·¢²¼Ê±¼ä : ÐÇÆÚÒ» ÎÄÕÂH3CNEÌâ¿â¹ÙÍø×îÐÂÍêÕû°æ£¨¸½´ð°¸Ïê½â£©¸üÐÂÍê±Ï¿ªÊ¼ÔĶÁ
H3CÍøÂçѧԺ
RTA£º
[RTA] ospf
[RTA-ospf-1] area 0
[RTA-ospf-1-area-0.0.0.0] network 192.168.1.1 0.0.0.3 [RTA-GigabitEthernet0/0] ospf dr-priority 2 RTB£º
[RTB] ospf
[RTB-ospf-1] area 0
[RTB-ospf-1-area-0.0.0.0] network 192.168.1.1 0.0.0.3 [RTB-GigabitEthernet0/0] ospf dr-priority
ÄÇôÔÚOSPF ÁÚ¾Ó״̬Îȶ¨ºó£¬__ B ____¡££¨Ñ¡ÔñÒ»Ïî»ò¶àÏ
A. OSPF ½Ó¿ÚÓÅÏȼ¶Ïàͬ£¬ÔÚ192.168.1.0/30 Íø¶ÎÉϲ»½øÐÐOSPF DR Ñ¡¾Ù B. Á½Ì¨Â·ÓÉÆ÷ÖУ¬Ò»Ì¨ÎªDR£¬Ò»Ì¨ÎªBDR C. Á½Ì¨Â·ÓÉÆ÷ÖУ¬Ò»Ì¨ÎªDR£¬Ò»Ì¨ÎªDRother D. Á½Ì¨Â·ÓÉÆ÷µÄÁÚ¾Ó״̬·Ö±ðΪFULL¡¢2-Way
* Á½Ì¨Â·ÓÉÆ÷Äܹ»Í¨ÐÅ£¬ÔÚRTAºÍRTBÖж¼ÅäÅZÁËOSPF£¬Òò´Ë¸ù¾ÝOSPFµÄ״̬»ú(Êé±¾P466ͼ36-5)¿ÉÖªÐè½øÐÐDRºÍBDRµÄÑ¡¾Ù£¬ÓÉÓÚRTAµÄDRÓÅÏȼ¶ÉèΪ2£¬¶øRTBµÄÓÅÏȼ¶ÊÇĬÈϵģ¬¸ù¾ÝDR/BDRµÄÑ¡¾ÙÌõ¼þÓÅÏȼ¶¸ßµÄ±»Ñ¡ÎªDR£¬ÓÅÏȼ¶µÚ¶þµÄ±»Ñ¡ÎªBDR£¬ÓÉÓÚÖ»ÓÐÁ½Ì¨Â·ÓÉÆ÷£¬Òò´ËÒ»¸öÊÇDR£¬Ò»¸öÊÇBDR¡£¹ÊÑ¡B¡£
18. ÔÚ·ÓÉÆ÷µÄ·ÓɱíÖÐÓÐÒ»ÌõĬÈÏ·ÓÉ£¬ÆäÄ¿µÄÍø¶ÎºÍÑÚÂ붼ÊÇ0.0.0.0£¬¶øÆäÏÂÒ»ÌøÊÇ·ÓÉÆ÷µÄS0/0 ½Ó¿Ú£¬ÄÇôÏÂÁйØÓÚ´Ë·ÓɵÄÃèÊöÕýÈ·µÄÊÇ__ABCD____¡£
A. µ±Â·ÓÉÆ÷ÊÕµ½È¥ÍùÄ¿µÄµØÖ·120.1.1.1 µÄÊý¾Ý°üʱ£¬Èç¹û·ÓÉÆ÷±íÖÐûÓÐÆäËûÈ·ÇÐÆ¥ÅäÏÄÇô¸ÃÊý¾Ý°ü½«Æ¥Åä´ËĬÈÏ·ÓÉ
B. ¸Ã·ÓɵÄÑÚÂë×î¶Ì£¬Òò´ËÖ»ÓÐÔÚûÓÐÆäËü·ÓÉÆ¥ÅäÊý¾Ý°üµÄÇé¿öÏ£¬Êý¾Ý°ü²Å»á°´ÕÕĬÈÏ·ÓÉת·¢ C. ÕâÌõ·ÓɵĶÈÁ¿ÖµÓпÉÄÜÊÇ3 D. ÕâÌõ·ÓɵÄÓÅÏȼ¶ÓпÉÄÜÊÇ100
* ÓÉÓÚ´ËÌâÖ»¸æËßÎÒÃÇÓÐÒ»ÌõĬÈϵÄ·ÓÉÊÇ0.0.0.0/0£¬»¹ÓУ¬Ä¬ÈÏ·ÓÉ¿ÉÒÔÊÖ¹¤ÅäÅZ£¬Ò²¿ÉÒÔÓÉijЩ¶¯Ì¬Â·ÓÉÐÒé×Ô¶¯Éú³É£¬È磺OSPF¡¢IS-ISºÍRIP¡£Òò´ËABCD¶¼ÊÇÕýÈ·µÄ¡£
19. ÔÚÔËÐÐÁËRIP µÄMSR ·ÓÉÆ÷ÉÏ¿´µ½ÈçÏ·ÓÉÐÅÏ¢£º
Destination/Mask Proto Pre Cost NextHop Interface 6.6.6.0/24 RIP 100 1 100.1.1.1 GE0/0
6.0.0.0/8 Static 60 0 100.1.1.1 GE0/0
´Ëʱ·ÓÉÆ÷ÊÕµ½Ò»¸öÄ¿µÄµØַΪ6.6.6.6 µÄÊý¾Ý°ü£¬ÄÇô__A ___¡£ A. ¸ÃÊý¾Ý°ü½«ÓÅÏÈÆ¥Åä·ÓɱíÖеÄRIP ·ÓÉ£¬ÒòΪÆäÑÚÂë× B. ¸ÃÊý¾Ý°ü½«ÓÅÏÈÆ¥Åä·ÓɱíÖÐRIP ·ÓÉ£¬ÒòΪÆäÓÅÏȼ¶¸ß
C. ¸ÃÊý¾Ý°ü½«ÓÅÏÈÆ¥Åä·ÓɱíÖеľ²Ì¬Â·ÓÉ£¬ÒòΪÆ仨·ÑCost С
D. ¸ÃÊý¾Ý°ü½«ÓÅÏÈÆ¥Åä·ÓɱíÖеľ²Ì¬Â·ÓÉ£¬ÒòΪÆäÑÚÂë×î¶Ì
* µ±Ò»ÌõÊý¾Ý°ü½øÈë·ÓÉÆ÷µÄʱºò£¬Ê×ÏÈÆ¥Åä·ÓɱíÖÐÑÚÂë×µÄ£»µ±µ½´ïÄ¿µÄµØÓв»Í¬µÄ·ÓÉÐÒéÌõĿʱ£¬Ê×ÏÈÆ¥Åä·ÓÉÐÒéµÄÓÅÏȼ¶£»µ±µ½´ïÄ¿µÄµØÓжàÌõͬÖÖ·ÓÉÐÒéµÄʱºò£¬Ê×ÏÈÆ¥ÅäCOSTֵСµÄ¡£¹ÊÑ¡A¡£
5
H3CÍøÂçѧԺ
20. һ̨¿ÕÅäÅZMSR·ÓÉÆ÷RTA·Ö±ðͨ¹ýGE0/0¡¢GE1/0 Á¬½ÓÁ½Ì¨ÔËÐÐÔÚOSPF Area 0 µÄ·ÓÉÆ÷RTB ºÍRTC¡£RTA µÄ½Ó¿ÚGE0/0 ºÍGE1/0 µÄIP µØÖ··Ö±ðΪ192.168.3.2/24 ºÍ192.168.4.2/24¡£ÔÚRTA ÉÏÌí¼ÓÈçÏÂÅäÅZ£º
[MSR-ospf-1] area 0.0.0.0
[MSR-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.3.255 [MSR-GigabitEthernet0/0] ospf cost 2
[MSR-GigabitEthernet1/0] ospf dr-priority 0
ÄÇô¹ØÓÚÉÏÊöÅäÅZÃèÊöÕýÈ·µÄÊÇ__BDE __¡££¨Ñ¡ÔñÒ»Ïî»ò¶àÏ A. ¸ÃÅäÅZÔÚMSR ·ÓÉÆ÷µÄGE0/0¡¢GE1/0 É϶¼Æô¶¯ÁËOSPF B. ¸ÃÅäÅZÖ»ÔÚMSR ·ÓÉÆ÷µÄGE0/0 ½Ó¿ÚÉÏÆô¶¯ÁËOSPF C. RTA ¿ÉÄܳÉΪÁ½¸öGE½Ó¿ÚËùÔÚÍø¶ÎµÄDR
D. RTA Ö»¿ÉÄܳÉΪÆäÖÐÒ»¸öGE½Ó¿ÚËùÔÚÍø¶ÎµÄDR E. Ð޸ĽӿÚGE0/0µÄCost²»Ó°ÏìOSPFÁÚ½Ó¹ØϵµÄ½¨Á¢
* AÒòΪÐû¸æµÄÍø¶ÎΪ192.168.0.0 0.0.3.255£¬ËùÒÔG0/0Æô¶¯ÁËOSPF£»B ÓÉÓÚAÊÇ´íµÄ£¬ËùÒÔBÊǶԵģ»C ÓÉÓÚÔÚRTAµÄG1/0µÄ½Ó¿ÚÉÏÅäÅZÁËÓÅÏȼ¶Îª0£¬Òò´ËG1/0½Ó¿ÚûÓÐDR/BDRµÄÑ¡¾ÙȨ£»D ÓÉÓÚRTAµÄG1/0½Ó¿ÚÒѾûÓÐDR/BDRµÄÑ¡¾ÙȨÁË£¬ÏÖÔÚÖ»ÓÐG0/0½Ó¿ÚÓÐÑ¡¾ÙȨ£¬ËùÒÔDÊǶԵģ»E costÖµÊDz»»áÓ°Ï쵽ѡ¾ÙDR/BDRµÄ£¬ËüÖ»ÄÜÓ°Ï쵽·ÓɵÄËã·¨¡£¹ÊÑ¡BDE¡£
21. ¿Í»§Â·ÓÉÆ÷µÄ½Ó¿ÚGigabitEthernet0/0 ÏÂÁ¬½ÓÁ˾ÖÓòÍøÖ÷»úHostA£¬ÆäIP µØַΪ192.168.0.2/24£»½Ó¿ÚSerial6/0 ½Ó¿ÚÁ¬½ÓÔ¶¶Ë£¬Ä¿Ç°ÔËÐÐÕý³£¡£ÏÖÔö¼ÓACL ÅäÅZÈçÏ£º firewall enable
firewall default permit acl number 3003 rule 0 permit tcp
rule 5 permit icmp acl number 2003
rule 0 deny source 192.168.0.0 0.0.0.255 interface GigabitEthernet0/0 firewall packet-filter 3003 inbound firewall packet-filter 2003 outbound ip address 192.168.0.1 255.255.255.0 interface Serial6/0 link-protocol ppp
ip address 6.6.6.2 255.255.255.0
¼ÙÉèÆäËûÏà¹ØÅäÅZ¶¼ÕýÈ·£¬ÄÇô__CD __¡££¨Ñ¡ÔñÒ»Ïî»ò¶àÏ A. HostA ²»ÄÜping ͨ¸Ã·ÓÉÆ÷ÉϵÄÁ½¸ö½Ó¿ÚµØÖ·
B. HostA ²»ÄÜping ͨ6.6.6.2£¬µ«ÊÇ¿ÉÒÔping ͨ192.168.0.1 C. HostA ²»ÄÜping ͨ192.168.0.1£¬µ«ÊÇ¿ÉÒÔping ͨ6.6.6.2
D. HostA ¿ÉÒÔTelnet µ½¸Ã·ÓÉÆ÷ÉÏ
* A HostAÊÇ¿ÉÒÔpingͨ6.6.6.2µÄµ«ÊÇping²»Í¨192.168.0.1£¬ÒòΪaclÖ»¸ÉµôÁËÈ¥Íù192.168.0.0µÄICMPÊý¾Ý°ü£¬Ã»ÓÐÀ¹½ØÆäËûµÄÍø¶ÎÊý¾Ý°ü£¬Òò´ËÓÉA¿ÉÖªCÊǶԵģ»D ÒòΪֻÕë¶Ô´ËÌâÀ´¿´£¬Ö»ÅäÅZÁËACLûÓÐÅäÅZÆäËûµÄ£¬ËùÒÔDÒ²ÊǶԵġ£¹ÊÑ¡CD¡£
22. ÈçͼËùʾÍøÂç»·¾³ÖУ¬ÔÚRTA ÉÏÖ´ÐÐÈçÏÂNAT ÅäÅZ£º
6
H3CÍøÂçѧԺ
[RTA] acl number 2000
[RTA-acl-basic-2000] rule 0 permit source 10.0.0.0 0.0.0.255
[RTA-acl-basic-2000] nat address-group 1 200.76.28.11 200.76.28.11 [RTA] interface Ethernet0/1
[RTA-Ethernet0/1] nat outbound 2000 address-group 1
ÅäÅZºó£¬Client_A ºÍClient_B ¶¼ÔÚ·ÃÎÊServer£¬Ôò´ËʱRTA µÄNAT ±í¿ÉÄÜΪ___D___¡£ A.Protocol GlobalAddr Port InsideAddr Port DestAddr Port 1 200.76.28.11 12289 100.0.0.1 1024 200.76.29.4 1024 VPN: 0, status: NOPAT, TTL: 00:01:00, Left: 00:00:59
1 200.76.28.11 12288 100.0.0.2 512 200.76.29.4 512 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:51
B.Protocol GlobalAddr Port InsideAddr Port DestAddr Port 1 200.76.28.11 12289 100.0.0.1 1024 200.76.29.4 1024 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:59
1 200.76.28.12 12288 100.0.0.2 512 200.76.29.4 512 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:51
C.Protocol GlobalAddr Port InsideAddr Port DestAddr Port 1 200.76.28.12 12289 100.0.0.1 1024 200.76.29.4 1024 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:59
1 200.76.28.11 12288 100.0.0.2 512 200.76.29.4 512 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:51
D.Protocol GlobalAddr Port InsideAddr Port DestAddr Port 1 200.76.28.11 12289 100.0.0.1 1024 200.76.29.4 1024 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:59
1 200.76.28.11 12288 100.0.0.2 512 200.76.29.4 512 VPN: 0, status: 11, TTL: 00:01:00, Left: 00:00:51
* ÕâµÀÌ⿼µÄÊÇNATµØַת»»£¬×öµÄÊÇNAPTµÄµØַת»»£¬ÒòΪnat outbound 2000 address-group 1ºóÃæûÓмÓno-pat,ËùÒÔÊÇת»»µÄÊǶ˿ںţ¬ÓÉÓÚ±¾ÈËÓõÄWvrp 5.5Ä£ÄâÆ÷×öµÄnatת»»£¬ËùÒÔû·¨Åбð³ö¶Ô´í£¬Ö»ÄÜÓÃdebugging nat packetÀ´×¥°ü¿´¿´ÁË£¬ÒÔÏÂÊDZ¾ÈË»ùÓÚÄ£ÄâÆ÷×¥µÄ°ü£¬Òò´ËÕâÌâµÄ¶Ô´íÎÒÒ²²»ÊǺÜÇå³þ£¬¹ÊÑ¡D¡£
*0.927860 RTB SEC/7/NAT:
(IP forwarding) Forward : Pro : ICMP, ID : 69,
( 1.1.1.1:53163 - 200.76.29.1:53163) ------> ( 200.76.28.11:46889 - 200.76.29.1:53163)
7
H3CÍøÂçѧԺ
*0.927950 RTB SEC/7/NAT:
(IP forwarding) Reverse : Pro : ICMP, ID : 10,
( 200.76.29.1:46889 - 200.76.28.11:46889) ------> ( 200.76.29.1:46889 - 1.1.1.1:53163) *0.927950 RTB SEC/7/NAT: NAT new mbuf vpn index=0 *0.928340 RTB SEC/7/NAT:
(IP forwarding) Forward : Pro : ICMP, ID : 70,
( 1.1.1.1:53163 - 200.76.29.1:53163) ------> ( 200.76.28.11:46889 - 200.76.29.1:53163) *0.928450 RTB SEC/7/NAT:
(IP forwarding) Reverse : Pro : ICMP, ID : 11,
( 200.76.29.1:46889 - 200.76.28.11:46889) ------> ( 200.76.29.1:46889 - 1.1.1.1:53163) *0.928450 RTB SEC/7/NAT: NAT new mbuf vpn index=0 *0.928890 RTB SEC/7/NAT:
(IP forwarding) Forward : Pro : ICMP, ID : 72,
( 1.1.1.1:53163 - 200.76.29.1:53163) ------> ( 200.76.28.11:46889 - 200.76.29.1:53163) *0.928980 RTB SEC/7/NAT:
(IP forwarding) Reverse : Pro : ICMP, ID : 12,
( 200.76.29.1:46889 - 200.76.28.11:46889) ------> ( 200.76.29.1:46889 - 1.1.1.1:53163) *0.928980 RTB SEC/7/NAT: NAT new mbuf vpn index=0 *0.929380 RTB SEC/7/NAT:
(IP forwarding) Forward : Pro : ICMP, ID : 73,
( 1.1.1.1:53163 - 200.76.29.1:53163) ------> ( 200.76.28.11:46889 - 200.76.29.1:53163) *0.929470 RTB SEC/7/NAT:
(IP forwarding) Reverse : Pro : ICMP, ID : 13,
( 200.76.29.1:46889 - 200.76.28.11:46889) ------> ( 200.76.29.1:46889 - 1.1.1.1:53163) *0.929470 RTB SEC/7/NAT: NAT new mbuf vpn index=0 *0.929890 RTB SEC/7/NAT:
(IP forwarding) Forward : Pro : ICMP, ID : 74,
( 1.1.1.1:53163 - 200.76.29.1:53163) ------> ( 200.76.28.11:46889 - 200.76.29.1:53163) *0.930000 RTB SEC/7/NAT:
(IP forwarding) Reverse : Pro : ICMP, ID : 14,
( 200.76.29.1:46889 - 200.76.28.11:46889) ------> ( 200.76.29.1:46889 - 1.1.1.1:53163) *0.930000 RTB SEC/7/NAT: NAT new mbuf vpn index=0
8