HCIP实验笔记
常用命令
# 进入系统视图
<R1>system-view
# 重命名
[R1]sysname R1
# 关闭、启动
shutdown
undo shutdown
查看路由表配置信息
<R1>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 Direct 0 0 D 10.0.1.254 GigabitEthernet
0/0/0
10.0.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.2.0/24 Direct 0 0 D 10.0.2.254 GigabitEthernet
0/0/1
10.0.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
配置通过Telnet登录系统
拓扑图
ip规划
步骤
1、R1
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.1.254 24
2、R2
配置通过STelnet登录系统
交换机基础配置
vlan
配置trunk
1、拓扑图
2、规划
3、步骤
hybrid接口应用
1、拓扑图
2、规划
3、步骤
单臂路由实现vlan间路由
1、拓扑图
2、规划
3、步骤
pc
S2
<Huawei>system-view
[Huawei]sysname S2
[S2]vlan 10
[S2-vlan10]description HR
[S2-vlan10]vlan 20
[S2-vlan20]description Market
[S2-vlan20]int e0/0/1
[S2-Ethernet0/0/1]port link-type access
[S2-Ethernet0/0/1]port default vlan 10
[S2-Ethernet0/0/1]int e0/0/2
[S2-Ethernet0/0/2]port link-type access
[S2-Ethernet0/0/2]port default vlan 20
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
<S2>display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 access 10 -
Ethernet0/0/2 access 20 -
.....
GigabitEthernet0/0/2 trunk 1 1-4094
<S2>save
S3
<Huawei>system-view
[Huawei]sysname S3
[S3]vlan 30
[S3-vlan30]description Manager
[S3-vlan30]int e0/0/1
[S3-Ethernet0/0/1]port link-type access
[S3-Ethernet0/0/1]port default vlan 30
[S3-Ethernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
<S3>display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 access 30 - ......
GigabitEthernet0/0/2 trunk 1 1-4094
<S3>save
S1
<Huawei>system-view
[Huawei]sysname S1
[S1]vlan batch 10 20 30
[S1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/3]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
<S1>display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1-4094
GigabitEthernet0/0/2 trunk 1 1-4094
GigabitEthernet0/0/3 trunk 1 1-4094
<S1>save
R1
<Huawei>system-view
[Huawei]sysname R1
[R1]int g0/0/1.1
[R1-GigabitEthernet0/0/1.1]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/1.1]dot1q termination vid 10
[R1-GigabitEthernet0/0/1.1]arp broadcast enable
[R1-GigabitEthernet0/0/1.1]int g0/0/1.2
[R1-GigabitEthernet0/0/1.2]ip address 192.168.2.254 24
[R1-GigabitEthernet0/0/1.2]dot1q termination vid 20
[R1-GigabitEthernet0/0/1.2]arp broadcast enable
[R1-GigabitEthernet0/0/1.2]int g0/0/1.3
[R1-GigabitEthernet0/0/1.3]ip address 192.168.3.254 24
[R1-GigabitEthernet0/0/1.3]dot1q termination vid 30
[R1-GigabitEthernet0/0/1.3]arp broadcast enable
<R1>save
[R1]display ip interface brief
[R1]display ip routing-table
4、验证
5、思考
VLAN 间的通信可以利用单臂路由的方式实现,,,那么利用单臂路由实现数据转发 会存在哪些潜在问题??该如何解决?
解答:
利用单臂路由 实现数据转发 会存在两个问题:
1.路由器和交换机是通过一条 链路连接,,容易成为网络单点故障,导致 VLAN 之间的通信中断;
2.各个 VLAN之间的通信都是 由 “单臂”链路承载, “单臂”链路 可能会成为流量传输的瓶颈;;利用三层交换机 实现VLAN间路由可以解决 “单臂路由”存在的问题。
三层交换机实现vlan间路由
1、拓扑图
2、规划
3、步骤
R1
<Huawei>system-view
[Huawei]sysname S1
[S1]vlan batch 10 20
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 10
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type access
[S1-GigabitEthernet0/0/2]port default vlan 10
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type access
[S1-GigabitEthernet0/0/3]port default vlan 20
[S1]interface Vlanif 10
[S1-Vlanif10]ip address 192.168.1.254 24
[S1-Vlanif10]interface Vlanif 20
[S1-Vlanif20]ip address 192.168.2.254 24
查看接口状态
4、验证
5、思考
试问三层交换机与路由器实现三层功能的方式是否相同,为什么?
解答:
不相同。 因为三层交换机上面的物理接口都是2层接口,需要在三层交换机上配置 VLANIF 接口。VLANIF 接口是基于网络层的接口,可以配置IP地址,借助于VLANIF接口,三层交换机就能实现路由转发功能。
生成树
stp
1、拓扑图
2、规划
| 设备 | 全局mac |
|---|---|
| S1(3700) | 4c1f-cc17-022a |
| S2(3700) | 4c1f-ccfb-07f7 |
| S3(3700) | 4c1f-cc76-1741 |
| S4(3700) | 4c1f-cc5a-1c0e |
3、步骤
S1
<Huawei>system-view
[Huawei]sysname S1
[S1]stp enable
[S1]stp mode stp
[S1]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
[S1]stp priority 0
[S1]display stp
-------[CIST Global Info][Mode STP]-------
CIST Bridge :0 .4c1f-cc17-022a
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :0 .4c1f-cc17-022a / 0
CIST RegRoot/IRPC :0 .4c1f-cc17-022a / 0
S2
<Huawei>system-view
[Huawei]sysname S2
[S2]stp enable
[S2]stp mode stp
[S2]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Ethernet0/0/3 ALTE DISCARDING NONE
[S2]stp priority 4096
[S2]display stp
-------[CIST Global Info][Mode STP]-------
CIST Bridge :4096 .4c1f-ccfb-07f7
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :0 .4c1f-cc17-022a / 200000
CIST RegRoot/IRPC :4096 .4c1f-ccfb-07f7 / 0
S3
<Huawei>system-view
[Huawei]sysname S3
[S3]stp enable
[S3]stp mode stp
[S3]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING NONE
0 Ethernet0/0/3 DESI FORWARDING NONE
0 Ethernet0/0/10 DESI FORWARDING NONE
0 Ethernet0/0/11 DESI FORWARDING NONE
S4
<Huawei>system-view
[Huawei]sysname S4
[S4]stp enable
[S4]stp mode stp
[S4]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING NONE
[S4]interface e0/0/1
[S4-Ethernet0/0/1]stp cost 2000
[S4-Ethernet0/0/1]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT LEARNING NONE
0 Ethernet0/0/2 ALTE DISCARDING NONE
提示:
根交换机选举规则:
优先级-mac地址(数值越小优先级越高)
选举指定端口时首先比较根路径开销规则
默认优先级:32768
stp root primary
stp root secondary
undo stp root
端口角色:
- Root Port:根端口
- Alternate Port:可替代端口
- DISCARDING:为丢弃端口,不转发流量
本次实验S1为根交换机:
[S1]display stp
-------[CIST Global Info][Mode STP]-------
CIST Bridge :32768.4c1f-cc17-022a
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.4c1f-cc17-022a / 0
CIST RegRoot/IRPC :32768.4c1f-cc17-022a / 0
4、测试
5、思考
在什么场景下,选举根端口、指定端口时会比较到端口ID?
解答:当进行生存树BPUD比较是,,根桥ID、开销值、发送桥ID前三个参数依次都相同时,,这时就需要比较发送者的端口ID。
定时stp
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
rstp
1、拓扑图
2、规划
ip
mac
| 设备 | 全局mac |
|---|---|
| S1(5700) | 4c1f-ccb7-3751 |
| S2(5700) | 4c1f-cc6d-1be7 |
| S3(3700) | 4c1f-cc17-36e7 |
| S4(3700) | 4c1f-cc6b-6f46 |
3、步骤
S1
<Huawei>system-view
[Huawei]sysname S1
[S1]stp mode rstp
[S1]stp root primary
[S1]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
S2
<Huawei>system-view
[Huawei]sysname S2
[S2]stp mode rstp
[S2]stp root secondary
[S2]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
S3
<Huawei>system-view
[Huawei]sysname S3
[S3]stp mode rstp
[S3]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING NONE
0 Ethernet0/0/3 DESI FORWARDING NONE
0 Ethernet0/0/4 BACK DISCARDING NONE
S4
<Huawei>system-view
[Huawei]sysname S4
[S4]stp mode rstp
[S4]display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING NONE
0 Ethernet0/0/3 ALTE DISCARDING NONE
[S4] int e0/0/1
[S4-Ethernet0/0/1]stp edged-port enable
4、测试
5、思考
S4交换机的E0/0/2接口关闭之后,E0/0/3会成为新的根端口,如果此时S3交换机的指定端口E0/0/3也关闭掉,S4交换机上会发生端口角色或状态的改变吗?如果边缘端口收到BPDU,此端口还是边缘端口吗?
6、提示
在RSTP中,Alternate 端口和 Backup 端口角色所对应的最终端口状态都是Discarding。区别是Altermate端口用于为根端口做备份,而Backup端口用于为本交换机上的指定端口做备份,所以当相应的根端口或指定端口断掉后,备份端口会立即承担原有的根端口或指定端口的角色,开始转发数据。
RSTP 协议是对STP的升级,它重新划定端口的角色及状态,使用更快速的握手协商机制,降低了收敛时间,使它成为继 STP 协议后首选的生成树协议,不足之处就是在同一网络内的交换机上所有的VLAN共用同样的拓扑,此时可以使用MSTP 来优化。
mstp
原理:
RSTP在STP基础上进行了改进,实现了网络拓扑快速收敛。但RSTP和STP还存在同一个缺陷,即由于局域网内所有的 VLAN 共享一棵生成树,链路被阻寒后将不承载任何流量,造成带宽浪费,因此无法在 VLAN 间实现数据流量的负载均衡,还有可能造成部分VLAN的报文无法转发。
通过MSTP 把一个交换网络划分成多个域,每个域内形成多棵生成树,生成树之间彼此独立。每个域叫做一个MST域(Multiple Spanning Tree Region,MST Region),每棵生成树叫做一个多生成树实例MSTI(MultipleSpanningTreeInstance)。实例内可以包含多个VLAN。通过将多个VLAN映射到同一个实例内,可以节省通信开销和资源占用率。MSTP 各个实例拓扑的生成树计算相互独立,通过这些实例可以实现负载均衡。把多个相同拓扑结构的 VLAN 映射到一个实例里,这些VLAN在端口
上的转发状态取决于端口在对应MSTP实例的状态。MSTP通过设置VLAN 映射表(即VLAN和MSTI的对应关系表),把VLAN和MSTI联系起来每个VLAN只能对应一个MSTI即同一VLAN的数据只能在一个MSTI中传输,而一个MSTI可能对应多个VLAN。
1、拓扑图
2、规划
3、步骤
S1
<Huawei>system-view
[Huawei]sysname S1
[S1]vlan batch 10 20
[S1]int e0/0/3
[S1-Ethernet0/0/3]port link-type access
[S1-Ethernet0/0/3]port default vlan 10
[S1-Ethernet0/0/3]int e0/0/1
[S1-Ethernet0/0/1]port link-type trunk
[S1-Ethernet0/0/1]port trunk allow-pass vlan all
[S1-Ethernet0/0/1]int e0/0/2
[S1-Ethernet0/0/2]port link-type trunk
[S1-Ethernet0/0/2]port trunk allow-pass vlan all
[S1]stp region-configuration
[S1-mst-region]region-name jluo
[S1-mst-region]revision-level 1
[S1-mst-region]instance 1 vlan 10
[S1-mst-region]instance 2 vlan 20
[S1-mst-region]active region-configuration
[S1]display stp region-configuration
Oper configuration
Format selector :0
Region name :jluo
Revision level :1
Instance VLANs Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
S2
<Huawei>system-view
[Huawei]sysname S2
[S2]vlan batch 10 20
[S2]int e0/0/3
[S2-Ethernet0/0/3]port link-type access
[S2-Ethernet0/0/3]port default vlan 20
[S2-Ethernet0/0/3]int e0/0/1
[S2-Ethernet0/0/1]port link-type trunk
[S2-Ethernet0/0/1]port trunk allow-pass vlan all
[S2-Ethernet0/0/1]int e0/0/2
[S2-Ethernet0/0/2]port link-type trunk
[S2-Ethernet0/0/2]port trunk allow-pass vlan all
[S2]stp region-configuration
[S2-mst-region]region-name jluo
[S2-mst-region]revision-level 1
[S2-mst-region]instance 1 vlan 10
[S2-mst-region]instance 2 vlan 20
[S2-mst-region]active region-configuration
[S2]display stp region-configuration
Oper configuration
Format selector :0
Region name :jluo
Revision level :1
Instance VLANs Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
[S2]stp instance 2 priority 0
S3
<Huawei>system-view
[Huawei]sysname S3
[S3]vlan batch 10 20
[S3]int e0/0/3
[S3-Ethernet0/0/3]port link-type access
[S3-Ethernet0/0/3]port default vlan 10
[S3-Ethernet0/0/3]int e0/0/4
[S3-Ethernet0/0/4]port link-type access
[S3-Ethernet0/0/4]port default vlan 20
[S3-Ethernet0/0/4]int e0/0/1
[S3-Ethernet0/0/1]port link-type trunk
[S3-Ethernet0/0/1]port trunk allow-pass vlan all
[S3-Ethernet0/0/1]int e0/0/2
[S3-Ethernet0/0/2]port link-type trunk
[S3-Ethernet0/0/2]port trunk allow-pass vlan all
[S3]stp region-configuration
[S3-mst-region]region-name jluo
[S3-mst-region]revision-level 1
[S3-mst-region]instance 1 vlan 10
[S3-mst-region]instance 2 vlan 20
[S3-mst-region]active region-configuration
[S3]display stp region-configuration
Oper configuration
Format selector :0
Region name :jluo
Revision level :1
Instance VLANs Mapped
0 1 to 9, 11 to 19, 21 to 4094
1 10
2 20
4、测试
[S1]display stp instance 1 brief
MSTID Port Role STP State Protection
1 Ethernet0/0/1 DESI FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/3 DESI FORWARDING NONE
[S1]display stp instance 2 brief
MSTID Port Role STP State Protection
2 Ethernet0/0/1 ROOT FORWARDING NONE
2 Ethernet0/0/2 DESI FORWARDING NONE
[S3]display stp instance 1 brief
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/3 DESI FORWARDING NONE
[S3]display stp instance 2 brief
MSTID Port Role STP State Protection
2 Ethernet0/0/1 ALTE DISCARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
2 Ethernet0/0/4 DESI FORWARDING NONE
[S3]display stp instance 1 brief
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/3 DESI FORWARDING NONE
[S3]display stp instance 2 brief
MSTID Port Role STP State Protection
2 Ethernet0/0/1 ALTE DISCARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
2 Ethernet0/0/4 DESI FORWARDING NONE
可以观察到,目前VLAN10的流量都从S3的E0/0/1接口转发
可以观察到,目前VLAN20的流量都从E0/0/2接口转发。
至此,完成了 MSTP的多实例的配置,并达到了流量分担的目的,有效地利用了网络资源,也同时使得S3的两条上行链路可以互相备份。
MSTP并不会为每个MSTI生成、发送一份独立的BPDU,而是通过在ISTBPDU中的Mrecord 字段反映VLAN与MSTI的映射关系。
5、思考
当MSTP和RSTP混合使用的时候,如何选举根桥?
解答:MSTP协议可以把支持MSTP的交换机和不支持MSTP交换机划分成不同的区域,分别称作MST域和SST域。在MST域内部运行多实例化的生成树,在MST域的边缘运行RSTP兼容的内部生成树IST(Internal Spanning Tree)。对于RSTP来说可以将MSTP域内的设备看成一台RSTP设备来进行正常的根桥选举。
其他交换技术
GVRP
GVRP(GARPVLAN Registration Protocol),中文名为GARPVLAN注册协议,是GARP(Generic Attribute Registration Protocol,通用属性注册协议)的一种应用,用于注册和注销VLAN属性。使得交换机之间能够相互交换 VLAN配置信息,动态创建和管理VLAN。用户只需要对少数交换机进行 VLAN 配置即可动态地传播 VLAN信息。
手工配置的VLAN 称为静态VLAN,通过GVRP协议创建的VLAN称为动态VLAN。GVRP有3种注册模式,不同的模式对静态VLAN和动态VLAN的处理方式也不同。
- Normal模式:允许该接口动态注册注销VLAN,传播动态VLAN以及静态VLAN信息;
- Fixed模式:禁止该接口动态注册、注销VLAN,只传播静态VLAN信息。即被设置成为该模式下的 Trunk 接口,即使允许所有 VLAN通过,实际通过的VLAN也只能是手动配置的那部分;
- Forbidden模式:禁止该接口动态注册、注销VLAN,不传播任何除VLAN1以外的任何 VLAN信息。即被设置成为该模式下的Trunk 接口,即使允许所有VLAN通过实际通过的VLAN也只能是VLAN1。
说明:
协议可以在交换机上动态的创建 VLAN,并控制 Trunk 接口允许通过的LAN列表,但并不能自动将用户端口划分至相应VLAN中。
1、拓扑图
2、规划
3、步骤
S1
<Huawei>system-view
<Huawei>sysname S1
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S1]vlan batch 10 20
[S1]int e0/0/1
[S1-Ethernet0/0/1]port link-type access
[S1-Ethernet0/0/1]port default vlan 10
[S1-Ethernet0/0/1]int e0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 20
[S1]gvrp
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]gvrp
S2
<Huawei>system-view
<Huawei>sysname S2
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S2]gvrp
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]gvrp
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]gvrp
[S2]display vlan
S3
<Huawei>system-view
<Huawei>sysname S3
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S3-GigabitEthernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S3]gvrp
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]gvrp
[S3-GigabitEthernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]gvrp
[S3]display vlan
S4
<Huawei>system-view
<Huawei>sysname S4
[S4]int g0/0/1
[S4-GigabitEthernet0/0/1]port link-type trunk
[S4-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S4]gvrp
[S4]int g0/0/1
[S4-GigabitEthernet0/0/1]gvrp
[S4]display vlan
[S4]vlan batch 10 20
[S4]int e0/0/1
[S4-Ethernet0/0/1]port link-type access
[S4-Ethernet0/0/1]port default vlan 10
[S4-Ethernet0/0/1]int e0/0/2
[S4-Ethernet0/0/2]port link-type access
[S4-Ethernet0/0/2]port default vlan 20
4、测试
配置为fixed
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]gvrp registration fixed
[S3]display voice-vlan
...
10 dynamic TG:GE0/0/2(U)
20 dynamic TG:GE0/0/2(U)
验证:
发现网络不通,解决方案1、可以在S3主机新建vlan10 20;2、把该接口模式切换回normal
命令备注:
[S3]display gvrp statistics
GVRP statistics on port GigabitEthernet0/0/1
GVRP status : Enabled
GVRP registrations failed : 0
GVRP last PDU origin : 4c1f-ccff-7f17
GVRP registration type : Normal
GVRP statistics on port GigabitEthernet0/0/2
GVRP status : Enabled
GVRP registrations failed : 0
GVRP last PDU origin : 4c1f-ccd0-323f
GVRP registration type : Normal
5、思考
GVRP能够应用在Hybrid类型的接口上吗?
并不能,hybrid作为灵活性较强的接口类型,再到多数情况下可以替代trunk和access接口.但是偏偏gvrp只认trunk不认hybrid。
Smart Link 与Monitor Link
1、拓扑图
2、规划
无
3、配置Smart Link
S1
<Huawei>system-view
[Huawei]sysname S1
S2
<Huawei>system-view
[Huawei]sysname S2
S3
<Huawei>system-view
[Huawei]sysname S3
S4
<Huawei>system-view
[Huawei]sysname S4
[S1]smart-link group 1
[S1-smlk-group1]smart-link enable
[S1-smlk-group1]int e0/0/3
[S1-Ethernet0/0/3]stp disable
[S1-Ethernet0/0/3]int e0/0/4
[S1-Ethernet0/0/4]stp disable
[S1]smart-link group 1
[S1-smlk-group1]port Ethernet 0/0/3 master
[S1-smlk-group1]port Ethernet 0/0/4 slave
[S1-smlk-group1]display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
There is no Load-Balance
There is no protected-vlan reference-instance
DeviceID: 4c1f-cc0c-669e
Member Role State Flush Count Last-Flush-Time
----------------------------------------------------------------------
Ethernet0/0/3 Master Active 0 0000/00/00 00:00:00 UTC+00
:00
Ethernet0/0/4 Slave Inactive 0 0000/00/00 00:00:00 UTC+00
:00
测试
[S2]INT E0/0/3
[S2-Ethernet0/0/3]shutdown
[S1-smlk-group1]display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
There is no Load-Balance
There is no protected-vlan reference-instance
DeviceID: 4c1f-cc0c-669e
Member Role State Flush Count Last-Flush-Time
----------------------------------------------------------------------
Ethernet0/0/3 Master Inactive 0 0000/00/00 00:00:00 UTC+00
:00
Ethernet0/0/4 Slave Active 0 0000/00/00 00:00:00 UTC+00
:00
提示:
如果需要切换回主线路
[S1-smlk-group1]restore enable
[S1-smlk-group1]timer wtr 30
[S1-smlk-group1]display smart-link group 1
.....
Ethernet0/0/3 Master Active 0 0000/00/00 00:00:00 UTC+00
:00
Ethernet0/0/4 Slave Inactive 0 0000/00/00 00:00:00 UTC+00
:00
4、配置Monitor Link
[S2]monitor-link group 1
[S2-mtlk-group1]port GigabitEthernet 0/0/1 uplink
[S2-mtlk-group1]port Ethernet 0/0/3 downlink
#Monitor Link回切时间默认为3s,修改为10s
[S2-mtlk-group1]timer recover-time 10
5、思考
Smart Link和Monitor Link的联合使用可以确保链路出现故障后及时地切换,如果所有链路都正常,是否所有数据都只能通过主链路转发?
Eth-Trunk链路聚合
在没有使用 Eth-Trunk 前,百兆以太网的双绞线在两个互连的网络设备间的带宽仅为100Mbit/s。若想达到更高的数据传输速率,则需要更换传输媒介,使用千兆光纤或升级成为千兆以太网。这样的解决方案成本较高。如果采用 Eth-Trunk 技术把多个接口捆绑在一起,则可以以较低的成本满足提高接口带宽的需求。例如,把3个100Mbit/s 的全双工接口捆绑在一起,就可以达到300Mbit/s的最大带宽。Eth-Trunk是一种捆绑技术,它将多个物理接口捆绑成一个逻辑接口,这个逻辑接口就称为Eth-Trunk接口,捆绑在一起的每个物理接口称为成员接口。Eth-Trunk 只能由以太网链路构成。Trunk的优势在于:
- 负载分担,在一个Eth-Trunk 接口内,可以实现流量负载分担;
- 提高可靠性,当某个成员接口连接的物理链路出现故障时,流量会切换到其他可用的链路上,从而提高整个Trunk链路的可靠性;
- 增加带宽,Trunk接口的总带宽是各成员接口带宽之和。
Eth-Trunk 在逻辑上把多条物理链路捆绑等同于一条逻辑链路,对上层数据透明传输。所有Eth-Trunk中物理接口的参数必须一致,Eth-Trunk链路两端要求一致的物理参数有:Eth-Trunk链路两端相连的物理接口类型、物理接口数量、物理接口的速率、物理接口的双工方式以及物理接口的流控方式。
Eth-Trunk工作模式可以分为两种:
- 手工负载分担模式:需要手动创建链路聚合组,并配置多个接口加入到所创建的Eth-Trunk中;
- 静态LACP模式该模式通过LACP协议协商Eth-Trunk 参数后自主选择活动接口。
1、拓扑图
2、规划
3、步骤
<Huawei>system-view
[Huawei]sysname S1
<Huawei>system-view
[Huawei]sysname S2
配置
[S1]int g0/0/2
[S1-GigabitEthernet0/0/2]shutdown
[S1-GigabitEthernet0/0/2]int g0/0/5
[S1-GigabitEthernet0/0/5]shutdown
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]shutdown
[S2-GigabitEthernet0/0/2]int g0/0/5
[S2-GigabitEthernet0/0/5]shutdown
手工负载分担模式
[S1]int Eth-Trunk 1
[S1-Eth-Trunk1]mode manual load-balance
[S2]int Eth-Trunk 1
[S2-Eth-Trunk1]mode manual load-balance
[S1-Eth-Trunk1]int g0/0/1
[S1-GigabitEthernet0/0/1]eth-trunk 1
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]eth-trunk 1
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]eth-trunk 1
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]eth-trunk 1
查看链路:
[S1]display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SIP-XOR-DIP
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet0/0/1 Up 1
GigabitEthernet0/0/2 Up 1
[S1]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 Eth-Trunk1 ROOT FORWARDING NONE
[S2]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 Eth-Trunk1 DESI FORWARDING NONE
静态LACP模式
[S1]int g0/0/5
[S1-GigabitEthernet0/0/5]undo shutdown
[S2]int g0/0/5
[S2-GigabitEthernet0/0/5]undo shutdown
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]undo eth-trunk
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]undo eth-trunk
[S1]int Eth-Trunk 1
[S1-Eth-Trunk1]mode lacp-static
[S1-Eth-Trunk1]int g0/0/1
[S1-GigabitEthernet0/0/1]eth-trunk 1
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]eth-trunk 1
[S1-GigabitEthernet0/0/2]in g0/0/5
[S1-GigabitEthernet0/0/5]eth-trunk 1
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]undo eth-trunk
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]undo eth-trunk
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]mode lacp-static
[S2-Eth-Trunk1]int g0/0/1
[S2-GigabitEthernet0/0/1]eth-trunk 1
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]eth-trunk 1
[S2-GigabitEthernet0/0/2]int g0/0/5
[S2-GigabitEthernet0/0/5]eth-trunk 1
[S1]display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 4c1f-cc9c-678a
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 3
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 32768 2 305 10111100 1
GigabitEthernet0/0/2 Selected 1GE 32768 3 305 10111100 1
GigabitEthernet0/0/5 Selected 1GE 32768 6 305 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 32768 4c1f-cc1f-2b9e 32768 2 305 10111100
GigabitEthernet0/0/2 32768 4c1f-cc1f-2b9e 32768 3 305 10111100
GigabitEthernet0/0/5 32768 4c1f-cc1f-2b9e 32768 6 305 10111100
测试:
[S1]lacp priority 100
[S1]int Eth-Trunk 1
[S1-Eth-Trunk1]max active-linknumber 2
[S1-Eth-Trunk1]int g0/0/1
[S1-GigabitEthernet0/0/1]lacp priority 100
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]lacp priority 100
[S1]display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 4c1f-cc9c-678a
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Selected 1GE 100 2 305 10111100 1
GigabitEthernet0/0/2 Selected 1GE 100 3 305 10111100 1
GigabitEthernet0/0/5 Unselect 1GE 32768 6 305 10100000 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 32768 4c1f-cc1f-2b9e 32768 2 305 10111100
GigabitEthernet0/0/2 32768 4c1f-cc1f-2b9e 32768 3 305 10111100
GigabitEthernet0/0/5 32768 4c1f-cc1f-2b9e 32768 6 305 10110000
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]shutdown
[S1]display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 4c1f-cc9c-678a
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/1 Unselect 1GE 100 2 305 10100010 1
GigabitEthernet0/0/2 Selected 1GE 100 3 305 10111100 1
GigabitEthernet0/0/5 Selected 1GE 32768 6 305 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/1 0 0000-0000-0000 0 0 0 10100011
GigabitEthernet0/0/2 32768 4c1f-cc1f-2b9e 32768 3 305 10111100
GigabitEthernet0/0/5 32768 4c1f-cc1f-2b9e 32768 6 305 10111100
4、备注
当一条高优先级的接口因故障切换为非活动状态而后又恢复时,只有使能抢占功能后高优先级的接口将重新成为活动接口。默认情况下抢占功能是关闭的,需要在eth-trunk 接口下手动开启并根据实际情况配置相应的抢占时延 (默认为30s)。
5、思考
当接口数超出最大负载闯值时,剩余接口是否转发流量?
静态路由
静态路由及默认路由基本配置
静态路由是指用户或网络管理员手工配置的路由信息。当网络的拓扑结构或链路状态发生改变时,需要网络管理人员手工修改静态路由信息。相比于动态路由协议,静态路由无需频繁地交换各自的路由表,配置简单,比较适合小型、简单的网络环境。
静态路由不适合大型和复杂的网络环境,因为当网络拓扑结构和链路状态发生变化时,网络管理员需要做大量的调整,且无法自动感知错误发生,不易排错。
默认路由是一种特殊的静态路由,当路由表中与数据包目的地址没有匹配的表项时数据包将根据默认路由条目进行转发。默认路由在某些时候非常有效,如在末梢网络中默认路由可以大大简化路由器配置,减轻网络管理员的工作负担。
1、拓扑图
2、规划
无
3、步骤
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
<Huawei>system-view
[Huawei]sysname R3
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[R1]interface Serial 3/0/0
[R1-Serial3/0/0]ip address 10.0.12.1 24
[R2]int s3/0/1
[R2-Serial3/0/1]ip address 10.0.12.2 24
[R2-Serial3/0/1]int s3/0/0
[R2-Serial3/0/0]ip address 10.0.23.2 24
[R3]int s3/0/1
[R3-Serial3/0/1]ip address 10.0.23.3 24
[R3-Serial3/0/1]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.20.3 24
实现主机之间的通信
[R1]ip route-static 192.168.20.0 255.255.255.0 10.0.12.2
[R1]display ip routing-table
......
192.168.20.0/24 Static 60 0 RD 10.0.12.2 Serial3/0/0
[R2]ip route-static 192.168.20.0 255.255.255.0 10.0.23.3
[R2]display ip routing-table
.....
192.168.20.0/24 Static 60 0 RD 10.0.23.3 Serial3/0/0
[R3]ip route-static 192.168.10.0 24 Serial 3/0/1
[R2]ip route-static 192.168.10.0 24 Serial 3/0/1
测试
实现全网全通来增强网络的可靠性
现象:
解决:
[R1]ip route-static 10.0.23.0 24 10.0.12.2
[R3]ip route-static 10.0.12.0 24 10.0.23.2
4、使用默认路由实现简单的网络优化
[R1]undo ip route-static 10.0.23.0 24 10.0.12.2
[R1]undo ip route-static 192.168.20.0 24 10.0.12.2
[R1]ip route-static 0.0.0.0 0 10.0.12.2
[R1]display ip routing-table
......
0.0.0.0/0 Static 60 0 RD 10.0.12.2 Serial3/0/0
0.0.0.0/24 Static 60 0 RD 10.0.12.2 Serial3/0/0
[R3]undo ip route-static 192.168.10.0 24 Serial 3/0/1
[R3]undo ip route-static 10.0.12.0 24 10.0.23.2
[R3]ip route-static 0.0.0.0 0 10.0.23.2
[R3]display ip routing-table
......
0.0.0.0/0 Static 60 0 RD 10.0.23.2 Serial3/0/1
10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial3/0/1
5、思考
在静态路由配置当中,可以采取指定下一跳IP地址的方式,也可以采取指定出接口的方式,这两种方式存在着什么区别?
浮动静态路由及负载均衡
1、拓扑图
2、规划
3、步骤
基本配置
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
<Huawei>system-view
[Huawei]sysname R3
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[R1-GigabitEthernet0/0/0]int s1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]int s1/0/1
[R1-Serial1/0/1]ip address 10.0.13.1 24
[R2]int s 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
[R2-Serial1/0/0]int s1/0/1
[R2-Serial1/0/1]ip address 10.0.23.2 24
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.20.1 24
[R3-GigabitEthernet0/0/0]int s1/0/0
[R3-Serial1/0/0]ip address 10.0.23.3 24
[R3-Serial1/0/0]int s1/0/1
[R3-Serial1/0/1]ip address 10.0.13.3 24
实现两分部间、总部与两分部间的通信
[R1]ip route-static 192.168.20.0 24 10.0.13.3
[R2]ip route-static 192.168.20.0 24 10.0.23.3
[R2]ip route-static 192.168.10.0 24 10.0.12.1
[R3]ip route-static 192.168.10.0 24 10.0.13.1
验证:
配置浮动静态路由实现路由备份
#默认为60
[R1]ip route-static 192.168.20.0 24 10.0.12.2 preference 100
[R1]display ip routing-table protocol static
......
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 Static 60 0 RD 10.0.13.3 Serial1/0/1
Static routing table status : <Inactive>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 Static 100 0 R 10.0.12.2 Serial1/0/0
[R3]ip route-static 192.168.10.0 24 10.0.23.2 preference 100
[R3]display ip routing-table protocol static
......
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.10.0/24 Static 60 0 RD 10.0.13.1 Serial1/0/1
Static routing table status : <Inactive>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.10.0/24 Static 100 0 R 10.0.23.2 Serial1/0/0
验证:
[R1]int Serial 1/0/1
[R1-Serial1/0/1]shutdown
通过负载均衡实现网络优化
[R1]int s1/0/1
[R1-Serial1/0/1]undo shutdown
[R1]ip route-static 192.168.20.0 24 10.0.12.2
[R1]display ip routing-table
.....
192.168.20.0/24 Static 60 0 RD 10.0.13.3 Serial1/0/1
Static 60 0 RD 10.0.12.2 Serial1/0/0
[R3]ip route-static 192.168.10.0 24 10.0.23.2
[R3]display ip routing-table
192.168.10.0/24 Static 60 0 RD 10.0.13.1 Serial1/0/1
Static 60 0 RD 10.0.23.2 Serial1/0/0
4、备注
5、思考
RIP
RIP(Routing Information Protocol,路由协议)作为最早的距离矢量IP路由协议,也是最先得到广泛使用的一种路由协议,采用了 Bellman-Ford 算法,其最大的特点就是配置简单。
RIP协议要求网络中每一台路由器都要维护从自身到每一个目的网络的路由信息。RIP协议使用跳数来衡量网络间的“距离”:从一台路由器到其直连网络的跳数定义为 1,从-台路由器到其非直连网络的距离定义为每经过一个路由器则距离加1。“距离”也称为“跳数”RIP 允许路由的最大跳数为15,因此,16 即为不可达。可见RIP 协议只适用于小型网络。
目前RIP有两个版本,RIPV1和 RIPv2,RIPV2针对RIP1进行扩充,能够携带更多的信息量,并增强了安全性能。RIPv1和RIPv2都是基于UDP的协议,使用UDP520号端口收发数据包。
RIP路由协议基本配置
1、拓扑图
2、规划
3、步骤
基本配置
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.12.1 24
[R1]int LoopBack 0
[R1-LoopBack0]ip address 10.0.1.1 24
[R2]int LoopBack 0
[R2-LoopBack0]ip address 10.0.12.2 24
[R2-LoopBack0]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.12.2 24
使用RIPvI搭建网络
[R1]rip
[R1-rip-1]network 10.0.0.0
[R2]rip
[R2-rip-1]network 10.0.0.0
[R1-rip-1]display ip routing-table
.....
10.0.2.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
[R2-rip-1]display ip routing-table
.....
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
测试R1与R2环回接口间的连通性
[R1-rip-1]ping 10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms
<R1>debugging rip 1
<R1>terminal debugging
Info: Current terminal debugging is on.
<R1>terminal monitor
<R1>
May 22 2023 10:58:15.567.5-08:00 R1 RIP/7/DBG: 25: 5428: RIP 1: Periodic Update
Completed for interface GigabitEthernet0/0/0, Time = 0 Ms
<R1>
May 22 2023 10:58:15.567.6-08:00 R1 RIP/7/DBG: 25: 6048: RIP 1: Interface Gigabi
tEthernet0/0/0 (10.0.12.1) is deleted from the periodic update queue
<R1>
May 22 2023 10:58:16.757.1-08:00 R1 RIP/7/DBG: 6: 13405: RIP 1: Sending v1 respo
nse on GigabitEthernet0/0/0 from 10.0.12.1 with 1 RTE
<R1>
May 22 2023 10:58:16.757.2-08:00 R1 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/0 from 10.0.12.1 to 255.255.255.255
<R1>
May 22 2023 10:58:16.757.3-08:00 R1 RIP/7/DBG: 6: 13476: Packet: Version 1, Cmd
response, Length 24
<R1>
May 22 2023 10:58:16.757.4-08:00 R1 RIP/7/DBG: 6: 13527: Dest 10.0.1.0, Cost 1
<R1>
May 22 2023 10:58:20.187.1-08:00 R1 RIP/7/DBG: 6: 13414: RIP 1: Receiving v1 res
ponse on GigabitEthernet0/0/0 from 10.0.12.2 with 1 RTE
<R1>
May 22 2023 10:58:20.187.2-08:00 R1 RIP/7/DBG: 6: 13465: RIP 1: Receive response
from 10.0.12.2 on GigabitEthernet0/0/0
<R1>
May 22 2023 10:58:20.187.3-08:00 R1 RIP/7/DBG: 6: 13476: Packet: Version 1, Cmd
response, Length 24
<R1>
May 22 2023 10:58:20.187.4-08:00 R1 RIP/7/DBG: 6: 13527: Dest 10.0.2.0, Cost 1
<R1>
关闭
<R1>undo debugging rip 1
#或者
<R1>undo debug all
#查看路由器发出和收到的定期更新事件
<R1>debuging rip 1 event
提示:
开启过多的 debug 功能会耗费大量路由器资源,甚至可能导致宕机。请慎重使用开启批量debug功能的命令,如debug all。
使用RIPv2搭建网络
基于前面的配置,现在只需在RIP子视图模式下配置v2即可。
[R1]rip
[R1-rip-1]version 2
[R2]rip
[R2-rip-1]version 2
<R1> debugging rip 1
May 22 2023 11:15:34.927.4-08:00 R1 RIP/7/DBG: 25: 5251: RIP 1: Job Periodic Upd
ate is scheduled for interface GigabitEthernet0/0/0
<R1>
May 22 2023 11:15:34.927.5-08:00 R1 RIP/7/DBG: 25: 5428: RIP 1: Periodic Update
Completed for interface GigabitEthernet0/0/0, Time = 0 Ms
<R1>
May 22 2023 11:15:34.927.6-08:00 R1 RIP/7/DBG: 25: 6048: RIP 1: Interface Gigabi
tEthernet0/0/0 (10.0.12.1) is deleted from the periodic update queue
<R1>
May 22 2023 11:15:36.117.1-08:00 R1 RIP/7/DBG: 6: 13405: RIP 1: Sending v2 respo
nse on GigabitEthernet0/0/0 from 10.0.12.1 with 1 RTE
<R1>
May 22 2023 11:15:36.117.2-08:00 R1 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/0 from 10.0.12.1 to 224.0.0.9
<R1>undo debugging rip 1
与RIPv1中使用debuging 命令所查看的信息进行对比,可以明显区分出 RIPv1和RIPv2的不同;
- RIPv2的路由信息中携带了子网掩码;
- RIPv2的路由信息中携带了下一跳地址,标识一个比通告路由器的地址更好的下跳地址。换句话说,它指出的地址,其度量值(跳数)比在同一个子网上的通告路由器更靠近目的地。如果这个字段设置为全0(0.0.0.0),说明通告路由器的地址是最优的下一跳地址;
- RIPv2默认采用组播方式发送报文,地址为224.0.0.9。
配置RIPv2的认证
配置协议的认证可以降低设备接受非法路由选择更新消息的可能性,也可称为“验证”。非法的更新消息可能来自试图破坏网络的攻击者,或试图通过欺骗路由器发送数据到错误的目的地址的方法来捕获数据包。RIPv2 协议能够通过更新消息所包含的口令来验证某个路由选择消息源的合法性,有简单和 MD5密文两种验证方式。
简单验证是指在认证的消息当中所携带的认证口令是以明文传输的,可以通过抓包软件抓取到数据包中的密码。
MD5密文验证是一种单向消息摘要 (message digest)算法或安全散列函数(secure hash function),由 RSA Date Security,Inc 提出。有时 MD5 也被作为一个加密校验和cryptographic checksum)。MD5算法是通过一个随意长度的明文消息(例如一个RIPv2的更新消息)和口令计算出一个128位的 hash值。hash值类似“指纹”,这个“指纹”随同消息一起传送,拥有相同口令的接收者会计算它自己的 hash 值,如果消息的内容没有被更改,接收者的 hash 值应该和消息发送者的hash 值相匹配
1、拓扑图
2、规划
3、步骤
基本配置
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
<Huawei>system-view
[Huawei]sysname R3
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.12.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.20.1 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.12.2 24
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.12.3 24
搭建RIP网络
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.10.0
[R1-rip-1]network 10.0.0.0
[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]network 192.168.20.0
[R2-rip-1]network 10.0.0.0
模拟网络攻击
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]display ip routing-table
[R3]int LoopBack 0
[R3-LoopBack0]ip address 192.168.10.1 24
[R3-LoopBack0]int LoopBack 1
[R3-LoopBack1]ip address 192.168.20.1 24
[R3-LoopBack1]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 192.168.10.0
[R3-rip-1]network 192.168.20.0
查看R1与R2的路由表
[R1]display ip routing-table
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/1
RIP 100 1 D 10.0.12.3 GigabitEthernet
0/0/1
[R2]display ip routing-table
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/1
RIP 100 1 D 10.0.12.3 GigabitEthernet
0/0/1
配置RIPv2简单验证
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]rip authentication-mode simple jluo
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]rip authentication-mode simple jluo
配置RIPv2MD5密文验证
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo rip authentication-mode
[R1-GigabitEthernet0/0/1]rip authentication-mode md5 usual jluo
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]undo rip authentication-mode
[R2-GigabitEthernet0/0/1]rip authentication-mode md5 usual jluo
4、思考
RIP路由协议的汇总
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
配置RIP的版本兼容、定时器及协议优先级
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
配置RIP抑制接口及单播更新
RIP与不连续子网
RIP的水平分割及触发更新
配置RIP路由附加度量值
RIP的故障处理
RIP的路由引入
OSPF
OSPF单区域配置
1、拓扑图
2、规划
3、步骤
基本配置
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
<Huawei>system-view
[Huawei]sysname R3
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.10.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 172.16.20.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 172.16.1.254 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.10.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.30.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.2.254 24
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.20.3 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 172.16.30.3 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip address 172.16.3.254 24
部署单区域OSPF网络
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 172.16.20.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R1-ospf-1]display ospf interface
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 172.16.30.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 172.16.20.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 172.16.30.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[R1]display ospf peer
[R1]display ip routing-table protocol ospf
4、思考
OSPF多区域配置
1、拓扑图
2、规划
3、步骤
基本配置
<Huawei>system-view
[Huawei]sysname R1
<Huawei>system-view
[Huawei]sysname R2
<Huawei>system-view
[Huawei]sysname R3
<Huawei>system-view
[Huawei]sysname R4
<Huawei>system-view
[Huawei]sysname R5
<Huawei>system-view
[Huawei]sysname R6
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.12.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.13.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.0.15.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.12.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.24.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.0.26.2 24
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.34.3 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.13.3 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.0.35.3 24
[R3]int g2/0/0
[R3-GigabitEthernet2/0/0]ip address 10.0.3.254 24
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.34.4 24
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip address 10.0.24.4 24
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip address 10.0.46.4 24
[R4-GigabitEthernet0/0/2]int g2/0/0
[R4-GigabitEthernet2/0/0]ip address 10.0.4.254 24
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.15.5 24
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]ip address 10.0.35.5 24
[R5-GigabitEthernet0/0/1]int g0/0/2
[R5-GigabitEthernet0/0/2]ip address 10.0.1.254 24
[R6]INT G0/0/0
[R6-GigabitEthernet0/0/0]ip address 10.0.26.6 24
[R6-GigabitEthernet0/0/0]int g0/0/1
[R6-GigabitEthernet0/0/1]ip address 10.0.46.6 24
[R6-GigabitEthernet0/0/1]int g0/0/2
[R6-GigabitEthernet0/0/2]ip address 10.0.2.254 24
配置骨干区域路由器
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 10.0.24.0 0.0.0.255
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.3.0 0.0.0.255
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 10.0.24.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 10.0.4.0 0.0.0.255
配置完成后,测试总部内两台PC间的连通性
配置非骨干区域路由器
[R5]ospf 1
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]network 10.0.15.0 0.0.0.255
[R5-ospf-1-area-0.0.0.1]network 10.0.35.0 0.0.0.255
[R5-ospf-1-area-0.0.0.1]network 10.0.1.0 0.0.0.255
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 10.0.15.0 0.0.0.255
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 10.0.35.0 0.0.0.255
[R5]display ospf peer
[R5]display ip routing-table protocol ospf
[R5]display ospf lsdb
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]network 10.0.26.0 0.0.0.255
[R6-ospf-1-area-0.0.0.2]network 10.0.46.0 0.0.0.255
[R6-ospf-1-area-0.0.0.2]network 10.0.2.0 0.0.0.255
[R2]ospf 1
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]network 10.0.26.0 0.0.0.255
[R4]ospf 1
[R4-ospf-1]area 2
[R4-ospf-1-area-0.0.0.2]network 10.0.46.0 0.0.0.255
[R6]display ospf peer
[R6]display ip routing-table protocol ospf
[R6]display ospf lsdb
4、思考
在本实验中,如果现在公司总部配置的区域不是骨干区域0,而是其他非骨干区域,会出现什么现象?
解答:这样做了之后会导致公司各个区域之间互相不能通信,因为跨区域路由只能由区域0的边界ABR进行类型3汇总得到。
配置OSPF的认证
OSPF支持报文验证功能,只有通过验证的报文才能接收,否则将不能正常建立邻居关系。OSPF 协议支持两种认证方式一区域认证和链路认证。使用区域认证时,一个区域中所有的路由器在该区域下的认证模式和口令必须一致;OSPF 链路认证相比于区域认证更加灵活,可专门针对某个邻居设置单独的认证模式和密码。如果同时配置了接口认证和区域认证时,优先使用接口认证建立OSPF 邻居。
每种认证方式又分为简单验证模式、MD5验证模式和 Key chain 验证模式。简单验证模式在数据传递过程中,认证密钥和密钥ID都是明文传输,很容易被截获:MD5验证模式下的密钥是经过MD5加密传输,相比于简单验证模式更为安全;Key chain验证模式可以同时配置多个密钥,不同密钥可单独设置生效周期等。
1、拓扑图
2、规划
3、步骤
基本配置
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.12.1 24
[R1]int LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 255.255.255.255
[R2]int LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 255.255.255.255
[R2-LoopBack0]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.12.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.24.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.0.23.2 24
[R3]int LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 32
[R3-LoopBack0]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.35.3 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.36.3 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.0.23.3 24
[R4]int LoopBack 0
[R4-LoopBack0]ip address 4.4.4.4 32
[R4-LoopBack0]int g0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.24.4 24
[R5]int LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 32
[R5-LoopBack0]int g0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.35.5 24
[R6]int LoopBack 0
[R6-LoopBack0]ip address 6.6.6.6 32
[R6-LoopBack0]int g0/0/0
[R6-GigabitEthernet0/0/0]ip address 10.0.36.6 24
搭建OSPF网络
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 10.0.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.1]network 1.1.1.1 0.0.0.0
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 10.0.12.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]network 10.0.24.0 0.0.0.255
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.36.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R4]ospf 1
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 10.0.24.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[R6]ospf 1
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 10.0.36.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]network 6.6.6.6 0.0.0.0
配置公司分部OSPF区域明文认证
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authentication-mode simple plain jluo1
[R1-ospf-1-area-0.0.0.1]display this
[R1-ospf-1-area-0.0.0.1]authentication-mode simple jluo1
[R1-ospf-1-area-0.0.0.1]display this
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]authentication-mode simple jluo1
[R1]display ospf peer brief
[R4]ospf 1
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]authentication-mode simple jluo1
[R4]display ospf peer brief
配置公司总部OSPF区域密文认证
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 jluo3
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 jluo3
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 jluo3
[R6]ospf 1
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]authentication-mode md5 1 jluo3
配置OSPF链路认证
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 jluo5
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ospf authentication-mode md5 1 jluo5
4、思考
OSPF认证如果采用MD5 验证模式,有没有办法可以获取其密钥内容?
解答:没有办法,因为采用MD5验证方式后,OSPF传递的是一个128位的密文的摘要。这样比明文传送口令更加安全。
OSPF被动接口配置
OSPF 被动接口也称抑制接口,成为被动接口后,将不会接收和发送OSPF 报文如果要使 OSPF路由信息不被某一网络中的路由器获得且使本地路由器不接收网络中其他路由器发布的路由更新信息,即已运行在OSPF协议进程中的接口不与本链路上其余路由器建立邻居关系时,可通过配置被动接口来禁止此接口接收和发送OSPI报文。
1、拓扑图
2、规划
3、步骤
基本配置
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.3.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.13.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.23.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.4.254 24
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.13.3 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.23.3 24
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.0.30.3 24
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.30.4 24
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip address 10.0.1.254 24
[R5]INT G0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.30.5 24
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]ip address 10.0.2.254 24
搭建OSPF网络
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 10.0.3.0 0.0.0.255
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.4.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 10.0.2.0 0.0.0.255
配置被动接口
[R4]ospf 1
[R4-ospf-1]silent-interface GigabitEthernet 0/0/1
#或者
[R4-ospf-1]silent-interface all
[R4-ospf-1]undo silent-interface g0/0/0
[R1]ospf 1
[R1-ospf-1]silent-interface all
[R1-ospf-1]undo silent-interface GigabitEthernet 0/0/1
[R2]ospf 1
[R2-ospf-1]silent-interface g0/0/1
[R5]ospf 1
[R5-ospf-1]silent-interface g0/0/1
4、思考
问题:在本实验中,通过配置被动接口可以禁止OSPF收发Hello报文,是否还有其他办法也能实现?
解答:接口网络类型改成NBMA也不会主动发送hello包,另外只能通过安全设备进行数据包过滤实现了。
理解OSPF Router-ID
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
OSPF的DR与BDR
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
OSPF开销值、协议优先级及计时器的修改
连接RIP与OSPF网络
使用RIP、OSPF发布默认路由
VRRP
1、拓扑图
2、规划
3、步骤
4、测试
5、思考
