拓扑图 实验目的: 1.熟悉ISIS路由协议的基础操作方法。 2.掌握该协议的区域划分,路由级别调整过程。 3.掌握该协议的网络类型以及网络类型中广播类型的DIS的选举流程。 4.掌握该协议的路由引入,路由聚合,路由过滤,路由认证等操作流程。 实验要求: 1.R1,R2和R3是Level-1路由器,R6是Level-2路由器。SystemID为0000.0000.000X。ISIS的进程号为1. 通告相关接口,网段10.0.X.0/24暂不通告。 2.R4和R6,R5和R6之间不能有DIS选举; R1,R2和R3共享网络中,要求R3为DIS,需在R1和R2上配置,且优先级设置尽量小仍可以参与DIS选举。 3.R6引入10.0.X.0/24网段,并标记为100; 区域47.0001能够通过R4 学到10.0.x.0/24网段明细,且必须保持这些路由的标记为100. 4. R2只允许通过缺省路由访问区域47.0002的网络。不能使用ACL和前缀列表。 5. 区域47.0001的所有路由器发送LSP和SNP需要进行认证,认证类型为MD5,密码为Huawei; level-2路由发送的IIH需要进行认证,认证类型为MD5,密码为Huawei。 实验步骤: R1配置: [V200R003C00]
sysname R1
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 is-level level-1 cost-style wide network-entity 47.0001.0000.0000.0001.00
firewall zone Local priority 15
interface GigabitEthernet0/0/0 ip address 192.168.1.1 255.255.255.0 isis enable 1 isis dis-priority 0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
Return R2的配置:
[V200R003C00]
sysname R2
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 is-level level-1 cost-style wide network-entity 47.0001.0000.0000.0002.00 filter-policy route-policy deny_dir import
firewall zone Local priority 15
interface GigabitEthernet0/0/0 ip address 192.168.1.2 255.255.255.0 isis enable 1 isis dis-priority 0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0 ip address 2.2.2.2 255.255.255.255 isis enable 1
route-policy deny_dir deny node 10 if-match tag 100
route-policy deny_dir permit node 100
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
return R3的配置:
[V200R003C00]
sysname R3
board add 0/1 2SA board add 0/2 2SA board add 0/4 4GET
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 is-level level-1 cost-style wide network-entity 47.0001.0000.0000.0003.00
firewall zone Local priority 15
interface Serial1/0/0 link-protocol ppp ip address 34.1.1.3 255.255.255.0 isis enable 1
interface Serial1/0/1 link-protocol ppp ip address 35.1.1.3 255.255.255.0 isis enable 1
interface Serial2/0/0 link-protocol ppp
interface Serial2/0/1 link-protocol ppp
interface GigabitEthernet0/0/0 ip address 192.168.1.3 255.255.255.0 isis enable 1
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet4/0/0
interface GigabitEthernet4/0/1
interface GigabitEthernet4/0/2
interface GigabitEthernet4/0/3
interface NULL0
interface LoopBack0 ip address 3.3.3.3 255.255.255.255 isis enable 1
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
return R4的配置:
[V200R003C00]
sysname R4
board add 0/1 2SA board add 0/2 2SA board add 0/4 4GET
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 cost-style wide network-entity 47.0001.0000.0000.0004.00 import-route isis level-2 into level-1 filter-policy route-policy Import_dir
firewall zone Local priority 15
interface Serial1/0/0 link-protocol ppp ip address 34.1.1.4 255.255.255.0 isis enable 1
interface Serial1/0/1 link-protocol ppp
interface Serial2/0/0 link-protocol ppp
interface Serial2/0/1 link-protocol ppp
interface GigabitEthernet0/0/0 ip address 46.1.1.4 255.255.255.0 isis enable 1 isis circuit-type p2p isis ppp-negotiation 3-way only
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet4/0/0
interface GigabitEthernet4/0/1
interface GigabitEthernet4/0/2
interface GigabitEthernet4/0/3
interface NULL0
interface LoopBack0 ip address 4.4.4.4 255.255.255.255 isis enable 1
route-policy Import_dir permit node 10 if-match tag 100
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
return R5的配置:
[V200R003C00]
sysname R5
board add 0/1 2SA board add 0/2 2SA board add 0/4 4GET
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 cost-style wide network-entity 47.0001.0000.0000.0005.00
firewall zone Local priority 15
interface Serial1/0/0 link-protocol ppp
interface Serial1/0/1 link-protocol ppp ip address 35.1.1.5 255.255.255.0 isis enable 1
interface Serial2/0/0 link-protocol ppp
interface Serial2/0/1 link-protocol ppp
interface GigabitEthernet0/0/0 ip address 56.1.1.5 255.255.255.0 isis enable 1 isis circuit-type p2p isis ppp-negotiation 3-way only
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet4/0/0
interface GigabitEthernet4/0/1
interface GigabitEthernet4/0/2
interface GigabitEthernet4/0/3
interface NULL0
interface LoopBack0 ip address 5.5.5.5 255.255.255.255 isis enable 1
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
return R6的配置: [V200R003C00]
sysname R6
snmp-agent local-engineid 800007DB03000000000000 snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
acl number 2000
rule 5 permit source 10.0.0.0 0.0.3.255
aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http
isis 1 is-level level-2 cost-style wide network-entity 47.0002.0000.0000.0006.00 import-route direct route-policy tag
firewall zone Local priority 15
interface GigabitEthernet0/0/0 ip address 46.1.1.6 255.255.255.0 isis enable 1 isis circuit-type p2p isis ppp-negotiation 3-way only
interface GigabitEthernet0/0/1 ip address 56.1.1.6 255.255.255.0 isis enable 1 isis circuit-type p2p isis ppp-negotiation 3-way only
interface GigabitEthernet0/0/2
interface NULL0
interface LoopBack0 ip address 6.6.6.6 255.255.255.255 isis enable 1
interface LoopBack11 ip address 10.0.0.1 255.255.255.0
interface LoopBack12 ip address 10.0.1.1 255.255.255.0
interface LoopBack13 ip address 10.0.3.1 255.255.255.0
route-policy tag permit node 10 if-match acl 2000 apply tag 100
user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20
wlan ac
return