HCNA-32 OSPF 被动接口配置（抑制接口）

admin · 发表于 2021-2-5 17:15:53

HCNA-32 OSPF 被动接口配置（抑制接口）

基本配置+配置OSPF+OSP区域认证

<Huawei>system-view

[Huawei]sysnamer1

[r1]interfaceloopback 0

[r1-LoopBack0]ipaddress 1.1.1.1 32

[r1-LoopBack0]interfaceGigabitEthernet 0/0/0

[r1-GigabitEthernet0/0/0]ipaddress 172.16.12.1 24

[r1-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r1-GigabitEthernet0/0/1]ipaddress 192.168.10.1 24

[r1-GigabitEthernet0/0/1]quit

[r1]ospf1

[r1-ospf-1]area0

[r1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[r1-ospf-1-area-0.0.0.0]network192.168.10.0 0.0.0.255

[r1-ospf-1-area-0.0.0.0]network172.16.12.0 0.0.0.255

[r1-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r1-ospf-1-area-0.0.0.0]return

<r1>save

The current configuration will be written tothe device.

Are you sure to continue? (y/n)[n]:y

<Huawei>system-view

[Huawei]sysnamer2

[r2]interfaceloopback 0

[r2-LoopBack0]ipaddress 2.2.2.2 32

[r2-LoopBack0]interfaceGigabitEthernet 0/0/0

[r2-GigabitEthernet0/0/0]ipaddress 172.16.245.2 24

[r2-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r2-GigabitEthernet0/0/1]ipaddress 172.16.12.2 24

[r2-GigabitEthernet0/0/1]interfaceGigabitEthernet 0/0/2

[r2-GigabitEthernet0/0/2]ipaddress 172.16.23.2 24

[r2-GigabitEthernet0/0/2]quit

[r2]displayip interface brief

[r2]ospf1

[r2-ospf-1]area0

[r2-ospf-1-area-0.0.0.0]network2.2.2.2 0.0.0.0

[r2-ospf-1-area-0.0.0.0]network172.16.12.0 0.0.0.255

[r2-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255

[r2-ospf-1-area-0.0.0.0]network172.16.245.0 0.0.0.255

[r2-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r2-ospf-1-area-0.0.0.0]return

<r2>save

The current configuration will be written tothe device.

Are you sure to continue? (y/n)[n]:y

<Huawei>system-view

[Huawei]sysnamer3

[r3]interfaceloopback 0

[r3-LoopBack0]ipaddress 3.3.3.3 32

[r3-LoopBack0]interfaceGigabitEthernet 0/0/0

[r3-GigabitEthernet0/0/0]ipaddress 172.16.23.3 24

[r3-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r3-GigabitEthernet0/0/1]ipaddress 192.168.30.1 24

[r3-GigabitEthernet0/0/1]quit

[r3]ospf1

[r3-ospf-1]area0

[r3-ospf-1-area-0.0.0.0]network3.3.3.3 0.0.0.0

[r3-ospf-1-area-0.0.0.0]network192.168.30.0 0.0.0.255

[r3-ospf-1-area-0.0.0.0]network172.16.23.0 0.0.0.255

[r3-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r3-ospf-1-area-0.0.0.0]return

<r3>save

The current configuration will be written tothe device.

Are you sure to continue? (y/n)[n]:y

<Huawei>system-view

[Huawei]sysnamer4

[r4]interfaceloopback 0

[r4-LoopBack0]ipaddress 4.4.4.4 32

[r4-LoopBack0]interfaceGigabitEthernet 0/0/0

[r4-GigabitEthernet0/0/0]ipaddress 172.16.245.4 24

[r4-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r4-GigabitEthernet0/0/1]ipaddress 192.168.40.1 24

[r4-GigabitEthernet0/0/0]quit

[r4]ospf1

[r4-ospf-1]area0

[r4-ospf-1-area-0.0.0.0]network4.4.4.4 0.0.0.0

[r4-ospf-1-area-0.0.0.0]network192.168.40.0 0.0.0.255

[r4-ospf-1-area-0.0.0.0]network172.16.245.0 0.0.0.255

[r4-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r4-ospf-1-area-0.0.0.0]return

<r4>save

The current configuration will be written tothe device.

Are you sure to continue? (y/n)[n]:y

<Huawei>system-view

[Huawei]sysnamer5

[r5]interfaceloopback 0

[r5-LoopBack0]ipaddress 5.5.5.5 32

[r5-LoopBack0]interfaceGigabitEthernet 0/0/0

[r5-GigabitEthernet0/0/0]ipaddress 172.16.245.5 24

[r5-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1

[r5-GigabitEthernet0/0/1]ipaddress 192.168.50.1 24

[r5-GigabitEthernet0/0/1]quit

[r5]ospf1

[r5-ospf-1]area0

[r5-ospf-1-area-0.0.0.0]network5.5.5.5 0.0.0.0

[r5-ospf-1-area-0.0.0.0]network172.16.245.0 0.0.0.255

[r5-ospf-1-area-0.0.0.0]network192.168.50.0 0.0.0.255

[r5-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234

[r5-ospf-1-area-0.0.0.0]return

<r5>save

The current configuration will be written tothe device.

Are you sure to continue? (y/n)[n]:y

检查邻居状态：

<r2>displayospf peer brief //查看OSPF邻居摘要信息

OSPF Process 1 with Router ID 2.2.2.2

Peer Statistic Information

----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full

0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full

0.0.0.0 GigabitEthernet0/0/1 1.1.1.1 Full

0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full

----------------------------------------------------------------------------

查看到R2有4个邻居，状态都是FULL。

检测并确认好设备连通性。

对PC1抓包：

发现PC接口会一直收到OSPF发送的Hello 数据包偿试发现新邻居。这些数据包对于PC来说没有任何意思，同样还会增加网络风险，防止外部路由接入入侵网络。

下面配置被动接口（抑制接口）

[r1]ospf1

[r1-ospf-1]silent-interfaceGigabitEthernet 0/0/1 //配置沉默接口

配置完成后，OSPF老化时间过后，PC1不再收到OSPF的周期性Hello 报文。

假如路由器有多个接口需要配置为被动接口，只有一两个接口需要保持成活动状态，可以先沉默所有接口，再undo活动接口：

[r1]ospf1

[r1-ospf-1]silent-interfaceall //配置所有接口为沉默接口

[r1-ospf-1]undosilent-interface GigabitEthernet 0/0/0

完成其它几个路由的被动接口

[r3]ospf1

[r3-ospf-1]silent-interfaceGigabitEthernet 0/0/1

[r4]ospf1

[r4-ospf-1]silent-interfaceGigabitEthernet 0/0/1

[r5]ospf1

[r5-ospf-1]silent-interfaceGigabitEthernet 0/0/1

验证被动接口

[r2]ospf1

[r2-ospf-1]silent-interfaceGigabitEthernet 0/0/1

[r2-ospf-1]displayospf peer brief

OSPF Process 1 with Router ID 2.2.2.2

Peer Statistic Information

----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full

0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full

0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full

----------------------------------------------------------------------------

此时R2 与R1之间的邻居关系消失。

[r2-ospf-1]displayip routing-table protocol ospf //查看OSPF路由表条目

RouteFlags: R - relay, D - download to fib

------------------------------------------------------------------------------

Publicrouting table : OSPF

Destinations : 6 Routes : 6

OSPFrouting table status : <Active>

Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost Flags NextHop Interface

3.3.3.3/32 OSPF 10 1 D 172.16.23.3 GigabitEthernet

0/0/2

4.4.4.4/32 OSPF 10 1 D 172.16.245.4 GigabitEthernet

0/0/0

5.5.5.5/32 OSPF 10 1 D 172.16.245.5 GigabitEthernet

0/0/0

192.168.30.0/24 OSPF 10 2 D 172.16.23.3 GigabitEthernet

0/0/2

192.168.40.0/24 OSPF 10 2 D 172.16.245.4 GigabitEthernet

0/0/0

192.168.50.0/24 OSPF 10 2 D 172.16.245.5 GigabitEthernet

0/0/0

OSPFrouting table status : <Inactive>

Destinations : 0 Routes : 0

以上条目中，没有了R1的路由条目。

把R2恢复原样

[r2]ospf1

[r2-ospf-1]undosilent-interface GigabitEthernet 0/0/1

[r2-ospf-1]displayospf peer brief

OSPF Process 1 with Router ID 2.2.2.2

Peer Statistic Information

----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full

0.0.0.0 GigabitEthernet0/0/0 5.5.5.5 Full

0.0.0.0 GigabitEthernet0/0/1 1.1.1.1 Full

0.0.0.0 GigabitEthernet0/0/2 3.3.3.3 Full

----------------------------------------------------------------------------

举例，刚才R1的GE0/0/1接口在OSPF中已经配置成了Silent-interface那么该配置了被动接口上相关网段的路由信息能否被其它邻居收到:

[r2]displayip routing-table protocol ospf

RouteFlags: R - relay, D - download to fib

------------------------------------------------------------------------------

Publicrouting table : OSPF

Destinations : 8 Routes : 8

OSPFrouting table status : <Active>

Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 OSPF 10 1 D 172.16.12.1 GigabitEthernet

0/0/1

3.3.3.3/32 OSPF 10 1 D 172.16.23.3 GigabitEthernet

0/0/2

4.4.4.4/32 OSPF 10 1 D 172.16.245.4 GigabitEthernet

0/0/0

5.5.5.5/32 OSPF 10 1 D 172.16.245.5 GigabitEthernet

0/0/0

192.168.10.0/24 OSPF 10 2 D 172.16.12.1 GigabitEthernet

0/0/1

192.168.30.0/24 OSPF 10 2 D 172.16.23.3 GigabitEthernet

0/0/2

192.168.40.0/24 OSPF 10 2 D 172.16.245.4 GigabitEthernet

0/0/0

192.168.50.0/24 OSPF 10 2 D 172.16.245.5 GigabitEthernet

0/0/0

OSPFrouting table status : <Inactive>

Destinations : 0 Routes : 0

结果是其它路由是是仍然可以接收到R1的路由条目的。被动接口只是不再收发任何OSPF报文，但是被动接口所在网段的直连路由条目如果已经在OSPF中宣告，那么也会被其它的OSPF邻居收到。

测试连连通性，完成。

		自动登录	找回密码
密码			立即注册

HCNA-32 OSPF 被动接口配置（抑制接口）

本帖子中包含更多资源