组网要求:公司A使用OSPF路由协议实现公司设备全网互通,后来公司A扩张兼并了公司B,要求将公司B采用的RIP路由协议与公司A的OSPF协议互相引入,使得各个部门可以实现互通。AR1和AR2作为公司核心设备负责各个部门间的通信。 由于业务需要,现要求通过下列措施控制并调整网络中的路由信息:
● 在AR5上对引入的路由信息进行过滤,使得研发二部所在网段无法访问市场一部、研发一部和售后服务部所在网段。
● 在AR3上使用路由信息的过滤功能,使得市场一部所在网段无法访问研发一部。
● 在AR4上使用路由信息的过滤功能,使得研发一部和售后服务部所在网段无法访问市场二部。
一、华为模拟器实际操作视频:
二、配置注意事项:
● 路由信息过滤功能中对于引入外部路由信息时采用export关键字进行过滤,该参数只能在ASBR上生效。
● 路由信息过滤功能只是对路由表中相关路由信息过滤,并不是过滤掉OSPF中通告的LSA。
● 由于路由通信是双向的,使用路由信息过滤功能将某一目的网段过滤后,该路由器下联的其它网段无法访问这个目的网段的设备,这个目的网段的设备也不能访问源地址网段的设备。
● 使用路由信息过滤功能配合ACL使用时,必须将最后一条规则设置为允许所有源地址通过才能避免将所有网段路由全部过滤掉。
三、IP设置:
PC1:192.168.10.1/24
AR6:192.168.10.2/24,192.168.20.2/24,192.168.30.1/24
PC2:192.168.20.1/24
AR5:192.168.30.2/24,192.168.40.1/24
AR1:192.168.40.2/24,192.168.50.1/24,192.168.60.1/24
AR2:192.168.50.2/24,192.168.80.1/24
AR3:192.168.60.2/24,192.168.70.2/24
PC3:192.168.70.1/24
AR4:192.168.80.2/24,192.168.90.2/24,192.168.100.2/24
PC4:192.168.90.1/24
PC5:192.168.100.1/24
四、AR6的主要配置文件:
#
sysname AR6
#
interface GigabitEthernet0/0/0
ip address 192.168.30.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.10.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.20.2 255.255.255.0
#
interface NULL0
#
rip 1
undo summary
version 2
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
#
return
五、AR5的主要配置:
#
sysname AR5
#
acl number 2000
rule 5 deny source 192.168.20.0 0.0.0.255
rule 10 permit
#
interface GigabitEthernet0/0/0
ip address 192.168.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.40.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
filter-policy 2000 export rip 1 //通过指定访问控制列表ACL2000来对引入OSPF的RIP路由信息进行过滤
import-route direct //将直连路由引入到OSPF网络中
import-route rip 1 //将RIP路由引入到OSPF网络中
area 0.0.0.1
network 192.168.40.0 0.0.0.255
#
rip 1
undo summary
version 2
network 192.168.30.0
import-route direct
import-route ospf 1
#
return
六、AR1的主要配置:
#
sysname AR1
#
interface GigabitEthernet0/0/0
ip address 192.168.40.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.60.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.50.1 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 192.168.50.0 0.0.0.255
area 0.0.0.1
network 192.168.40.0 0.0.0.255
area 0.0.0.2
network 192.168.60.0 0.0.0.255
#
return
七、AR2的主要配置:
#
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 192.168.50.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.80.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 192.168.50.0 0.0.0.255
area 0.0.0.3
network 192.168.80.0 0.0.0.255
#
return
八、AR3的主要配置:
#
sysname AR3
#
acl number 2000
rule 5 deny source 192.168.90.0 0.0.0.255
rule 10 permit
#
interface GigabitEthernet0/0/0
ip address 192.168.60.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.70.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
filter-policy 2000 import //通过指定访问控制列表ACL2000来对要加入到路由表的路由信息进行过滤
area 0.0.0.2
network 192.168.60.0 0.0.0.255
network 192.168.70.0 0.0.0.255
#
return
九、AR4的主要配置:
#
sysname AR4
#
acl number 2000
rule 5 deny source 192.168.10.0 0.0.0.255
rule 10 permit
#
interface GigabitEthernet0/0/0
ip address 192.168.80.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.90.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.100.2 255.255.255.0
#
interface NULL0
#
ospf 1
filter-policy 2000 import
area 0.0.0.3
network 192.168.80.0 0.0.0.255
network 192.168.90.0 0.0.0.255
network 192.168.100.0 0.0.0.255
#
return
十、验证配置结果:
1、在PC2上 ping 192.168.70.1、192.168.90.1和192.168.100.1是不通的。
PC>ping 192.168.100.1
Ping 192.168.100.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 192.168.100.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
2、在AR3和AR4上用display ip routing-table命令是看到不到192.168.20.0网段的路由的。
display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 O_ASE 150 1 D 192.168.60.1 GigabitEthernet
0/0/0
192.168.30.0/24 O_ASE 150 1 D 192.168.60.1 GigabitEthernet
0/0/0
192.168.40.0/24 OSPF 10 2 D 192.168.60.1 GigabitEthernet
0/0/0
192.168.50.0/24 OSPF 10 2 D 192.168.60.1 GigabitEthernet
0/0/0
192.168.60.0/24 Direct 0 0 D 192.168.60.2 GigabitEthernet
0/0/0
192.168.60.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.60.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.70.0/24 Direct 0 0 D 192.168.70.2 GigabitEthernet
0/0/1
192.168.70.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.70.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.80.0/24 OSPF 10 3 D 192.168.60.1 GigabitEthernet
0/0/0
192.168.100.0/24 OSPF 10 4 D 192.168.60.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
领取专属 10元无门槛券
私享最新 技术干货