/0/0
10.1.68.0/24 ISIS-L2 15 30 D 10.1.34.2 GigabitEthernet
0/0/1
在AR1上路由跟踪,进行检验
[Huawei]tracert 8.8.3.1
traceroute to 8.8.3.1(8.8.3.1), max hops: 30 ,packet length: 40,press CTRL_C t
o break
1 10.1.13.1 40 ms 10 ms 20 ms
2 10.1.34.2 20 ms 10 ms 30 ms
3 10.1.46.2 40 ms 30 ms 20 ms
4 10.1.68.1 20 ms 20 ms 30 ms
7、R6和R8之间需要提高报文交互的安全性
AR6
[Huawei-GigabitEthernet0/0/2]isis authentication-mode md5 huawei
AR8
[Huawei-GigabitEthernet0/0/0]isis authentication-mode md5 huawei
8、 49.0010区域提高安全性
AR1
[Huawei]isis
[Huawei-isis-1]area-authentication-mode md5 123
AR3
[Huawei]isis
[Huawei-isis-1]area-authentication-mode md5 123
AR4
[Huawei]isis
[Huawei-isis-1]area-authentication-mode md5 123
AR5
[Huawei]isis
[Huawei-isis-1]area-authentication-mode md5 123
BGP 基础实验
实验拓扑
实验要求
- 按照图示配置 IP 地址,R1 和 R5 上使用环回口模拟业务网段,R2,R3,R4 的环回口用于配置 Router-id 和建立 IBGP 邻居
- AS 200 运行 OSPF 实现内部网络互通
- 所有设备都运行 BGP 协议,要求 R1 和 R2 利用直连接口建立 EBGP 邻居,R4 和 R5 利用直连接口建立EBGP 邻居,AS 200 内形成 IBGP 全互连,IBGP 邻居使用环回口建立邻居
- R1 和 R5 把业务网段宣告进 BGP,解决业务网段互连互通
实验步骤
配置IP地址及环回口地址
AR1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24
AR2
[Huawei]int l0
[Huawei-LoopBack0]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.23.1 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 2.2.2.2 32
AR3
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.23.2 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 3.3.3.3 32
[Huawei-LoopBack0]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.2 24
AR4
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.45.1 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 4.4.4.4 32
AR5
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]i add 10.1.45.2 24
AS 200 利用 OSPF 协议解决内部网络互通
R2
[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
R3
[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 10.1.34.0 0.0.0.255
R4
[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.34.0 0.0.0.255
所有设备都运行 BGP 协议
在 R1 与 R2 上利用直连接口建立 EBGP 邻居关系
R1
[Huawei]BGP 100
[Huawei-bgp]peer 10.1.12.1 as-number 200
R2
[Huawei]BGP 200
[Huawei-bgp]peer 10.1.12.2 as-number 100
在 R4与 R5 上利用直连接口建立 EBGP 邻居关系
R4
[Huawei]BGP 200
[Huawei-bgp]peer 10.1.45.2 as-number 300
R5
[Huawei]bgp 300
[Huawei-bgp]peer 10.1.45.1 as-number 200
在 R2,R3 与 R4 上利用环回接口建立 IBGP 邻居关系
R2
[Huawei]BGP 200
[Huawei-bgp]peer 3.3.3.3 as-number 200
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0 //修改更新源为环回口
[Huawei-bgp]peer 3.3.3.3 next-hop-local //修改 IBGP 邻居下一跳为本机
[Huawei-bgp]peer 4.4.4.4 as-number 200
[Huawei-bgp]PEER 4.4.4.4 connect-interface LoopBack 0
[Huawei-bgp]peer 4.4.4.4 next-hop-local
R3
[Huawei]bgp 200
[Huawei-bgp]peer 2.2.2.2 as-number 200
[Huawei-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[Huawei-bgp]peer 4.4.4.4 as-number 200
[Huawei-bgp]peer 4.4.4.4 connect-interface LoopBack 0
R4
[Huawei]BGP 200
[Huawei-bgp]peer 2.2.2.2 as-number 200
[Huawei-bgp]PEER 2.2.2.2 connect-interface LoopBack 0
[Huawei-bgp]peer 2.2.2.2 next-hop-local
[Huawei-bgp]PEER 3.3.3.3 as-number 200
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[Huawei-bgp]peer 3.3.3.3 next-hop-local
R1 和 R5 把业务网段宣告进 BGP
AR1
network 192.168.1.0 255.255.255.0
AR5
network 192.168.2.0 255.255.255.0
在AR2上查看邻居
[Huawei]dis bgp peer
BGP local router ID : 10.1.12.1
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
3.3.3.3 4 200 40 41 0 00:38:11 Established 0
4.4.4.4 4 200 41 41 0 00:38:11 Established 1
10.1.12.2 4 100 48 46 0 00:43:31 Established 1
在AR4上查看邻居
[Huawei]dis bgp peer
BGP local router ID : 10.1.34.1
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
2.2.2.2 4 200 25 25 0 00:21:00 Established
0
3.3.3.3 4 200 59 61 0 00:57:23 Established
0
10.1.45.2 4 300 22 22 0 00:18:09 Established
0
AR 1 PING AR5,业务网段带源PING
[Huawei]ping -a 192.168.1.1 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=252 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=252 time=60 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=252 time=50 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms