OSPF综合实验

一、网络拓扑

二、实验要求

1，R5为ISP，其上只能配置IP地址;R4作为企业边界路由器；
2，整个0SPF环境IP基于172.16.0.8/16划分;
3，所有设备均可访问R5的环回;
4，减少LSA的更新量，加快收敛，保障更新安全;
5，全网可达

三、实验思路

1、IP 地址规划确认
        已给定各区域基于 172.16.0.0/16 的子网划分，需明确各路由器接口 IP 地址分配，确保与拓扑标注一致 ，为后续配置做准备。
2、设备基础配置
        R5（ISP 路由器）：仅配置接口 IP 地址，如 Serial4/0/0 接口按要求设置 IP ，无需配置路由协议。
        R4（企业边界路由器）：配置各接口 IP 地址，包括与 ISP 连接的 Serial4/0/1 接口、与内部网络连接的 GE 接口等。启动 OSPF 进程，宣告所属区域及接口 IP 地址。
        其他路由器：配置接口 IP 地址，启动 OSPF 进程，将接口宣告到所属 OSPF 区域 。
3、减少 LSA 更新量及保障安全
        区域划分优化：利用 ABR进行合理的路由汇总，将区域内的子网汇总成一条或几条路由发布到其他区域，减少 LSA 泛洪。
        认证设置：在 OSPF 区域内配置认证，可选择 MD5 认证方式，在区域内各路由器上设置相同认证密钥，保障路由更新安全。
4、实现全网可达
        OSPF 内部：确保 OSPF 各区域内和区域间路由可达，通过合理的区域划分和 ABR 配置，使不同区域的路由信息能正确传递。
        与 RIP 区域互联：存在 RIP 区域（ 如AR12 连接的区域） ，在边界路由器（如 AR11）上进行 OSPF 与 RIP 的路由重分布，使 OSPF 区域和 RIP 区域的路由相互学习。
5、验证测试
        使用 ping 命令从各路由器测试到 R5 环回地址的连通性；通过 display ip routing - table 等命令查看各路由器路由表，检查路由条目是否完整、正确，确保全网可达。

四、具体配置

1、配置IP地址

R1:

[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 172.16.35.1 29
Apr 15 2025 17:51:09-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip add 172.16.32.1 24
[R1-LoopBack0]q

R2

[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 172.16.35.2 29
Apr 15 2025 17:55:12-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip add 172.16.33.1 24
[R2-LoopBack0]q

R3

[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 172.16.35.3 29
Apr 15 2025 17:55:55-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 172.16.0.1 30
Apr 15 2025 17:56:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R3-GigabitEthernet0/0/1]int l0
[R3-LoopBack0]ip add 172.16.34.1 24
[R3-LoopBack0]q

R4

[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 172.16.0.9 30
Apr 15 2025 17:56:55-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 172.16.0.2 30
Apr 15 2025 17:57:07-08:00 R4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip add 172.16.0.5 30
[R4-GigabitEthernet0/0/2]
Apr 15 2025 17:57:23-08:00 R4 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP 
on the interface GigabitEthernet0/0/2 has entered the UP state. 
[R4-GigabitEthernet0/0/2]int s 4/0/1
[R4-Serial4/0/1]ip add 45.0.0.1 30
[R4-Serial4/0/1]q

R5

[R5]int s 4/0/0
[R5-Serial4/0/0]ip add 45.0.0.2 30
[R5-Serial4/0/0]
Apr 15 2025 18:00:50-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPPIPCP on the interface Serial4/0/0 has entered the UP state. 
[R5-Serial4/0/0]int l0
[R5-LoopBack0]ip add 200.1.1.1 24
[R5-LoopBack0]q

R6

[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ip add 172.16.66.1 30
Apr 15 2025 18:02:27-08:00 R6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R6-GigabitEthernet0/0/0]int g0/0/1
[R6-GigabitEthernet0/0/1]ip add 172.16.0.6 30
Apr 15 2025 18:02:48-08:00 R6 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R6-GigabitEthernet0/0/1]int l0
[R6-LoopBack0]ip add 172.16.64.1 24
[R6-LoopBack0]q

R7

[R7]int g0/0/0
[R7-GigabitEthernet0/0/0]ip add 172.16.0.10 30
Apr 15 2025 18:04:07-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R7-GigabitEthernet0/0/0]int g0/0/1
[R7-GigabitEthernet0/0/1]ip add 172.16.98.1 30
Apr 15 2025 18:04:22-08:00 R7 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R7-GigabitEthernet0/0/1]int l0
[R7-LoopBack0]ip add 172.16.96.1 24
[R7-LoopBack0]q

R8

[R8]int g0/0/0
[R8-GigabitEthernet0/0/0]ip add 172.16.98.2 30
Apr 15 2025 18:05:29-08:00 R8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R8-GigabitEthernet0/0/0]int g0/0/1
[R8-GigabitEthernet0/0/1]ip add 172.16.98.5 30
Apr 15 2025 18:05:38-08:00 R8 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R8-GigabitEthernet0/0/1]int l0
[R8-LoopBack0]ip add 172.16.97.1 24
[R8-LoopBack0]q

R9

[R9]int g0/0/0
[R9-GigabitEthernet0/0/0]ip add 172.16.98.6 30
Apr 15 2025 18:06:25-08:00 R9 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R9-GigabitEthernet0/0/0]int g0/0/1
[R9-GigabitEthernet0/0/1]ip add 172.16.130.1 30
Apr 15 2025 18:06:36-08:00 R9 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R9-GigabitEthernet0/0/1]int l0
[R9-LoopBack0]ip add 172.16.128.1 24
[R9-LoopBack0]q

R10

[R10]int g0/0/0
[R10-GigabitEthernet0/0/0]ip add 172.16.130.2 30
Apr 15 2025 18:07:10-08:00 R10 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state. 
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip add 172.16.129.1 24
[R10-LoopBack0]q
[R10]

R11

[R11]int g0/0/0
[R11-GigabitEthernet0/0/0]ip add 172.16.66.2 30
Apr 15 2025 18:07:45-08:00 R11 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state. 
[R11-GigabitEthernet0/0/0]int g0/0/1
[R11-GigabitEthernet0/0/1]ip add 172.16.66.5 30
Apr 15 2025 18:07:54-08:00 R11 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IPon the interface GigabitEthernet0/0/1 has entered the UP state. 
[R11-GigabitEthernet0/0/1]int l0
[R11-LoopBack0]ip add 172.16.65.1 24
[R11-LoopBack0]q

R12

[R12]int g0/0/0
[R12-GigabitEthernet0/0/0]ip add 172.16.66.6 30
[R12-GigabitEthernet0/0/0]
Apr 15 2025 18:08:37-08:00 R12 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state. 
[R12-GigabitEthernet0/0/0]int l0
[R12-LoopBack0]ip add 10.1.1.1 24
[R12-LoopBack0]int l1
[R12-LoopBack1]ip add 10.1.2.1 24
[R12-LoopBack1]q

2、ospf基本配置

R1

[R1]ospf router-id 1.1.1.1
[R1-ospf-1]a 1
[R1-ospf-1-area-0.0.0.1]network 172.16.32.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]network 172.16.35.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]q

R2

[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 1
[R2-ospf-1-area-0.0.0.1]netw	
[R2-ospf-1-area-0.0.0.1]network 172.16.33.1 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 172.16.35.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]q

R3

[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]a 1	
[R3-ospf-1-area-0.0.0.1]network 172.16.35.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]q
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]q

R4

[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]a 0
[R4-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 172.16.0.5 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 172.16.0.9 0.0.0.0
[R4-ospf-1-area-0.0.0.0]

R6

[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]a 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.6 0.0.0.0
[R6-ospf-1-area-0.0.0.0]q
[R6-ospf-1]a 2
[R6-ospf-1-area-0.0.0.2]netw	
[R6-ospf-1-area-0.0.0.2]network 172.16.66.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]q

R7

[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]a 0
[R7-ospf-1-area-0.0.0.0]network 172.16.0.10 0.0.0.0
[R7-ospf-1-area-0.0.0.0]q
[R7-ospf-1]a 3
[R7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0
[R7-ospf-1-area-0.0.0.3]network 172.16.98.1 0.0.0.0

R8

[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]a 3
[R8-ospf-1-area-0.0.0.3]netw	
[R8-ospf-1-area-0.0.0.3]network 172.16.98.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.98.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]q

R9

[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]a 3
[R9-ospf-1-area-0.0.0.3]network 172.16.98.6 0.0.0.0
[R9-ospf-1-area-0.0.0.3]q
[R9-ospf-1]q	
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]a 4
[R9-ospf-2-area-0.0.0.4]network 172.16.128.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]network 172.16.130.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]q

R10

[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]a 4
[R10-ospf-1-area-0.0.0.4]network 172.16.129.1 0.0.0.0
[R10-ospf-1-area-0.0.0.4]network 172.16.130.2 0.0.0.0

R11

[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]a 2
[R11-ospf-1-area-0.0.0.2]network 172.16.66.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.66.5 0.0.0.0

R12

[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]a 2
[R12-ospf-1-area-0.0.0.2]network 172.16.66.6 0.0.0.0
[R12-ospf-1-area-0.0.0.2]q
[R12-ospf-1]q
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]network 10.0.0.0
[R12-rip-1]q

各路由器邻居建立情况

R1

R2

R3

R4

R6

R7

R8

R9

R10

R11

R12

3、ospf优化

  1）路由汇总

       域间路由汇总（在ABR设备上）

         R3

[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.64.0 255.255.224.0

        R6

[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0

        R7

[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

        域外路由汇总(在ASBR设备上)

        R12

[r12]ospf 1
[r12-ospf-1]asbr-summary 10.1.0.0 255.255.252.0

        R9

[r9]ospf 1
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0

  2）特殊区域

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]stub [r2]ospf 1
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]stub [r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]stub no-summary 

[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary[r11]ospf 1
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]nssa[r12]ospf 1
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]nssa

[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]nssa  no-summary[r8]ospf 1
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]nssa [r9]ospf 1
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]nssa

4、缺省、默认路由通告以及重发布

[R4]ip route-static 0.0.0.0 0 45.0.0.2

[r9]ospf 2
[r9-ospf-2]default-route-advertise[r4]ospf 1    
[r4-ospf-1]default-route-advertise

[R9]ospf 1
[R9-ospf-1]import-route ospf 2
[R9-ospf-1]q
[R9]ospf 2
[R9-ospf-2]import-route ospf 1
[R9-ospf-2][R12]ospf 1
[R12-ospf-1]import-route rip
[R12-ospf-1]q

5、加快收敛（修改为p2p或者p2mp，无需进行DR和BDR选举从而达到加快收敛）

[r3]int g0/0/0    
[r3-GigabitEthernet0/0/0]ospf network-type p2mp
[r1]int g0/0/0    
[r1-GigabitEthernet0/0/0]ospf network-type p2mp
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ospf network-type p2mp[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ospf network-type p2p
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ospf network-type p2p[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ospf network-type p2p
[r6]int g0/0/1
[r6-GigabitEthernet0/0/1]ospf network-type p2p[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ospf network-type p2p
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ospf network-type p2p[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ospf network-type p2p
[r11]int g0/0/0
[r11-GigabitEthernet0/0/0]ospf network-type p2p[r11-GigabitEthernet0/0/0]int g0/0/1
[r11-GigabitEthernet0/0/1]ospf network-type p2p
[r12]int g0/0/0
[r12-GigabitEthernet0/0/0]ospf network-type p2p[r7]int g0/0/1
[r7-GigabitEthernet0/0/1]ospf network-type p2p
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ospf network-type p2p[r8-GigabitEthernet0/0/0]int g0/0/1
[r8-GigabitEthernet0/0/1]ospf network-type p2p
[r9]int g0/0/0
[r9-GigabitEthernet0/0/0]ospf network-type p2p[r9]int g0/0/1
[r9-GigabitEthernet0/0/1]ospf network-type p2p
[r10]int g0/0/0
[r10-GigabitEthernet0/0/0]ospf network-type p2p

6、保证更新安全（做认证）

只需在区域0配置即可

[r4]ospf 1
[r4-ospf-1]a 0
[r4-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher  123456[r3]ospf 1
[r3-ospf-1]a 0
[r3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher  123456[r6]ospf 1
[r6-ospf-1]a 0
[r6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher  123456[r7]ospf 1
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher  123456

7、配置NAT

[r4]acl 2000
[r4-acl-basic-2000]rule permit  source  172.16.0.0   0.0.255.255[r4]int s4/0/1    
[r4-Serial4/0/1]nat outbound 2000

五、测试

所有设备均可访问R5的环回（因设备过多 这里展示R1 R10 R12）

全网可达

R1 ping R7 R8 R10环回