HCNA-32 OSPF 被动接口配置(抑制接口)
HCNA-32 OSPF 被动接口配置(抑制接口)基本配置+配置OSPF+OSP区域认证<Huawei>system-viewsysnamer1interfaceloopback 0ipaddress 1.1.1.1 32interfaceGigabitEthernet 0/0/0ipaddress 172.16.12.1 24 interfaceGigabitEthernet 0/0/1ipaddress 192.168.10.1 24 quitospf1area0network 1.1.1.1 0.0.0.0network192.168.10.0 0.0.0.255network172.16.12.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r1>saveThe current configuration will be written tothe device. Are you sure to continue? (y/n):y <Huawei>system-viewsysnamer2interfaceloopback 0ipaddress 2.2.2.2 32interfaceGigabitEthernet 0/0/0ipaddress 172.16.245.2 24 interfaceGigabitEthernet 0/0/1ipaddress 172.16.12.2 24 interfaceGigabitEthernet 0/0/2ipaddress 172.16.23.2 24 quitdisplayip interface brief ospf1area0network2.2.2.2 0.0.0.0network172.16.12.0 0.0.0.255network172.16.23.0 0.0.0.255network172.16.245.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r2>saveThe current configuration will be written tothe device. Are you sure to continue? (y/n):y <Huawei>system-viewsysnamer3interfaceloopback 0ipaddress 3.3.3.3 32interfaceGigabitEthernet 0/0/0ipaddress 172.16.23.3 24 interfaceGigabitEthernet 0/0/1ipaddress 192.168.30.1 24 quitospf1area0network3.3.3.3 0.0.0.0network192.168.30.0 0.0.0.255network172.16.23.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r3>saveThe current configuration will be written tothe device. Are you sure to continue? (y/n):y <Huawei>system-viewsysnamer4interfaceloopback 0 ipaddress 4.4.4.4 32interfaceGigabitEthernet 0/0/0ipaddress 172.16.245.4 24 interfaceGigabitEthernet 0/0/1ipaddress 192.168.40.1 24quitospf1area0network4.4.4.4 0.0.0.0network192.168.40.0 0.0.0.255network172.16.245.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r4>saveThe current configuration will be written tothe device. Are you sure to continue? (y/n):y <Huawei>system-viewsysnamer5interfaceloopback 0ipaddress 5.5.5.5 32interfaceGigabitEthernet 0/0/0ipaddress 172.16.245.5 24 interfaceGigabitEthernet 0/0/1ipaddress 192.168.50.1 24 quitospf1area0network5.5.5.5 0.0.0.0network172.16.245.0 0.0.0.255network192.168.50.0 0.0.0.255authentication-modemd5 1 cipher admin1234return<r5>saveThe current configuration will be written tothe device. Are you sure to continue? (y/n):y 检查邻居状态:<r2>displayospf peer brief//查看OSPF邻居摘要信息 OSPF Process 1 with Router ID 2.2.2.2 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full 0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full 0.0.0.0 GigabitEthernet0/0/1 1.1.1.1 Full 0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full ----------------------------------------------------------------------------查看到R2有4个邻居,状态都是FULL。检测并确认好设备连通性。对PC1抓包:
发现PC接口会一直收到OSPF发送的Hello 数据包偿试发现新邻居。这些数据包对于PC来说没有任何意思,同样还会增加网络风险,防止外部路由接入入侵网络。下面配置被动接口(抑制接口)ospf1silent-interfaceGigabitEthernet 0/0/1//配置沉默接口配置完成后,OSPF老化时间过后,PC1不再收到OSPF的周期性Hello 报文。假如路由器有多个接口需要配置为被动接口,只有一两个接口需要保持成活动状态,可以先沉默所有接口,再undo活动接口:ospf1silent-interfaceall//配置所有接口为沉默接口undosilent-interface GigabitEthernet 0/0/0完成其它几个路由的被动接口ospf1silent-interfaceGigabitEthernet 0/0/1 ospf1silent-interfaceGigabitEthernet 0/0/1 ospf1silent-interfaceGigabitEthernet 0/0/1 验证被动接口ospf1silent-interfaceGigabitEthernet 0/0/1displayospf peer brief OSPF Process 1 with Router ID 2.2.2.2 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full 0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full 0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full ----------------------------------------------------------------------------此时R2 与R1之间的邻居关系消失。displayip routing-table protocol ospf //查看OSPF路由表条目RouteFlags: R - relay, D - download to fib------------------------------------------------------------------------------Publicrouting table : OSPF Destinations : 6 Routes : 6 OSPFrouting table status : <Active> Destinations : 6 Routes : 6 Destination/Mask ProtoPreCost Flags NextHop Interface 3.3.3.3/32OSPF 10 1 D172.16.23.3 GigabitEthernet0/0/2 4.4.4.4/32OSPF 10 1 D172.16.245.4 GigabitEthernet0/0/0 5.5.5.5/32OSPF 10 1 D172.16.245.5 GigabitEthernet0/0/0 192.168.30.0/24OSPF 10 2 D172.16.23.3 GigabitEthernet0/0/2 192.168.40.0/24OSPF 10 2 D172.16.245.4 GigabitEthernet0/0/0 192.168.50.0/24OSPF 10 2 D172.16.245.5 GigabitEthernet0/0/0 OSPFrouting table status : <Inactive> Destinations : 0 Routes : 0以上条目中,没有了R1的路由条目。把R2恢复原样ospf1undosilent-interface GigabitEthernet 0/0/1displayospf peer brief OSPF Process 1 with Router ID 2.2.2.2 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full 0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full 0.0.0.0 GigabitEthernet0/0/1 1.1.1.1 Full 0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full ----------------------------------------------------------------------------举例,刚才R1的GE0/0/1接口在OSPF中已经配置成了Silent-interface那么该配置了被动接口上相关网段的路由信息能否被其它邻居收到:displayip routing-table protocol ospf RouteFlags: R - relay, D - download to fib------------------------------------------------------------------------------Publicrouting table : OSPF Destinations : 8 Routes : 8 OSPFrouting table status : <Active> Destinations : 8 Routes : 8 Destination/Mask ProtoPreCost Flags NextHop Interface 1.1.1.1/32 OSPF 10 1 D 172.16.12.1 GigabitEthernet0/0/1 3.3.3.3/32OSPF 10 1 D172.16.23.3 GigabitEthernet0/0/2 4.4.4.4/32OSPF 10 1 D172.16.245.4 GigabitEthernet0/0/0 5.5.5.5/32OSPF 10 1 D172.16.245.5 GigabitEthernet0/0/0 192.168.10.0/24OSPF 102 D 172.16.12.1 GigabitEthernet0/0/1 192.168.30.0/24OSPF 10 2 D172.16.23.3 GigabitEthernet0/0/2 192.168.40.0/24OSPF 10 2 D172.16.245.4 GigabitEthernet0/0/0 192.168.50.0/24OSPF 10 2 D172.16.245.5 GigabitEthernet0/0/0 OSPFrouting table status : <Inactive> Destinations : 0 Routes : 0结果是其它路由是是仍然可以接收到R1的路由条目的。被动接口只是不再收发任何OSPF报文,但是被动接口所在网段的直连路由条目如果已经在OSPF中宣告,那么也会被其它的OSPF邻居收到。测试连连通性,完成。
页:
[1]
