實驗目的:
1。 熟悉ISIS路由協議的基礎操作方法。
2。 掌握該協議的區域劃分,路由級別調整過程。
3。 掌握該協議的網路型別以及網路型別中廣播型別的DIS的選舉流程。
4。 掌握該協議的路由引入,路由聚合,路由過濾,路由認證等操作流程。
實驗要求:
1。R1,R2和R3是Level-1路由器,R6是Level-2路由器。SystemID為0000。0000。000X。ISIS的程序號為1。
通告相關介面,網段10。0。X。0/24暫不通告。
2。R4和R6,R5和R6之間不能有DIS選舉;
R1,R2和R3共享網路中,要求R3為DIS,需在R1和R2上配置,且優先順序設定儘量小仍可以參與DIS選舉。
3。R6引入10。0。X。0/24網段,並標記為100;
區域47。0001能夠透過R4 學到10。0。x。0/24網段明細,且必須保持這些路由的標記為100。
4。 R2只允許透過預設路由訪問區域47。0002的網路。不能使用ACL和字首列表。
5。 區域47。0001的所有路由器傳送LSP和SNP需要進行認證,認證型別為MD5,密碼為Huawei;
level-2路由傳送的IIH需要進行認證,認證型別為MD5,密碼為Huawei。
實驗步驟:
R1配置:
[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage。zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47。0001。0000。0000。0001。00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192。168。1。1 255。255。255。0
isis enable 1
isis dis-priority 0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1。1。1。1 255。255。255。255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R2的配置:
[V200R003C00]
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage。zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47。0001。0000。0000。0002。00
filter-policy route-policy deny_dir import
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192。168。1。2 255。255。255。0
isis enable 1
isis dis-priority 0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2。2。2。2 255。255。255。255
isis enable 1
#
route-policy deny_dir deny node 10
if-match tag 100
#
route-policy deny_dir permit node 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3的配置:
[V200R003C00]
#
sysname R3
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage。zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-1
cost-style wide
network-entity 47。0001。0000。0000。0003。00
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 34。1。1。3 255。255。255。0
isis enable 1
#
interface Serial1/0/1
link-protocol ppp
ip address 35。1。1。3 255。255。255。0
isis enable 1
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192。168。1。3 255。255。255。0
isis enable 1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 3。3。3。3 255。255。255。255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R4的配置:
[V200R003C00]
#
sysname R4
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage。zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
cost-style wide
network-entity 47。0001。0000。0000。0004。00
import-route isis level-2 into level-1 filter-policy route-policy Import_dir
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
ip address 34。1。1。4 255。255。255。0
isis enable 1
#
interface Serial1/0/1
link-protocol ppp
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 46。1。1。4 255。255。255。0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 4。4。4。4 255。255。255。255
isis enable 1
#
route-policy Import_dir permit node 10
if-match tag 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R5的配置:
[V200R003C00]
#
sysname R5
#
board add 0/1 2SA
board add 0/2 2SA
board add 0/4 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage。zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
cost-style wide
network-entity 47。0001。0000。0000。0005。00
#
firewall zone Local
priority 15
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
ip address 35。1。1。5 255。255。255。0
isis enable 1
#
interface Serial2/0/0
link-protocol ppp
#
interface Serial2/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 56。1。1。5 255。255。255。0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet4/0/0
#
interface GigabitEthernet4/0/1
#
interface GigabitEthernet4/0/2
#
interface GigabitEthernet4/0/3
#
interface NULL0
#
interface LoopBack0
ip address 5。5。5。5 255。255。255。255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R6的配置:
[V200R003C00]
#
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage。zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 10。0。0。0 0。0。3。255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m。Nt84DZ}e#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 47。0002。0000。0000。0006。00
import-route direct route-policy tag
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46。1。1。6 255。255。255。0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/1
ip address 56。1。1。6 255。255。255。0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6。6。6。6 255。255。255。255
isis enable 1
#
interface LoopBack11
ip address 10。0。0。1 255。255。255。0
#
interface LoopBack12
ip address 10。0。1。1 255。255。255。0
#
interface LoopBack13
ip address 10。0。3。1 255。255。255。0
#
route-policy tag permit node 10
if-match acl 2000
apply tag 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return