免费注册账号qq,seo推广优化费用,室内设计平面图一套,做网站怎么加入索引功能9.4 OSPF被动接口配置
9.4.1 原理概述
OSPF被动接口也称抑制接口#xff0c;成为被动接口后#xff0c;将不会接收和发送OSPF报文。如果要使OSPF路由信息不被某一网络中的路由器获得且使本地路由器不接收网络中其他路由器发布的路由更新信息#xff0c;即已运行在OSPF协议…9.4 OSPF被动接口配置
9.4.1 原理概述
OSPF被动接口也称抑制接口成为被动接口后将不会接收和发送OSPF报文。如果要使OSPF路由信息不被某一网络中的路由器获得且使本地路由器不接收网络中其他路由器发布的路由更新信息即已运行在OSPF协议进程中的接口不与本链路上其余路由器建立邻居关系时可通过配置被动接口来禁止此接口接收和发送OSPF报文。
9.4.2 实验内容
本实验模拟企业网络场景。有路由器R1、R2、R4与R5分属不同部门的网关设备每台设备都连接着各部门的员工终端公司整网运行OSPF协议并都处于区域0中。员工终端上经常收到路由器发送的OSPF数据报文而该报文对终端而言毫无用处还占用了一定的链路带宽资源并有可能引起安全风险比如非法接入路由器做路由欺骗。现通告配置被动接口来实现阻隔OSPF报文优化公司网络。
9.4.3 实验拓扑 9.4.4 实验编址
设备接口IP地址子网掩码默认网关AR1AR2220GE 0/0/0172.16.1.1255.255.255.0N/AAR1AR2220GE 0/0/2192.168.30.254255.255.255.0N/AAR2AR2220GE 0/0/1172.16.2.1255.255.255.0N/AAR2AR2220GE 0/0/2192.168.40.254255.255.255.0N/AAR3AR2220GE 0/0/0172.16.1.2255.255.255.0N/AAR3AR2220GE 0/0/1172.16.2.2255.255.255.0N/AAR3AR2220GE 0/0/2172.16.3.2255.255.255.0N/AAR4AR2220GE 0/0/1172.16.3.1255.255.255.0N/AAR4AR2220GE 0/0/2192.168.10.254255.255.255.0N/AAR5AR2220GE 0/0/0172.16.3.3255.255.255.0N/AAR5AR2220GE 0/0/2192.168.20.254255.255.255.0N/APC1Ethernet 0/0/1192.168.10.1255.255.255.0192.168.10.254PC2Ethernet 0/0/1192.168.20.1255.255.255.0192.168.20.254PC3Ethernet 0/0/1192.168.30.1255.255.255.0192.168.30.254PC4Ethernet 0/0/1192.168.40.1255.255.255.0192.168.40.254
9.4.5 实验步骤
1、基本配置并搭建OSPF网络
根据实验编址表进行基本的配置和配置OSPF网络并进行连通性测试。
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 172.16.1.1 24
[AR1-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/2
[AR1-GigabitEthernet0/0/2]ip address 192.168.30.254 24
[AR1-GigabitEthernet0/0/2]ospf 1
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 172.16.30.0 0.0.0.255[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 172.16.2.1 24
[AR2-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[AR2-GigabitEthernet0/0/2]ip address 192.168.40.254 24
[AR2-GigabitEthernet0/0/2]ospf 1
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0]ip address 172.16.1.2 24
[AR3-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 172.16.2.2 24
[AR3-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[AR3-GigabitEthernet0/0/2]ip address 172.16.3.2 24
[AR3-GigabitEthernet0/0/2]ospf 1
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255[AR4]interface GigabitEthernet 0/0/1
[AR4-GigabitEthernet0/0/1]ip address 172.16.3.1 24
[AR4-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[AR4-GigabitEthernet0/0/2]ip address 192.168.10.254 24
[AR4-GigabitEthernet0/0/2]ospf 1
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255[AR5]interface GigabitEthernet 0/0/0
[AR5-GigabitEthernet0/0/0]ip address 172.16.3.3 24
[AR5-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/2
[AR5-GigabitEthernet0/0/2]ip address 192.168.20.254 24
[AR5-GigabitEthernet0/0/2]ospf 1
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255PC1ping 192.168.40.1
Ping 192.168.40.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.40.1: bytes32 seq2 ttl125 time78 ms
From 192.168.40.1: bytes32 seq3 ttl125 time32 ms
From 192.168.40.1: bytes32 seq4 ttl125 time47 ms
From 192.168.40.1: bytes32 seq5 ttl125 time46 ms
--- 192.168.40.1 ping statistics ---5 packet(s) transmitted4 packet(s) received20.00% packet lossround-trip min/avg/max 0/50/78 ms2、配置被动接口
现在通过配置被动接口来优化连接终端的网络使终端不在收到任何OSPF报文在R4的OSPF进程中使用silent-interface命令禁止接口接收和转发OSPF报文。
[AR1]ospf 1
[AR1-ospf-1]silent-interface GigabitEthernet 0/0/2[AR2]ospf 1
[AR2-ospf-1]silent-interface GigabitEthernet 0/0/2[AR4]ospf 1
[AR4-ospf-1]silent-interface GigabitEthernet 0/0/2[AR5]ospf 1
[AR5-ospf-1]silent-interface GigabitEthernet 0/0/23、验证被动接口
配置被动接口该接口会禁止接收和发送OSPF报文固在两台路由器间OSPF链路的接口上做该配置会导致OSPF邻居无法建立。
在R1上面使用display ip routing-table命令查看其他路由器上面的被动接口的网段路由条目是否获取到。
[AR1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0172.16.1.0/24 Direct 0 0 D 172.16.1.1 GigabitEthernet0/0/0172.16.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0172.16.2.0/24 OSPF 10 2 D 172.16.1.2 GigabitEthernet0/0/0172.16.3.0/24 OSPF 10 2 D 172.16.1.2 GigabitEthernet0/0/0192.168.10.0/24 OSPF 10 3 D 172.16.1.2 GigabitEthernet0/0/0192.168.20.0/24 OSPF 10 3 D 172.16.1.2 GigabitEthernet0/0/0192.168.30.0/24 Direct 0 0 D 192.168.30.254 GigabitEthernet0/0/2192.168.30.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2192.168.40.0/24 OSPF 10 3 D 172.16.1.2 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0可以观察到此时其他邻居路由器任然可以收到该网段的路由条目被动接口的特性只是不在收发任何OSPF报文但是被动接口所在网段的直连路由条目如果已经在OSPF中通告那么也会被其他的OSPF邻居路由器接收到。测试pc1和pc4的连通性可以看到可以正常通信。
PC1ping 192.168.40.1
Ping 192.168.40.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.40.1: bytes32 seq2 ttl125 time47 ms
From 192.168.40.1: bytes32 seq3 ttl125 time32 ms
From 192.168.40.1: bytes32 seq4 ttl125 time46 ms
From 192.168.40.1: bytes32 seq5 ttl125 time47 ms
--- 192.168.40.1 ping statistics ---5 packet(s) transmitted4 packet(s) received20.00% packet lossround-trip min/avg/max 0/43/47 ms
