• OSPF路由控制

    实验拓扑

    实验需求

    公司A使用OSPF路由协议实现公司设备全网互通,后来公司A扩张兼并了公司B,要求将公司B采用的IS-IS路由协议与公司A的OSPF协议互相引入,使得相应部门可以实现互通。
    Router_3和Router_4作为公司核心设备负责各个部门间的通信。由于业务需要,现要求通过下列措施控制并调整网络中的路由信息:

    1. 在Router_2上对引入的路由信息进行过滤,使得工程二部所在网段无法访问市场一部、工程一部和财务部所在网段。
    2. 在Router_3上使用路由信息的过滤功能,使得市场一部所在网段无法访问工程一部。
    3. 在Router_6上使用路由信息的过滤功能,使得工程一部和财务部所在网段无法访问市场二部

    实验步骤

    1.配置IP地址及环回口

    2.公司B配置ISIS,实验互通

    R1

    [Huawei]isis 1
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]network-entity 49.0001.0000.0001.00
[Huawei-isis-1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]isis enable 
[Huawei-GigabitEthernet0/0/2]int g0/0/1	
[Huawei-GigabitEthernet0/0/1]isis enable 
[Huawei-GigabitEthernet0/0/1]int g0/0/0	
[Huawei-GigabitEthernet0/0/0]isis enable

    R2

    [Huawei]isis 1
[Huawei-isis-1]network-entity 49.0001.0000.0002.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable

    3.公司A运行OSPF,配置相关区域

    R2

    [Huawei]ospf 1
[Huawei-ospf-1]A 3
[Huawei-ospf-1-area-0.0.0.3]NE	
[Huawei-ospf-1-area-0.0.0.3]network 192.168.6.0 0.0.0.255

    R3

    [Huawei]OSPF 1
[Huawei-ospf-1]A 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0  0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]A 2
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]A 3
[Huawei-ospf-1-area-0.0.0.3]NE 192.168.6.0 0.0.0.255

    R4

    [Huawei]ospf 1
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]a 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255

    R5

    [Huawei]OSPF 1
[Huawei-ospf-1]A 2
[Huawei-ospf-1-area-0.0.0.2]network 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.3.0 0.0.0.255

    R6

    [Huawei]OSPF 
[Huawei-ospf-1]A 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.5.0 0.0.0.255

    在R2上ISIS和OSPF相互引入

    [Huawei]ISIS 1
[Huawei-isis-1]import-route ospf 1
[Huawei]ospf
[Huawei-ospf-1]import-route isis 1

    4. 在R2上对引入的路由信息进行过滤,使得工程二部所在网段无法访问市场一部、工程一部和财务部所在网段。

    R2

    [Huawei]ACL 2000
[Huawei-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[Huawei]route-policy 4 deny node 10
[Huawei-route-policy]if-match acl 2000
[Huawei]route-policy 4 permit node 20
[Huawei]ospf 1
[Huawei-ospf-1]import-route isis 1 route-policy 4

    5. 在R2上查看协议路由表

    [Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

    6. R2上查看OSPF协议路由表,工程二部网段已被过滤掉

    [Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

OSPF routing table status : <Inactive>
         Destinations : 0        Routes : 0

    7. 在R3上使用路由信息的过滤功能,使得市场一部所在网段无法访问工程一部。

    R3

    [Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[Huawei]route-policy 5 deny node 10
[Huawei-route-policy]if-match acl 2000	
[Huawei]route-policy 5 permit node 20
[Huawei]ospf 
[Huawei-ospf-1]a 2
[Huawei-ospf-1-area-0.0.0.2]filter route-policy 5 import

    8. R5上OSPF协议路由表上,工程一部网段已被过滤

    [Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.1.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.5.0/24  OSPF    10   4           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
   192.168.10.0/24  OSPF    10   3           D   192.168.8.2     GigabitEthernet
0/0/0

    9.市场一部PING 工程一部

    PC>ping 192.68.4.10

Ping 192.68.4.10: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.68.4.10 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet los

    10. 在R6上使用路由信息的过滤功能,使得工程一部和财务部所在网段无法访问市场二部

    R6

    [Huawei]ACL 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255 
[Huawei]route-policy 77 deny node 10
[Huawei-route-policy]if-match acl 2000 
[Huawei]route-policy 77 permit node 20
[Huawei-ospf-1]filter-policy route-policy 77 import

    11.R6上查看OSPF协议路由表,市场二部的路由条目已过滤

    [Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 5        Routes : 5        

OSPF routing table status : <Active>
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   4           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.8.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.10.2    GigabitEthernet
0/0/0

    12.工程一部不能访问市场二部

    PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

    13.财务部不能访问市场二部

    PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss
  • 相关阅读:
    闲着写了一个查看股票的程序
    Oracle10g正则表达式
    跨语言平台的RSA加密、解密、签名、验证算法的实现
    Base64转换:AQAB=65537,你知道为什么吗?
    无题
    07年了,新的一年又开始了
    简单生活
    近期关注
    闲话
    各大网站的WEB服务器分析
  • 原文地址:https://www.cnblogs.com/yu15/p/11429081.html
Copyright © 2020-2023  润新知