好站网
XCIE-HUAWEI-双点双向引入带来的问题以及解决办法(三种)+各种路由环路
本章内容很长,建议耐心观看
先来一个环境,很常见的哈
说个故事剧情哈,我是个大学生我文采也不好,也不知道兄弟们听不听
随便啦
左边部门A右边部门B,中心信息中心
那么这一天
部门AB都来了新人,又刚好那么巧
两边的原本的ip规划都用完了,现在要加上新的
lo就代表新的地址,我懒得加上个交换机表示网段了,一样的意思
然后这个时候,部门AB的网段已经弄好了,不要管以前是怎么通的
反正现在不通
然后信息中心归你管,两边的lo(新网段已经建设宣告好了)
到了信息中心这,我们应该做啥?
很明显,这不是重分布嘛,思科是重分布,华为叫引入
没毛病
先来看正常的
直接发上来dis cu了没什么好讲解的
<R1>dis current-configuration
[V200R003C00]
#sysname R1
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#undo info-center enable
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 1.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
#
interface LoopBack1ip address 100.1.1.1 255.255.255.255 ospf enable 1 area 0.0.0.0
#
interface LoopBack9
#
ospf 1 router-id 1.1.1.1 area 0.0.0.0
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>
<R1>
<R1>dis ospf pe
<R1>dis ospf peer OSPF Process 1 with Router ID 1.1.1.1Neighbors Area 0.0.0.0 interface 1.1.1.1(GigabitEthernet0/0/0)'s neighborsRouter ID: 2.2.2.2 Address: 1.1.1.2 State: Full Mode:Nbr is Master Priority: 1DR: 1.1.1.1 BDR: 1.1.1.2 MTU: 0 Dead timer due in 34 sec Retrans timer interval: 5 Neighbor is up for 03:49:29 Authentication Sequence: [ 0 ] <R1>dis ip rou
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet
0/0/01.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/01.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.0/24 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0100.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0200.1.1.1/32 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<R1>
<XXZX>dis cu <XXZX>dis current-configuration [V200R003C00]#sysname XXZX#snmp-agent local-engineid 800007DB03000000000000snmp-agent #clock timezone China-Standard-Time minus 08:00:00#portal local-server load portalpage.zip#drop illegal-mac alarm#undo info-center enable#set cpu-usage threshold 80 restore 75#aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http#isis 1network-entity 49.0001.0000.0000.0001.00import-route ospf 1 #firewall zone Localpriority 15#interface Ethernet0/0/0#interface Ethernet0/0/1#interface Ethernet0/0/2#interface Ethernet0/0/3#interface Ethernet0/0/4#interface Ethernet0/0/5#interface Ethernet0/0/6#interface Ethernet0/0/7#interface GigabitEthernet0/0/0ip address 1.1.1.2 255.255.255.0 ospf enable 1 area 0.0.0.0#interface GigabitEthernet0/0/1ip address 2.2.2.1 255.255.255.0 isis enable 1#interface NULL0#ospf 1 router-id 2.2.2.2 import-route isis 1area 0.0.0.0
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX> dis isis p
<XXZX>dis isis peer Peer information for ISIS(1)System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0003 GE0/0/1 0000.0000.0003.01 Up 9s L2 64 Total Peer(s): 1
<XXZX>dis ospf pe
<XXZX>dis ospf peer OSPF Process 1 with Router ID 2.2.2.2Neighbors Area 0.0.0.0 interface 1.1.1.2(GigabitEthernet0/0/0)'s neighborsRouter ID: 1.1.1.1 Address: 1.1.1.1 State: Full Mode:Nbr is Slave Priority: 1DR: 1.1.1.1 BDR: 1.1.1.2 MTU: 0 Dead timer due in 32 sec Retrans timer interval: 5 Neighbor is up for 03:50:13 Authentication Sequence: [ 0 ] <XXZX>dis ip rou
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 12 Routes : 12 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/01.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/01.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/12.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/12.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<XXZX>
<R3>dis current-configuration
[V200R003C00]
#sysname R3
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
isis 1is-level level-2network-entity 49.0001.0000.0000.0003.00
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 2.2.2.2 255.255.255.0 isis enable 1
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0ip address 200.1.1.1 255.255.255.255 isis enable 1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>dis isis p
<R3>dis isis peer Peer information for ISIS(1)System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0001 GE0/0/0 0000.0000.0003.01 Up 29s L2 64 Total Peer(s): 1
<R3>dis ip rou
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/02.2.2.0/24 Direct 0 0 D 2.2.2.2 GigabitEthernet
0/0/02.2.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0100.1.1.1/32 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0200.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<R3>
注意上面的操作叫做
单点双向引入
而且工作中很常见
补充知识
ospf里面看的是lsdb
isis也是,但是查看详细路由的方式不一样
display isis lsdb中
带*号的,都是这个本地产生的LSP对标ospf的LSA
那么查看详细的
display isis lsdb LSPID verbose
就是查看的一条的详细信息
问题来了,难道实际中就一台机器吗??备份这东西,不是超级常见吗
重点来了
双点双向重分布是有可能会引起环路的!!!
[XXZX-2]
[XXZX-2]dis cu
[V200R003C00]
sysname XXZX-2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0004.00
firewall zone Local
priority 15
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Ethernet0/0/2
interface Ethernet0/0/3
interface Ethernet0/0/4
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
isis enable 1
interface GigabitEthernet0/0/1
ip address 3.3.3.2 255.255.255.0
ospf enable 1 area 0.0.0.0
interface NULL0
ospf 1
area 0.0.0.0
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
[XXZX-2]
此处我先不引入这个路由表,当然了,配置也还没做,一会边说边做
因为目前我还没引入,所以还是只能走上面的
不过,现在做哈~
目前这个就是双点双向的路由引入了
说到这,兄弟们不要照抄我配置,没用
我是讲解技术点的
如果照抄可以发现发r4没用isis和ospf邻居
因为我2和3没宣告对应的
这个懒得贴出来了
我这个可能比较枯燥
因为我有点类似讲课的进度
但是我这个很齐全很完整!
这个时候我们先来看看两个信息中心的路由表
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/01.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/01.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/12.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/12.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/13.3.3.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/04.4.4.0/24 ISIS-L2 15 20 D 2.2.2.2 GigabitEthernet
0/0/1100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<XXZX> ---------------------------------------------------------<XXZX-2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/12.2.2.0/24 ISIS-L2 15 20 D 4.4.4.4 GigabitEthernet
0/0/03.3.3.0/24 Direct 0 0 D 3.3.3.2 GigabitEthernet
0/0/13.3.3.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/13.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/14.4.4.0/24 Direct 0 0 D 4.4.4.1 GigabitEthernet
0/0/04.4.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/04.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0100.1.1.1/32 OSPF 10 1 D 3.3.3.1 GigabitEthernet
0/0/1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0200.1.1.1/32 ISIS-L2 15 10 D 4.4.4.4 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<XXZX-2>
这个是本章的重点,估计我自己都厌烦了哈哈,都多少东西了才到正文,这要是语文课本,我得被拉去打靶了
目前是没问题的
一会告诉你们为什么有问题
我们往下加一台路由器
问题出现了
为什么不通呢
他们都有彼此路由呀
为什么呢?
相信这个时候已经有人发现问题了
为什么在R3的路由表里面
192.168.1.1这条
只有一边而不是两边呢?
这就是问题所在
答案是什么?
这是什么情况呢?
环路了!!!
环路了
环路了
重要的事情说三遍
给我看好了
为什么
什么原因
首先
ISIS-L2优先级为15
OSPF外部路由O_ASE为150
那么以上图为例
为什么R1会有两条负载的去往R8的路由?
首先第一条 直连的走2/0/0 没毛病
第二条,是来自0/0/0口,那么,根据路由器防环,R2是肯定不可能从R1雪莱这条路有的
那么只能是R3
那么对于R3来说,这是怎么来的呢?
R4给的
R4怎么来的呢?
R1给的
这一串过来到了R2对说
我左边收到192.168.1.1 OSPF的外部路由 优先级150
我右边收到192.168.1.1 isis-l2的路由 优先级15那我路由表肯定加表优先级低的呀
没毛病
那么我就把isis的192.168.1.1传过去了,但是呢这边是ospf
所以
在r1上就能看到192.168.1.1这条负载的
所以这就是原因
那么负载的情况下,如果走了这条,不就是环路了嘛?
这个就是本章的重点,因为重分布後优先级带来的环路的原因
原理和mqc是一样的,只不过这个是路由,那个是策略,如果连着看的话肯定能很快理解的
好了,找到问题了
找到我们得解决呀,怎么干呢?
办法有两种
1.路由策略,过滤路由解决-用import里面附加route-policy
而不是用filter-policy,但是这个方法,没办法解决次优路径问题
假设现在在这个R2有一台pc去访问,192.168.1.1,那么他就不能走最优先的那边
得绕一圈,因为这个filter-polichy把他阻断了
2.使用优先级改动的办法
比如下面的是因为ISIS-L2的路由为15优先级,OSPF-ASE是因为这个150,所以选择了ISIS,那么现在,我把ISIS改大,看效果就知道了
修改优先级只是本地有效哈!!!
但是R1还是不通
他是解决了,R4没解决,而且R2也会受到影响
因为R2受影响会间接导致R4也会受到影响
为什么?
因为,R4的192.168.1.1这个路由一开始是用的ISIS的,这个优先级一改
他就会选择OSPF的,那么它传输给R1的也是OSPF
操作
R2和R4的ISIS优先级都调整到151
其实也可以改OSPF的一样的道理哈
然后目前看到的是R2和R4都正常了,是来自OSPF的外部路由
而且在R1上也都正常了
这个时候全网ping,都是可以互通的
那么这个时候就可以形成备份了,只要他物理状态断了
因为物理状态断了,首先ip没了,其次协议肯定没了,然后路由也没了,那么这个时候
才会去走ISIS,形成备份
终于可以讲本章的重点了,TAG,标签,都1.2w字了呀妈呀
TAG呢是标签,包括VLAN呢这个,也叫打标签去标签这样
先说思路
在R5引入的外部路由打TAG,在R2和R4上,针对这一条路由,修改优先级,让他小于ISIS
就是给他个备注,然后呢,根据这个备注我们来做其他的操作
TAG
记住他的作用,一个标记
R8是始发源,那么,他在做引入的时候,带上这个名字为HCIE的route-policy
我是先做了绑定在做策略哈,然后引入的时候带上这个TAG,TAG名字为111
发送端
接收
看着,OSPF的LSDB链路状态数据库
目前来说,还是没任何变动的哈,只是加上一个标记
怎么改呢?当然还是用策略了,其他的也改不了
做完了还得挂接哈,挂哪里呢?
既然改的是OSPF,当然是在OSPF里面呀
注意,仅仅修改的是OSPF的ASE的外部路由,不过呢其实挂全局也没问题,因为其他的路由不含有TAG-111这个属性,但是针对ASE的外部路由来做,更加精细
检查
当然了,不只是一边要做,另外一边,也要做
<XXZX-2>sys
Enter system view, return user view with Ctrl+Z.
[XXZX-2]undo inf en
Info: Information center is disabled.
[XXZX-2]ospf
[XXZX-2-ospf-1]pr
[XXZX-2-ospf-1]preference a
[XXZX-2-ospf-1]preference ase rou
[XXZX-2-ospf-1]preference ase route-policy OSPF
[XXZX-2-ospf-1]
[XXZX-2-ospf-1]q
[XXZX-2]rou
[XXZX-2]route-
[XXZX-2]route-policy-change
[XXZX-2]route-policy OSPF p
[XXZX-2]route-policy OSPF permit no
[XXZX-2]route-policy OSPF permit node 10
Info: New Sequence of this List.
[XXZX-2-route-policy]if
[XXZX-2-route-policy]if-match t
[XXZX-2-route-policy]if-match tag 111
[XXZX-2-route-policy]pr
[XXZX-2-route-policy]app
[XXZX-2-route-policy]apply p
[XXZX-2-route-policy]apply preference 10
[XXZX-2-route-policy]dis ip rou pr ospf | in 192.168.1.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPFDestinations : 7 Routes : 7 OSPF routing table status : <Active>Destinations : 6 Routes : 6Destination/Mask Proto Pre Cost Flags NextHop Interface192.168.1.1/32 O_ASE 10 1 D 3.3.3.1 GigabitEthernet0/0/
1OSPF routing table status : <Inactive>Destinations : 1 Routes : 1Destination/Mask Proto Pre Cost Flags NextHop Interface[XXZX-2-route-policy]
这个就是通过PBR结合TAG的解决办法
新问题又来了
假设这样呢?
左边的是解决了,右边的新来的咋办呢?
答案是不会出问题
so why???
因为
路由引入有一个点是很重要的请记住
只有路由优先级低的往高的进入可能会被覆盖
高的进入低的是没问题的
因为优先级摆在这呀
千万不要以为结束了,本章才到一半呢,现在是一万五千字
为什么这样说呢?
因为,还有环路的出现哦!
来看环境
还是他,环境不变,为什么说会出现环路呢?
假设,这个R8,故障了或者说,他不在需要重分布OSPF以外的路由进来了,在刚刚的配置下会导致环路,你们信吗
先说为什么,再做实验
假设现在,R8故障了,那就是说,收不到来自192.168.1.1这条LSA了(OSPF里面叫LSA,ISIS里面叫LSP,MPLS里面也有LSP)
那么OSPF的老化时间是多少?
3600秒
10分钟
算你hello包那个40秒维护邻居了
这40秒内
就可以造成路由环路
为什么呢?当R1这边不泛洪这条192.168.1.1的这条LSA了
但是R2 R3 R4上面还是有的呀
然后,R2,R4对R1的就断了
收到了来自R5的ISIS的192.168.1.1
然后又回到两台信息中心R2,R4,然后这个重分布又到了R1这里
那么在R1上这条192.168.1.1的路由依然会存在,但是会变成啥呢?
指向R2或者R4其中一个
这么一来,不就是环路了嘛?
话不多说,做实验见真章,口说无凭
这个时候来看R1的路由表
这个时候,ping肯定不通,追踪
又衍生出一个新的环路问题哦~那怎么解决呢?
同理,就算R8不宣告了,我的R8的OSPF的LSDB一样会收到,你信不?
神奇吧~,他已经不是自己产生的了,是外部的来自2.2.2.2的传过来的路由
出了问题咱们就解决问题!
说个扯淡的,你重启进程肯定能解决,但是真实环境中可能么?
绝对不可能,你都不知道他挂了,甚至都不知道环路了
只是挺突然的,网络突然挂了
针对双点双向的路由引入环境的时候
当外部路由撤销的时候,可能会产生由于链路延迟的问题
导致优先级引入或者撤销LSA的情况,产生的路由环路的问题解决办法:使用TAG作为标签,在中间的环境下,针对一个点引入的路由,在本端不在引入
啥意思呢?
上面的,你有的我就不要了
下面的,你不要的话那就我要吧
(通过人为基于TAG的策略路由来做)
其实这个有点像啥呢?
路由器的防环机制,但是他不是
从一个接口发出去的路由不会再从我这个口回来,这个是防环的
但是这个是要做成什么呢?
从我这口出去的,从我这里回来
这里先恢复环境,中间还是双点双向
下面则是正常的路由引入
解决办法
首先
从OSPF引入到ISIS的路由,打上这个TAG-100,在R2上做
那么对应的
拒绝从ISIS重分布到OSPF,并且标签为TAG-100的路由,在R4上做
可能有点难理解啊
怎么说呢
今天,X市有疫情了,这里是Y市,只要你经过X市,你的行程卡就有X市,实施永久封禁,永世不得经过Y市=当地法律=策略,但是你可以回去X市
(当然,这是路由的,是双向哈)
在R4上,从OSPF引入到ISIS的路由打上标签TAG-200
反正这个逻辑自己理解一下哈,很简单的
注意下方向哈,因为路由是双向的,那么左右都要做,并不是做一边就可以
总结一下
从左往右
A R2=信息中心主=从OSPF引入到ISIS的路由打上TAG=100=允许通过B R2=信息中心主=从OSPF引入到ISIS的路由打上TAG=200=拒接通过C R4=信息中心备=从ISIS引入OSPF的路由打上TAG=100=拒绝通过D R4=信息中心备=从ISIS引入OSPF的路由打上TAG=200=`允许通过从右往左
E R2=信息中心主=从ISIS引入到OSPF的路由打上TAG=300=允许通过F R2=信息中心主=从ISIS引入到OSPF的路由打上TAG=400=拒绝通过G R4=信息中心备=从OSPF到ISIS的路由打上TAG=300=拒绝通过H R4=信息中心备=从OSPF到ISIS的路由打上TAG=400=允许通过注意方向!!!
看着我那个图
一个一看就能理解了
条件出来了,一会配置这个PBR就简单多了,不骗你们
就怕你们绕路啊,我还特别加上了这个ABCDEFGH
注意看一组对应一组的
解释一下AC
R1始发的路由,到R2上,OSPF引入到ISIS,那么带上100的TAG
然后ISIS传输下来,到了R4,发现这路由带着TAG=100,拒绝通过
到了BD
那么到下面的收到之后转为200,TAG=200发给R1没问题,发给R2
发现TAG=200,拒绝通过,这样就肯定不会环路
以此类推哈
当然了还不够完美,还差一点就是前面做过的,至于为什么往上翻
始发打上TAG=500=R8设备
因为优先级的问题
优先级解决正常引入
TAG用来解决这个撤销回退
然后R2和R4上分别针对TAG=500的路由优先级改为10
以上就是双点双向配置过程以及带来的问题以及解决办法
接下来是这个配置了
上操作了, 慢慢看哈,很多!
这里一步一步讲解,最后会贴出来所有配置以及同款拓扑图链接,给我留个赞就行
R2-信息中心主
针对R2,这条要在ISIS里面去调用
我是按照顺序来做的,这条是针对从左到右,从OSPF到ISIS的路由的,所以要在ISIS上做
所以
这里是从左边到右边了
同理,从左到右是在ISIS里面做策略,那么从右到左自然是在OSPF下做
注意两个策略路由是不一样的,一个是针对OSPF_ASE-解决优先级
一个是解决环路-FANGHUAN-2的PBR
这里在讲讲,为什么从左到右是在ISIS下做策略,从右到左是在OSPF下做策略
因为,我们先看从左到右,在ISIS中引入OSPF的策略,然后我再ISIS的内部在泛洪,传播LSP,那么我的规则就是这个呀,那么肯定是要在发的地方做的,我再OSPF里面做是没有意义的,因为实际上是在ISIS里面运作。他才是最终者
当然,从右到左也是同理,看上面的解释即可
R4-信息中心-2
上面已经解释过了,这里不再过多解释,不懂的看上面的解释
R2和R4是同样的道理
注意哈,上面是ISIS,下面是OSPF了,为什么呢?
就是因为方向,真的这个要慢慢看,不然会晕的
R2防御红色的,R4防御绿色的
各机的路由表以及测试以及配置
先测试
配置
<R8>
<R8>dis cu
<R8>dis current-configuration
[V200R003C00]
#sysname R8
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#drop illegal-mac alarm
#undo info-center enable
#wlan ac-global carrier id other ac id 0
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 10.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0ip address 192.168.1.1 255.255.255.255
#
ospf 1 import-route direct route-policy HCIEarea 0.0.0.0
#
route-policy HCIE permit node 10 apply tag 500
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R8>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
LoopBack0 192.168.1.1/32 up up(s)
NULL0 unassigned up up(s)
<R8>dis ip rou
<R8>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 OSPF 10 2 D 10.1.1.10 GigabitEthernet
0/0/02.2.2.0/24 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/03.3.3.0/24 OSPF 10 2 D 10.1.1.10 GigabitEthernet
0/0/04.4.4.0/24 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/010.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet
0/0/010.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/010.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0100.1.1.1/32 OSPF 10 1 D 10.1.1.10 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0200.1.1.1/32 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<R8>dis ospf lsdbOSPF Process 1 with Router ID 10.1.1.1Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.1 4.4.4.1 1665 36 80000015 1Router 2.2.2.2 2.2.2.2 1655 36 80000015 1Router 1.1.1.1 1.1.1.1 356 72 80000022 1Router 10.1.1.1 10.1.1.1 355 36 80000018 1Network 1.1.1.2 2.2.2.2 1655 32 80000013 0Network 10.1.1.10 1.1.1.1 356 32 80000002 0Network 3.3.3.2 4.4.4.1 1665 32 80000012 0AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 192.168.1.1 10.1.1.1 356 36 8000000F 1External 10.1.1.0 10.1.1.1 356 36 8000000F 1External 4.4.4.0 4.4.4.1 596 36 80000013 1External 4.4.4.0 2.2.2.2 1248 36 80000011 1External 2.2.2.0 2.2.2.2 1248 36 80000013 1External 200.1.1.1 2.2.2.2 1248 36 80000013 1<R8>
<R1>dis current-configuration
[V200R003C00]
#sysname R1
#board add 0/2 1GEC
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#drop illegal-mac alarm
#undo info-center enable
#wlan ac-global carrier id other ac id 0
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 1.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1ip address 3.3.3.1 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0ip address 10.1.1.10 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface NULL0
#
interface LoopBack0
#
interface LoopBack1ip address 100.1.1.1 255.255.255.255 ospf enable 1 area 0.0.0.0
#
interface LoopBack9
#
ospf 1 router-id 1.1.1.1 area 0.0.0.0
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>dis ip rou
<R1>dis ip routing-tabl
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 18 Routes : 19 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet
0/0/01.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/01.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.0/24 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/03.3.3.0/24 Direct 0 0 D 3.3.3.1 GigabitEthernet
0/0/13.3.3.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/13.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/14.4.4.0/24 O_ASE 150 1 D 3.3.3.2 GigabitEthernet
0/0/1O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/010.1.1.0/24 Direct 0 0 D 10.1.1.10 GigabitEthernet
2/0/010.1.1.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
2/0/010.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
2/0/0100.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.1.1/32 O_ASE 150 1 D 10.1.1.1 GigabitEthernet
2/0/0200.1.1.1/32 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<R1>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 7
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 7
The number of interface that is DOWN in Protocol is 0Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 1.1.1.1/24 up up
GigabitEthernet0/0/1 3.3.3.1/24 up up
GigabitEthernet2/0/0 10.1.1.10/24 up up
LoopBack0 unassigned up up(s)
LoopBack1 100.1.1.1/32 up up(s)
LoopBack9 unassigned up up(s)
NULL0 unassigned up up(s)
<R1>dis ospf lsdbOSPF Process 1 with Router ID 1.1.1.1Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.1 4.4.4.1 1705 36 80000015 1Router 2.2.2.2 2.2.2.2 1695 36 80000015 1Router 1.1.1.1 1.1.1.1 396 72 80000022 1Router 10.1.1.1 10.1.1.1 397 36 80000018 1Network 1.1.1.2 2.2.2.2 1695 32 80000013 0Network 10.1.1.10 1.1.1.1 396 32 80000002 0Network 3.3.3.2 4.4.4.1 1705 32 80000012 0AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 192.168.1.1 10.1.1.1 398 36 8000000F 1External 4.4.4.0 4.4.4.1 636 36 80000013 1External 4.4.4.0 2.2.2.2 1288 36 80000011 1External 2.2.2.0 2.2.2.2 1288 36 80000013 1External 10.1.1.0 10.1.1.1 398 36 8000000F 1External 200.1.1.1 2.2.2.2 1288 36 80000013 1<R1>dis rou
<R1>dis route-policy
<R1>
<XXZX>dis cu
<XXZX>dis current-configuration
[V200R003C00]
#sysname XXZX
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#drop illegal-mac alarm
#undo info-center enable
#wlan ac-global carrier id other ac id 0
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
isis 1network-entity 49.0001.0000.0000.0001.00import-route ospf 1 route-policy FANGHUAN
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 1.1.1.2 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1ip address 2.2.2.1 255.255.255.0 isis enable 1
#
interface NULL0
#
ospf 1 router-id 2.2.2.2 import-route isis 1 route-policy FANGHUAN-2preference ase route-policy OSPF 150 area 0.0.0.0
#
route-policy OSPF permit node 10 if-match tag 500apply preference 10
#
route-policy FANGHUAN deny node 10 if-match tag 200
#
route-policy FANGHUAN permit node 20 apply tag 100
#
route-policy FANGHUAN-2 deny node 10 if-match tag 400
#
route-policy FANGHUAN-2 permit node 20 apply tag 300
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX>
<XXZX>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 0Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 1.1.1.2/24 up up
GigabitEthernet0/0/1 2.2.2.1/24 up up
NULL0 unassigned up up(s)
<XXZX>dis ip rou
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 16 Routes : 16 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/01.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/01.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/12.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/12.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/13.3.3.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/04.4.4.0/24 ISIS-L2 15 20 D 2.2.2.2 GigabitEthernet
0/0/110.1.1.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/0100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.1.1/32 O_ASE 10 1 D 1.1.1.1 GigabitEthernet
0/0/0200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<XXZX>dis ospf lsdbOSPF Process 1 with Router ID 2.2.2.2Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.1 4.4.4.1 1789 36 80000015 1Router 2.2.2.2 2.2.2.2 1776 36 80000015 1Router 1.1.1.1 1.1.1.1 479 72 80000022 1Router 10.1.1.1 10.1.1.1 480 36 80000018 1Network 1.1.1.2 2.2.2.2 1776 32 80000013 0Network 10.1.1.10 1.1.1.1 480 32 80000002 0Network 3.3.3.2 4.4.4.1 1789 32 80000012 0AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 4.4.4.0 2.2.2.2 1369 36 80000011 1External 2.2.2.0 2.2.2.2 1369 36 80000013 1External 200.1.1.1 2.2.2.2 1369 36 80000013 1External 192.168.1.1 10.1.1.1 481 36 8000000F 1External 4.4.4.0 4.4.4.1 719 36 80000013 1External 10.1.1.0 10.1.1.1 481 36 8000000F 1<XXZX>dis isis lsdb ve
<XXZX>dis isis lsdb verbose Database information for ISIS(1)--------------------------------Level-1 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x0000002b 0xfa86 1121 56 0/0/0 SOURCE 0000.0000.0001.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 2.2.2.1IP-Internal 2.2.2.0 255.255.255.0 COST: 10 Total LSP(s): 1*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-OverloadLevel-2 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x0000002d 0x1fc2 1121 70 0/0/0 SOURCE 0000.0000.0001.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 2.2.2.1NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0001.00-01* 0x00000030 0xa9ae 1121 89 0/0/0 SOURCE 0000.0000.0001.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 0000.0000.0003.00-00 0x0000002d 0x570b 653 113 0/0/0 SOURCE 0000.0000.0003.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 200.1.1.1INTF ADDR 4.4.4.4INTF ADDR 2.2.2.2NBR ID 0000.0000.0003.02 COST: 10 NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 200.1.1.1 255.255.255.255 COST: 0 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0003.01-00 0x00000027 0x6101 653 55 0/0/0 SOURCE 0000.0000.0003.01NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0001.00 COST: 0 0000.0000.0003.02-00 0x00000027 0xaeaf 653 55 0/0/0 SOURCE 0000.0000.0003.02NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0004.00 COST: 0 0000.0000.0004.00-00 0x0000002b 0xb023 643 70 0/0/0 SOURCE 0000.0000.0004.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 4.4.4.1NBR ID 0000.0000.0003.02 COST: 10 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 0000.0000.0004.00-01 0x0000002d 0x97c0 714 89 0/0/0 SOURCE 0000.0000.0004.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 Total LSP(s): 7*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload<XXZX> dis rou
<XXZX>dis route-policy
Route-policy : OSPFpermit : 10 (matched counts: 2)Match clauses : if-match tag 500Apply clauses : apply preference 10
Route-policy : FANGHUANdeny : 10 (matched counts: 0)Match clauses : if-match tag 200permit : 20 (matched counts: 6)Apply clauses : apply tag 100
Route-policy : FANGHUAN-2deny : 10 (matched counts: 0)Match clauses : if-match tag 400permit : 20 (matched counts: 7)Apply clauses : apply tag 300
<XXZX>
<XXZX-2>dis cu
[V200R003C00]
#sysname XXZX-2
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#drop illegal-mac alarm
#undo info-center enable
#wlan ac-global carrier id other ac id 0
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
isis 1is-level level-2network-entity 49.0001.0000.0000.0004.00import-route ospf 1 route-policy FANGHUAN-2 preference 151
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 4.4.4.1 255.255.255.0 isis enable 1
#
interface GigabitEthernet0/0/1ip address 3.3.3.2 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface NULL0
#
ospf 1 import-route isis 1 route-policy FANGHUANpreference ase route-policy OSPF 150 area 0.0.0.0
#
route-policy OSPF permit node 10 if-match tag 500apply preference 10
#
route-policy FANGHUAN deny node 10 if-match tag 100
#
route-policy FANGHUAN permit node 20 apply tag 200
#
route-policy FANGHUAN-2 deny node 10 if-match tag 300
#
route-policy FANGHUAN-2 permit node 20 apply tag 400
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX-2>
<XXZX-2>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 0Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 4.4.4.1/24 up up
GigabitEthernet0/0/1 3.3.3.2/24 up up
NULL0 unassigned up up(s)
<XXZX-2>dis ip rou
<XXZX-2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 16 Routes : 16 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/12.2.2.0/24 O_ASE 150 1 D 3.3.3.1 GigabitEthernet
0/0/13.3.3.0/24 Direct 0 0 D 3.3.3.2 GigabitEthernet
0/0/13.3.3.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/13.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/14.4.4.0/24 Direct 0 0 D 4.4.4.1 GigabitEthernet
0/0/04.4.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/04.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/010.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/1100.1.1.1/32 OSPF 10 1 D 3.3.3.1 GigabitEthernet
0/0/1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.1.1/32 O_ASE 10 1 D 3.3.3.1 GigabitEthernet
0/0/1200.1.1.1/32 O_ASE 150 1 D 3.3.3.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<XXZX-2>dis ospf lsdbOSPF Process 1 with Router ID 4.4.4.1Link State Database Area: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 4.4.4.1 4.4.4.1 92 36 80000016 1Router 2.2.2.2 2.2.2.2 84 36 80000016 1Router 1.1.1.1 1.1.1.1 584 72 80000022 1Router 10.1.1.1 10.1.1.1 585 36 80000018 1Network 1.1.1.2 2.2.2.2 84 32 80000014 0Network 10.1.1.10 1.1.1.1 585 32 80000002 0Network 3.3.3.2 4.4.4.1 92 32 80000013 0AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 4.4.4.0 4.4.4.1 822 36 80000013 1External 192.168.1.1 10.1.1.1 586 36 8000000F 1External 4.4.4.0 2.2.2.2 1476 36 80000011 1External 2.2.2.0 2.2.2.2 1476 36 80000013 1External 10.1.1.0 10.1.1.1 586 36 8000000F 1External 200.1.1.1 2.2.2.2 1476 36 80000013 1<XXZX-2>dis isis lsdb verDatabase information for ISIS(1)--------------------------------Level-2 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x0000002d 0x1fc2 1009 70 0/0/0 SOURCE 0000.0000.0001.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 2.2.2.1NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0001.00-01 0x00000030 0xa9ae 1009 89 0/0/0 SOURCE 0000.0000.0001.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 0000.0000.0003.00-00 0x0000002d 0x570b 542 113 0/0/0 SOURCE 0000.0000.0003.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 200.1.1.1INTF ADDR 4.4.4.4INTF ADDR 2.2.2.2NBR ID 0000.0000.0003.02 COST: 10 NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 200.1.1.1 255.255.255.255 COST: 0 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0003.01-00 0x00000027 0x6101 541 55 0/0/0 SOURCE 0000.0000.0003.01NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0001.00 COST: 0 0000.0000.0003.02-00 0x00000027 0xaeaf 541 55 0/0/0 SOURCE 0000.0000.0003.02NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0004.00 COST: 0 0000.0000.0004.00-00* 0x0000002b 0xb023 535 70 0/0/0 SOURCE 0000.0000.0004.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 4.4.4.1NBR ID 0000.0000.0003.02 COST: 10 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 0000.0000.0004.00-01* 0x0000002d 0x97c0 605 89 0/0/0 SOURCE 0000.0000.0004.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 Total LSP(s): 7*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload<XXZX-2>dis rou
<XXZX-2>dis route-policy
Route-policy : OSPFpermit : 10 (matched counts: 2)Match clauses : if-match tag 500Apply clauses : apply preference 10
Route-policy : FANGHUANdeny : 10 (matched counts: 0)Match clauses : if-match tag 100permit : 20 (matched counts: 3)Apply clauses : apply tag 200
Route-policy : FANGHUAN-2deny : 10 (matched counts: 3)Match clauses : if-match tag 300permit : 20 (matched counts: 6)Apply clauses : apply tag 400
<XXZX-2>
<R3>dis current-configuration
[V200R003C00]
#sysname R3
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#drop illegal-mac alarm
#wlan ac-global carrier id other ac id 0
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
isis 1is-level level-2network-entity 49.0001.0000.0000.0003.00
#
firewall zone Localpriority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0ip address 2.2.2.2 255.255.255.0 isis enable 1
#
interface GigabitEthernet0/0/1ip address 4.4.4.4 255.255.255.0 isis enable 1
#
interface NULL0
#
interface LoopBack0ip address 200.1.1.1 255.255.255.255 isis enable 1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3> dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 0Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 2.2.2.2/24 up up
GigabitEthernet0/0/1 4.4.4.4/24 up up
LoopBack0 200.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
<R3>dis ip rou
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 16 Routes : 21 Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.0/24 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/12.2.2.0/24 Direct 0 0 D 2.2.2.2 GigabitEthernet
0/0/02.2.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/02.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/03.3.3.0/24 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/04.4.4.0/24 Direct 0 0 D 4.4.4.4 GigabitEthernet
0/0/14.4.4.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/14.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/110.1.1.0/24 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0100.1.1.1/32 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0192.168.1.1/32 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0200.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<R3> dis isis lsdb ve
<R3>dis isis lsdb verbose Database information for ISIS(1)--------------------------------Level-2 Link State DatabaseLSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x0000002d 0x1fc2 893 70 0/0/0 SOURCE 0000.0000.0001.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 2.2.2.1NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0001.00-01 0x00000030 0xa9ae 893 89 0/0/0 SOURCE 0000.0000.0001.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 0000.0000.0003.00-00* 0x0000002d 0x570b 427 113 0/0/0 SOURCE 0000.0000.0003.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 200.1.1.1INTF ADDR 4.4.4.4INTF ADDR 2.2.2.2NBR ID 0000.0000.0003.02 COST: 10 NBR ID 0000.0000.0003.01 COST: 10 IP-Internal 200.1.1.1 255.255.255.255 COST: 0 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 IP-Internal 2.2.2.0 255.255.255.0 COST: 10 0000.0000.0003.01-00* 0x00000027 0x6101 427 55 0/0/0 SOURCE 0000.0000.0003.01NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0001.00 COST: 0 0000.0000.0003.02-00* 0x00000027 0xaeaf 427 55 0/0/0 SOURCE 0000.0000.0003.02NLPID IPV4NBR ID 0000.0000.0003.00 COST: 0 NBR ID 0000.0000.0004.00 COST: 0 0000.0000.0004.00-00 0x0000002b 0xb023 419 70 0/0/0 SOURCE 0000.0000.0004.00NLPID IPV4AREA ADDR 49.0001 INTF ADDR 4.4.4.1NBR ID 0000.0000.0003.02 COST: 10 IP-Internal 4.4.4.0 255.255.255.0 COST: 10 0000.0000.0004.00-01 0x0000002d 0x97c0 489 89 0/0/0 SOURCE 0000.0000.0004.00IP-External 1.1.1.0 255.255.255.0 COST: 64 IP-External 3.3.3.0 255.255.255.0 COST: 64 IP-External 10.1.1.0 255.255.255.0 COST: 64 IP-External 100.1.1.1 255.255.255.255 COST: 64 IP-External 192.168.1.1 255.255.255.255 COST: 64 Total LSP(s): 7*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload<R3>
链接:https://pan.baidu.com/s/1FPam2fs4T6PvVfz0FCoxPg?pwd=CCIE
提取码:CCIE
–来自百度网盘超级会员V4的分享
对应ENSP拓扑图( 含配置)
牛的,四万多字,估计官方文档都没我这么多字,能看到这肯定铁粉了,留个赞谢谢啦~