OSPF路由控制

实验拓扑

实验需求

公司A使用OSPF路由协议实现公司设备全网互通,后来公司A扩张兼并了公司B,要求将公司B采用的IS-IS路由协议与公司A的OSPF协议互相引入,使得相应部门可以实现互通。
Router_3和Router_4作为公司核心设备负责各个部门间的通信。由于业务需要,现要求通过下列措施控制并调整网络中的路由信息:

  1. 在Router_2上对引入的路由信息进行过滤,使得工程二部所在网段无法访问市场一部、工程一部和财务部所在网段。
  2. 在Router_3上使用路由信息的过滤功能,使得市场一部所在网段无法访问工程一部。
  3. 在Router_6上使用路由信息的过滤功能,使得工程一部和财务部所在网段无法访问市场二部

实验步骤

1.配置IP地址及环回口

2.公司B配置ISIS,实验互通

R1

[Huawei]isis 1
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]network-entity 49.0001.0000.0001.00
[Huawei-isis-1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]isis enable 
[Huawei-GigabitEthernet0/0/2]int g0/0/1	
[Huawei-GigabitEthernet0/0/1]isis enable 
[Huawei-GigabitEthernet0/0/1]int g0/0/0	
[Huawei-GigabitEthernet0/0/0]isis enable 

R2

[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0001.0000.0002.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 

3.公司A运行OSPF,配置相关区域

R2

[Huawei]ospf 1
[Huawei-ospf-1]A 3
[Huawei-ospf-1-area-0.0.0.3]NE	
[Huawei-ospf-1-area-0.0.0.3]network 192.168.6.0 0.0.0.255

R3

[Huawei]OSPF 1
[Huawei-ospf-1]A 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0  0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]A 2
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]A 3
[Huawei-ospf-1-area-0.0.0.3]NE 192.168.6.0 0.0.0.255

R4

[Huawei]ospf 1
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]a 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255

R5

[Huawei]OSPF 1
[Huawei-ospf-1]A 2
[Huawei-ospf-1-area-0.0.0.2]network 192.168.8.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.2]NET 192.168.3.0 0.0.0.255

R6

[Huawei]OSPF 
[Huawei-ospf-1]A 1
[Huawei-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.4.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.5.0 0.0.0.255

在R2上ISIS和OSPF相互引入

[Huawei]ISIS 1
[Huawei-isis-1]import-route ospf 1
[Huawei]ospf
[Huawei-ospf-1]import-route isis 1 

4. 在R2上对引入的路由信息进行过滤,使得工程二部所在网段无法访问市场一部、工程一部和财务部所在网段。

R2

[Huawei]ACL 2000
[Huawei-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[Huawei]route-policy 4 deny node 10
[Huawei-route-policy]if-match acl 2000
[Huawei]route-policy 4 permit node 20
[Huawei]ospf 1
[Huawei-ospf-1]import-route isis 1 route-policy 4

5. 在R2上查看协议路由表

[Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

6. R2上查看OSPF协议路由表,工程二部网段已被过滤掉

[Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.4.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.5.0/24  OSPF    10   4           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.7.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
    192.168.8.0/24  OSPF    10   2           D   192.168.6.2     GigabitEthernet
0/0/1
   192.168.10.0/24  OSPF    10   3           D   192.168.6.2     GigabitEthernet
0/0/1

OSPF routing table status : <Inactive>
         Destinations : 0        Routes : 0

7. 在R3上使用路由信息的过滤功能,使得市场一部所在网段无法访问工程一部。

R3

[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[Huawei]route-policy 5 deny node 10
[Huawei-route-policy]if-match acl 2000	
[Huawei]route-policy 5 permit node 20
[Huawei]ospf 
[Huawei-ospf-1]a 2
[Huawei-ospf-1-area-0.0.0.2]filter route-policy 5 import 

8. R5上OSPF协议路由表上,工程一部网段已被过滤

[Huawei]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 6        Routes : 6        

OSPF routing table status : <Active>
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.1.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.5.0/24  OSPF    10   4           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.8.2     GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.8.2     GigabitEthernet
0/0/0
   192.168.10.0/24  OSPF    10   3           D   192.168.8.2     GigabitEthernet
0/0/0

9.市场一部PING 工程一部

PC>ping 192.68.4.10

Ping 192.68.4.10: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.68.4.10 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet los

10. 在R6上使用路由信息的过滤功能,使得工程一部和财务部所在网段无法访问市场二部

R6

[Huawei]ACL 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255 
[Huawei]route-policy 77 deny node 10
[Huawei-route-policy]if-match acl 2000 
[Huawei]route-policy 77 permit node 20
[Huawei-ospf-1]filter-policy route-policy 77 import 

11.R6上查看OSPF协议路由表,市场二部的路由条目已过滤

[Huawei-ospf-1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 5        Routes : 5        

OSPF routing table status : <Active>
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.3.0/24  OSPF    10   4           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.6.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.7.0/24  OSPF    10   2           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.8.0/24  OSPF    10   3           D   192.168.10.2    GigabitEthernet
0/0/0
    192.168.9.0/24  O_ASE   150  1           D   192.168.10.2    GigabitEthernet
0/0/0

12.工程一部不能访问市场二部

PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

13.财务部不能访问市场二部

PC>ping 192.168.1.1

Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 192.168.1.1 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss
posted @ 2019-08-29 12:47  向往C  阅读(1358)  评论(0编辑  收藏  举报