实验目的:
1. 熟悉ISIS路由协议的基础操作方法。
2. 掌握该协议的区域划分,路由级别调整过程。
3. 掌握该协议的网络类型以及网络类型中广播类型的DIS的选举流程。
4. 掌握该协议的路由引入,路由聚合,路由过滤,路由认证等操作流程。
实验要求:
1.R1,R2和R3是Level-1路由器,R6是Level-2路由器。SystemID为0000.0000.000X。ISIS的进程号为1.
通告相关接口,网段10.0.X.0/24暂不通告。
2.R4和R6,R5和R6之间不能有DIS选举;
R1,R2和R3共享网络中,要求R3为DIS,需在R1和R2上配置,且优先级设置尽量小仍可以参与DIS选举。
3.R6引入10.0.X.0/24网段,并标记为100;
区域47.0001能够通过R4 学到10.0.x.0/24网段明细,且必须保持这些路由的标记为100.
4. R2只允许通过缺省路由访问区域47.0002的网络。不能使用ACL和前缀列表。
5. 区域47.0001的所有路由器发送LSP和SNP需要进行认证,认证类型为MD5,密码为Huawei;
level-2路由发送的IIH需要进行认证,认证类型为MD5,密码为Huawei。
实验步骤:
R1配置:
[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47.0001.0000.0000.0001.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
isis enable 1
isis dis-priority 0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R2的配置:
[V200R003C00]
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47.0001.0000.0000.0002.00
filter-policy route-policy deny_dir import
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
isis enable 1
isis dis-priority 0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
route-policy deny_dir deny node 10
if-match tag 100
#
route-policy deny_dir permit node 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3的配置:
[V200R003C00]
#
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47.0001.0000.0000.0003.00
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 34.1.1.3 255.255.255.0
isis enable 1
#
interface Serial1/0/1
link-protocol ppp
ip address 35.1.1.3 255.255.255.0
isis enable 1
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.1.3 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R4的配置:
[V200R003C00]
#
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
cost-style wide
network-entity 47.0001.0000.0000.0004.00
import-route isis level-2 into level-1 filter-policy route-policy Import_dir
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 34.1.1.4 255.255.255.0
isis enable 1
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 46.1.1.4 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
route-policy Import_dir permit node 10
if-match tag 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R5的配置:
[V200R003C00]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
cost-style wide
network-entity 47.0001.0000.0000.0005.00
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
ip address 35.1.1.5 255.255.255.0
isis enable 1
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 56.1.1.5 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R6的配置:
[V200R003C00]
#
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 10.0.0.0 0.0.3.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 47.0002.0000.0000.0006.00
import-route direct route-policy tag
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
ip address 56.1.1.6 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
isis enable 1
#
interface LoopBack11
ip address 10.0.0.1 255.255.255.0
#
interface LoopBack12
ip address 10.0.1.1 255.255.255.0
#
interface LoopBack13
ip address 10.0.3.1 255.255.255.0
#
route-policy tag permit node 10
if-match acl 2000
apply tag 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
领取专属 10元无门槛券
私享最新 技术干货