SW1、SW2、SW3、RT1 以太链路、RT2 以太链路、FW1、FW2、AC1 之间运行 OSPFv2 和 OSPFv3 协议
注意要求
- 按照IP 地址从小到大的顺序发布
- 每个 prefix-list 的序号从 5 开始 按照 IP 地址从小到大的顺序递增 5
- route-map 的序号从 10 开始 递增 10 route-map 名称与 prefix-list 名称相同
- 每个 ACL 序号从 10 开始,按照 IP 地址从小到大的顺序递增 10
OSPFv2部分
SW1、SW2、SW3、RT1、RT2、FW1 之间 OSPFv2 和 OSPFv3 协议
- 进程1 区域号 0 分别发布 Loopback1 地址路由和产品路由
- FW1通告 type1默认路由
- RT2 与 AC1 之间运行 OSPFv2 协议,进程 1 区域 1 nssa no-summar
- AC1 发布 Loopback1 地址路由、管理、产品和营销路由
- AC1用 prefix-list 重发布 Loopback3 prefix-list 名称为 AC1-Loopback3-IPv4
SW1
router ospf 1
ospf router-id 10.4.1.1
network 10.4.1.1/32 area 0
network 10.4.11.0/24 area 0
network 10.4.220.0/24 area 0
network 10.4.255.0/30 area 0
network 10.4.255.4/30 area 0
network 10.4.255.12/30 area 0
network 192.168.2.0/24 area 0
!
SW2
router ospf 1
ospf router-id 10.4.2.1
network 10.4.2.1/32 area 0
network 10.4.21.0/24 area 0
network 10.4.210.0/24 area 0
network 10.4.255.0/30 area 0
network 10.4.255.8/30 area 0
network 10.4.255.20/30 area 0
network 192.168.100.0/24 area 0
SW3
router ospf 1
ospf router-id 10.4.3.1
network 10.4.3.1/32 area 0
network 10.4.31.0/24 area 0
network 10.4.255.4/30 area 0
network 10.4.255.8/30 area 0
!
AC1
router ospf 1
ospf router-id 10.4.4.1
area 1 nssa no-summary
network 10.4.4.1/32 area 1
network 10.4.130.0/24 area 1
network 10.4.140.0/24 area 1
network 10.4.150.0/24 area 1
network 10.4.255.44/30 area 1
redistribute connected route-map AC1-Loopback3-IPv4
ip prefix-list AC1-Loopback3-IPv4 seq 5 permit 10.4.4.3/32
route-map AC1-Loopback3-IPv4 permit 10
match ip address prefix-list AC1-Loopback3-IPv4
配置nssa特区 area 1 nssa no-summary
配置 prefix-list 序号为5 匹配 Loopback4 地址
ip prefix-list AC1-Loopback3-IPv4 seq 5 permit 10.4.4.3/32
配置 route-map 序号为 10 匹配AC1-Loopback3-IPv4 通过
route-map AC1-Loopback3-IPv4 permit 10
match ip address prefix-list AC1-Loopback3-IPv4
过滤重发布
redistribute connected route-map AC1-Loopback3-IPv4
RT1
router ospf 1
router-id 10.4.5.1
network 10.4.5.1 255.255.255.255 area 0
network 10.4.255.16 255.255.255.252 area 0
network 10.4.255.20 255.255.255.252 area 0
network 10.4.255.32 255.255.255.252 area 0
RT2
router ospf 1
router-id 10.4.6.1
network 10.4.6.1 255.255.255.255 area 0
network 10.4.255.32 255.255.255.252 area 0
network 10.4.255.44 255.255.255.252 area 1
area 1 nssa no-summary
配置nssa特区 area 1 nssa no-summary
FW1
router ospf 1
router-id 10.4.7.1
default-information originate always type 1
network 10.4.7.1/32 area 0
network 10.4.255.12/30 area 0
network 10.4.255.16/30 area 0
FW1通告type1默认路由 default-information originate always type 1
FW2
router ospf 2
router-id 10.4.8.1
network 10.4.8.1/32 area 2
network 10.4.255.24/30 area 2
network 10.4.255.28/30 area 2
- RT1 FW2 SW3 模拟办事处之间运行 OSPFv2协议 进程 2 区域 2
- SW3 模拟办事处发布 Loopback2、产品和营销路由
- FW2发布 Loopback1 路由。
- RT1 发布 Loopback4 路由,向该区域通告 type1默认路由
- RT1 用 prefix-list 匹配 SW3 模拟办事处 Loopback2 和产品路由、 FW2 Loopback1 路由(prefix-list 名称分别为 SW3-FW2-IPv4
- RT1 与 FW2 直连 IPv4 路由(prefix-list 名称为RT1-FW2-IPv4) 以上路由重发布到 process 1
RT1
router ospf 2
router-id 10.4.5.4
network 10.4.5.4 255.255.255.255 area 2
network 10.4.255.24 255.255.255.252 area 2
default-information originate always metric-type 1
FW2
router ospf 2
router-id 10.4.8.1
network 10.4.8.1/32 area 2
network 10.4.255.24/30 area 2
network 10.4.255.28/30 area 2
SW3
!
router ospf 2 vrf Office
ospf router-id 10.4.3.2
network 10.4.3.2/32 area 2
network 10.4.110.0/24 area 2
network 10.4.120.0/24 area 2
network 10.4.255.28/30 area 2
!
重发布
prefix-list 匹配 SW3 模拟办事处 Loopback2 产品路由 FW2 Loopback1 路由prefix-list 名称为 SW3-FW2-IPv4
RT1
配置prefix-list
ip prefix-list SW3-FW2-IPv4 seq 5 permit 10.4.3.2/32
ip prefix-list SW3-FW2-IPv4 seq 10 permit 10.4.8.1/32
ip prefix-list SW3-FW2-IPv4 seq 15 permit 10.4.110.0/24
配置route-map
route-map SW3-FW2-IPv4 10 permit
match ip address prefix-list SW3-FW2-IPv4
重发布到 进程 1
router ospf 1
redistribute ospf 2 route-map SW3-FW2-IPv4
RT1 与 FW2 直连 IPv4 路由(prefix-list 名称为RT1-FW2-IPv4) 以上路由重发布到 process 1
ip prefix-list RT1-FW2-IPv4 seq 5 permit 10.4.255.24/30
route-map RT1-FW2-IPv4 10 permit
match ip address prefix-list RT1-FW2-IPv4
router ospf 1
redistribute connect route-map RT1-FW2-IPv4
- 修改 ospf cost 为 100,实现 SW1 分别与 RT2、FW2 之间 IPv4 和 IPv6互访流量优先通过 SW1-SW2-RT1 链路转发,SW2 访问 Internet IPv4和 IPv6 流量优先通过 SW2-SW1-FW1 链路转发
四条链路全部配置Cost花费100
ip ospf cost 100
ipv6 ospf cost 100
OSPFv6部分
- SW1、SW2、SW3、RT1、RT2、FW1 OSPFv3 协议process1 area 0 分别发布Loopback1 地址路由和产品路由 FW1 通告 type1默认路由
- RT2 与 AC1 之间运行 OSPFv3 协议,process 1,area 1 stub no-summary
- AC1 发布 Loopback1 地址路由、管理、产品和营销路由
- RT1、FW2、SW3 模拟办事处之间运行 OSPFv3 协议 process2 area 2
- SW3 模拟办事处发布 Loopback2、产品和营销路由 FW2发布 Loopback1 路由 RT1 发布 Loopback4 路由 向该区域通告 type1默认路由
- RT1 用 prefix-list 匹配 SW3 模拟办事处 Loopback2 和产品路由、 FW2 Loopback1 路由(prefix-list 名称分别为 SW3-FW2-IPv4和 SW3-FW2-IPv6)、RT1 与 FW2 直连 IPv4 路由(prefix-list 名称为RT1-FW2-IPv4),以上路由重发布到 process 1。
SW1
!
router ipv6 ospf 1
router-id 10.4.1.1
!
router ipv6 ospf 2 vrf Finance
router-id 10.4.1.2
!
interface Vlan1019
ip ospf cost 100
ipv6 ospf cost 100
ipv6 router ospf area 0 tag 1
ip address 10.4.255.14 255.255.255.252
!
interface Vlan1020
ipv6 router ospf area 0 tag 1
ip address 10.4.255.5 255.255.255.252
!
interface Vlan1023
ip ospf cost 100
ipv6 router ospf area 0 tag 1
ip address 10.4.255.1 255.255.255.252
!
interface Vlan1024
ip vrf forwarding Finance
ipv6 router ospf area 2 tag 2
ip address 10.4.255.1 255.255.255.252
!
interface Loopback1
ipv6 address 2001:10:4:1::1/128
ipv6 router ospf area 0 tag 1
ip address 10.4.1.1 255.255.255.255
!
interface Loopback2
ip vrf forwarding Finance
ipv6 address 2001:10:4:1::2/128
ipv6 router ospf area 2 tag 2
ip address 10.4.1.2 255.255.255.255
!
SW2
interface Vlan21
ipv6 address 2001:10:4:21::1/64
ipv6 router ospf area 0 tag 1
interface Vlan1019
ip ospf cost 100
ipv6 ospf cost 100
ipv6 router ospf area 0 tag 1
ip address 10.4.255.22 255.255.255.252
!
interface Vlan1020
ipv6 router ospf area 0 tag 1
ip address 10.4.255.9 255.255.255.252
!
interface Vlan1023
ip ospf cost 100
ipv6 router ospf area 0 tag 1
ip address 10.4.255.2 255.255.255.252
!
interface Vlan1024
ip vrf forwarding Finance
ipv6 router ospf area 2 tag 2
ip address 10.4.255.2 255.255.255.252
!
interface Loopback1
ipv6 address 2001:10:4:2::1/128
ipv6 router ospf area 0 tag 1
interface Loopback2
ip vrf forwarding Finance
ipv6 address 2001:10:4:2::2/128
ipv6 router ospf area 2 tag 2
ip address 10.4.2.2 255.255.255.255
router ipv6 ospf 1
router-id 10.4.2.1
!
router ipv6 ospf 2 vrf Finance
router-id 10.4.2.2
SW3
interface Vlan31
ipv6 address 2001:10:4:31::1/64
ipv6 router ospf area 0 tag 1
ip address 10.4.31.1 255.255.255.0
!
interface Vlan110
ip vrf forwarding Office
ipv6 address 2001:10:4:110::1/64
ipv6 router ospf area 2 tag 2
ip address 10.4.110.1 255.255.255.0
!
interface Vlan120
ip vrf forwarding Office
ipv6 address 2001:10:4:120::1/64
ipv6 router ospf area 2 tag 2
ip address 10.4.120.1 255.255.255.0
!
interface Vlan1015
ip vrf forwarding Office
ipv6 router ospf area 2 tag 2
ip address 10.4.255.30 255.255.255.252
!
interface Vlan1019
ipv6 router ospf area 0 tag 1
ip address 10.4.255.6 255.255.255.252
!
interface Vlan1020
ipv6 router ospf area 0 tag 1
ip address 10.4.255.10 255.255.255.252
!
interface Loopback1
ipv6 address 2001:10:4:3::1/128
ipv6 router ospf area 0 tag 1
ip address 10.4.3.1 255.255.255.255
!
interface Loopback2
ip vrf forwarding Office
ipv6 address 2001:10:4:3::2/128
ipv6 router ospf area 2 tag 2
ip address 10.4.3.2 255.255.255.255
!
AC1
interface Vlan130
ipv6 address 2001:10:4:130::1/64
ipv6 router ospf area 1 tag 1
ip address 10.4.130.1 255.255.255.0
!
interface Vlan140
ipv6 address 2001:10:4:140::1/64
ipv6 router ospf area 1 tag 1
ip address 10.4.140.1 255.255.255.0
!
interface Vlan150
ipv6 address 2001:10:4:150::1/64
ipv6 router ospf area 1 tag 1
ip address 10.4.150.1 255.255.255.0
!
interface Vlan1001
ipv6 router ospf area 1 tag 1
ip address 10.4.255.46 255.255.255.252
!
interface Loopback1
ipv6 address 2001:10:4:4::1/128
ipv6 router ospf area 1 tag 1
ip address 10.4.4.1 255.255.255.255
!
!
router ipv6 ospf 1
router-id 10.4.4.1
area 1 stub no-summary
RT1
router ospfv3 1
router-id 10.4.5.1
redistribute ospf 2 route-map SW3-FW2-IPv6
router ospfv3 2
router-id 10.4.5.4
interface Loopback1
ip address 10.4.5.1 255.255.255.255
ipv6 enable
ipv6 address 2001:10:4:5::1/128
ipv6 ospf 1 area 0
interface Loopback4
ip address 10.4.5.4 255.255.255.255
ipv6 address 2001:10:4:5::4/128
ipv6 ospf 2 area 2
interface GigaEthernet0/0
ip address 10.4.255.33 255.255.255.252
ipv6 enable
ipv6 ospf 1 area 0
interface GigaEthernet0/1
ip address 10.4.255.18 255.255.255.252
ipv6 enable
ip ospf cost 100
ipv6 ospf 1 area 0
ipv6 ospf cost 100
interface GigaEthernet0/2
ip address 10.4.255.21 255.255.255.252
ipv6 enable
ip ospf cost 100
ipv6 ospf 1 area 0
ipv6 ospf cost 100
interface GigaEthernet0/3
ip address 10.4.255.25 255.255.255.252
ipv6 enable
ipv6 ospf 2 area 2
RT2
router ospfv3 1
router-id 10.4.6.5
area 1 stub no-summary
interface Loopback1
ip address 10.4.6.1 255.255.255.255
ipv6 enable
ipv6 address 2001:10:4:6::1/128
ipv6 ospf 1 area 0
interface GigaEthernet0/0
ip address 10.4.255.34 255.255.255.252
ipv6 enable
ipv6 ospf 1 area 0
interface GigaEthernet0/1
ip address 10.4.255.45 255.255.255.252
ipv6 enable
ipv6 ospf 1 area 1
FW1
interface ethernet0/1
zone "trust"
ip address 10.4.255.13 255.255.255.252
ipv6 enable
manage ping
ip ospf cost 100
ipv6 ospf 1 area 0
interface ethernet0/2
zone "trust"
ip address 10.4.255.17 255.255.255.252
ipv6 enable
manage ping
ip ospf cost 100
ipv6 ospf 1 area 0
exit
FW2
interface ethernet0/1
zone "dmz"
ip address 10.4.255.26 255.255.255.252
ipv6 enable
manage ping
ipv6 ospf 2 area 2
exit
interface ethernet0/2
zone "trust"
ip address 10.4.255.29 255.255.255.252
ipv6 enable
manage ping
ipv6 ospf 2 area 2
exit
interface loopback1
zone "trust"
ip address 10.4.8.1 255.255.255.255
ipv6 enable
ipv6 address 2001:10:4:8::1/128
manage ping
ipv6 ospf 2 area 2
重发布
!
route-map SW3-FW2-IPv6 10 permit
match ipv6 address prefix-list SW3-FW2-IPv6
!
!
ipv6 prefix-list SW3-FW2-IPv6 seq 5 permit 2001:10:4:3::2/128
ipv6 prefix-list SW3-FW2-IPv6 seq 10 permit 2001:10:4:8::1/128
ipv6 prefix-list SW3-FW2-IPv6 seq 15 permit 2001:10:4:110::/64
router ospfv3 1
router-id 10.4.5.1
redistribute ospf 2 route-map SW3-FW2-IPv6