跳到主要內容

OSPF 指令小記

1.Classless
2.Link-State Protocol
3.靠Hello Packets建鄰居關係,定時送Link-State Advertisement(LSA), LSA會丟給同一個Area的Router(要先建鄰居關係才會交換路由與RIP不同),每個Router會把收到LSA集合成Link State Database,並用SPF演算法算出最佳路徑

Hello Packets(Router ID(獨一無二),Hello and dead Intervals,Area ID,Authentication,Stub Area Flag.....)
Hello Packets每10秒丟一次


OSPF有3張Table
Adjacency Table (鄰居關係)
需要Hello And Dead Intervals,AreaID,Authentication,Stub Area Flag相同,鄰居關才才會建起來!


Topology Database(Link State Database)

     |
     |    (SPF演算法)
     |
    V

Routing Table(Forwarding Table)

OSPF不會定時會更新,只有Topology改變時,才會更新Routing Table


-------------------------------------------------------
Router ID
-------------------------------------------------------
預設為所有UP的介面,最大的IP
例如:

Router#show ip ospf
 Routing Process "ospf 168" with ID 10.2.2.2
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 External flood list length 0
    Area BACKBONE(0) (Inactive)
        Number of interfaces in this area is 0
        Area has no authentication
        SPF algorithm executed 1 times
        Area ranges are
        Number of LSA 1. Checksum Sum 0x009dc7
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0


Router#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        10.1.1.2        YES manual up                    down

FastEthernet0/1        10.2.2.2        YES manual up                    down

Vlan1                  unassigned      YES unset  administratively down down

( Protocol Down 的原因是我沒接網路線,如果要重設Router ID,要先把原本的OSPF no掉)



-------------------------------------------------------
假設有一Router有兩個介面
-------------------------------------------------------

FA 0   ==> IP  10.2.2.2/16
FA 1   ==> IP  10.1.1.2/16


B2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
B2(config)#router ospf 100   --->100為 Process ID (Process ID不同也不會影響鄰居關係的建立)
B2(config-router)#network 10.2.2.2 0.0.0.0 area 0  (在這個介面啟用OSPF)
B2(config-router)#network 10.1.1.2 0.0.0.0 area 0  (在這個介面啟用OSPF)


-------------------------------------------------------
如果有介面不想收送Routing Update,可以使用以下指令
-------------------------------------------------------
B2(config-router)#passive-interface serial 0/0/0




---------------------------------------------------
Loopback (設完可以當OSPF的Router ID)
-------------------------------------------------------

B1(config)#interface loopback 0

%LINK-5-CHANGED: Interface Loopback0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

B1(config-if)#ip address 1.1.1.1 255.255.255.0

(不用no shutdown)


---------------------------------------------------
檢查指令
-------------------------------------------------------
show ip route
show ip protocol
show ip ospf
show ip ospf interface  (列出有哪些介面啟用OSPF)

show ip ospf neighbor



---------------------------------------------------
啟用Load Balancing
-------------------------------------------------------
maximum-paths 6



-------------------------------------------------------
停用Load Balancing
-------------------------------------------------------
maximum-paths 1


-------------------------------------------------------
啟用驗證,在介面下(收送都做驗證)
-------------------------------------------------------
Core(config-if)#ip ospf authentication-key abc   (密碼為abc)
Core(config-if)#ip ospf authentication message-digest   (打完這行才有啟用,並且用MD5加密)


相關介紹請參考這裡

留言

這個網誌中的熱門文章

使用Cisco L3 Switch做VLAN的Routing

目標: 讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing,並且可以互相存取資源與上網,另外再使用Windows Server 2012配發VLAN100,VLAN200的IP Firewall: 使用ASUS AP當Firewall,並設兩條Static Route Switch: Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200,VLAN10為預設的VLAN,VLAN100為Sales,VLAN200為RD Edge Switch為Cisco 3750與2950,其中2950為VLAN100,3750為VLAN200,如果要By Port切VLAN也可以,這裡只是為了方便說明,所以Edge Switch都直接設為單一VLAN Core Switch的設定 原本我只想Show Running-config其中比較重要的設定,後來想想還是全部列出,用紅色標記重要的設定 Gi 1/0/1接2950 Gi 1/0/2接3750 Gi 1/0/24接Router Core-3750#show running-config Building configuration... Current configuration : 2436 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Core-3750 ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model switch 1 provision ws-c3750g-24t system mtu routing 1546 ip routing no ip domain-lookup ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree portfas...

Cisco Switch 發生Loopback

User告知網路無法使用,看了Switch的狀況後,發現那個Port的狀態是Error Disable,接著又看了Switch的log Feb  8 12:14:14 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:15:49 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:18:00 TW: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on FastEthernet0/10. Feb  8 12:18:00 TW: %PM-4-ERR_DISABLE: loopback error detected on Fa0/10, putting Fa0/10 in err-disable state Feb  8 12:18:01 TW: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down Feb  8 12:18:02 TW: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down 應該是User私接設備,除了造成Loopback之外,又在隨便發放IP....... 不過因為那個User比較特殊,先教育了一下之後,再把那個Port shutdown , no shutdown,接著把Recovery設了上去,下次如果再遇到相同狀況,10分鐘後會自動恢復 xxx...

2台 Vigor 2920建立 LAN To LAN VPN (IPsec)

我有兩台Vigor 2920,環境如下: Vigor B 撥出 LAN:192.168.1.0/24 Vigor A 撥入 LAN:172.16.1.0/24 設定如下: Vigor B設定 Vigor A設定 詳細設定請參考官網 http://www.draytek.com/index.php?option=com_k2&view=item&id=2666&Itemid=264&lang=tw