组网需求

实现OSPF+重发布+路由映射&路由过滤
使用技术:OSPF、重发布、路由映射&路由过滤实现全网互通,且避免最优路径优先。

组网拓扑

img

配置要点

配置两个OSPF进程
重发布路由映射
R1,R2分别六个ACL访问控制列表,4个用于路由映射,2个用于路由过滤

配置

PC IP地址配置
PC 1
IP:172.16.10.1
子网掩码:255.255.255.0
默认网关:172.16.10.254
PC 2
IP:172.16.20.1
子网掩码:255.255.255.0
默认网关:172.16.20.254
Server 1
IP地址:172.16.100.1
子网掩码:255.255.255.0
默认网关:172.16.100.254
Server 2
IP地址:172.16.200.1
子网掩码:255.255.255.0
默认网关:172.16.200.254

S3-1

en
conf t
hostname S3-1

int f0/10
no sw

no shutdown
ip add 172.16.10.254 255.255.255.0
ex
int f0/20
no sw
no shutdown
ip add 172.16.20.254 255.255.255.0
ex
int f0/1
no sw
no shutdown
ip add 192.168.1.1 255.255.255.0
ex
int f0/2
no sw
no shutdown
ip add 192.168.2.1 255.255.255.0
ex


ip routing

router ospf 100
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 172.16.10.0 0.0.0.255 area 0
network 172.16.20.0 0.0.0.255 area 0
ex

S3-2

en
conf t
hostname S3-2

int f0/10
no sw
no shutdown
ip add 172.16.100.254 255.255.255.0
ex
int f0/20
no sw
no shutdown
ip add 172.16.200.254 255.255.255.0
ex
int f0/1
no sw
no shutdown
ip add 192.168.5.2 255.255.255.0
ex
int f0/2
no sw
no shutdown
ip add 192.168.6.2 255.255.255.0
ex


ip routing

router ospf 10
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
network 172.16.100.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.255 area 0
ex

R1

en
conf t
hostname R1

int f0/1
no shutdown
ip add 192.168.1.2 255.255.255.0
ex
int f0/0
no shutdown
ip add 192.168.5.1 255.255.255.0
ex

ip access-list standard pc1
10 permit 172.16.10.0 0.0.0.255
ex
ip access-list standard pc2
10 permit 172.16.20.0 0.0.0.255
ex
ip access-list standard deny-server
10 deny 172.16.100.0 0.0.0.255
20 deny 172.16.200.0 0.0.0.255
30 permit any
ex

ip access-list standard server1
10 permit 172.16.100.0 0.0.0.255
ex
ip access-list standard server2
10 permit 172.16.200.0 0.0.0.255
ex
ip access-list standard deny-pc
10 deny 172.16.10.0 0.0.0.255
20 deny 172.16.20.0 0.0.0.255
30 permit any
ex

route-map up permit 10
match ip add pc1
set metric 100
ex
route-map up permit 20
match ip add pc2
set metric 200
ex
route-map up permit 30
ex

route-map down permit 10
match ip add server1
set metric 100
ex
route-map down permit 20
match ip add server2
set metric 200
ex
route-map down permit 30
ex



router ospf 100
router-id 11.11.11.100
yes
network 192.168.1.0 0.0.0.255 area 0
redistribute ospf 10 route-map down subnets
distribute-list deny-server in
ex

router ospf 10
router-id 11.11.11.10
yes
network 192.168.5.0 0.0.0.255 area 0
redistribute ospf 100 route-map up subnets
distribute-list deny-pc in
ex

R2

en
conf t
hostname R2

int f0/1
no shutdown
ip add 192.168.2.2 255.255.255.0
ex
int f0/0
no shutdown
ip add 192.168.6.1 255.255.255.0
exit

ip routing

ip access-list standard pc1
10 permit 172.16.10.0 0.0.0.255
ex
ip access-list standard pc2
10 permit 172.16.20.0 0.0.0.255
ex

ip access-list standard deny-server
10 deny 172.16.100.0 0.0.0.255
20 deny 172.16.200.0 0.0.0.255
30 permit any
ex

ip access-list standard server1
10 permit 172.16.100.0 0.0.0.255
ex
ip access-list standard server2
10 permit 172.16.200.0 0.0.0.255
ex

ip access-list standard deny-pc
10 deny 172.16.10.0 0.0.0.255
20 deny 172.16.20.0 0.0.0.255
30 permit any
ex



route-map up permit 10
match ip add pc1
set metric 200
ex
route-map up permit 20
match ip add pc2
set metric 100
ex
route-map up permit 30
ex

route-map down permit 10
match ip add server1
set metric 200
ex
route-map down permit 20
match ip add server2
set metric 100
ex
route-map down permit 30
ex

router ospf 100
router-id 22.22.22.100
yes
network 192.168.2.0 0.0.0.255 area 0
redistribute ospf 10 route-map down subnets
distribute-list deny-server in
ex

router ospf 10
router-id 22.22.22.10
yes
network 192.168.6.0 0.0.0.255 area 0
redistribute ospf 100 route-map up subnets
distribute-list deny-pc in
ex

注意事项

OSPF进程的路由表存在LSA存活时间,需使用命令

#特权模式
clear ip ospf process

该命令需同时在R1、R2上使用,以促进OSPF进程路由表的更新。

配置验证

  • PC1 ping Server1时,R1的任何接口出现故障,PC1都能通过R2 ping通Server1
  • 当R1故障修复后,PC1 ping Server1的路径会从R2上回到R1。不能出现次优路径优先(即:PC1 ping Server1时,路径仍在R2上)

其他命令:
查看 OSPF 邻居关系是否建立。

show ip ospf neighbor

查看 OSPF 数据库中的信息。

show ip ospf database

查看 OSPF 学到的路由。

show ip route ospf