R1 en conf t int lo0 ip add 1.1.1.1 255.255.255.0 ip ospf 1 area 0 int e0/0 ip add 192.168.12.1 255.255.255.0 no sh ip ospf 1 area 0 ================================= R2 略
这边配置完了以后一定要检查一下路由表,确定全部的loopback接口都已经学习到。检查命令show ip route ospf
1 2 3 4 5 6 7 8 9
R4#sh ip route ospf 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 [110/31] via 192.168.34.3, 00:00:47, Ethernet0/0 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/21] via 192.168.34.3, 00:00:57, Ethernet0/0 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/11] via 192.168.34.3, 00:00:57, Ethernet0/0 O 192.168.12.0/24 [110/30] via 192.168.34.3, 00:00:47, Ethernet0/0 O 192.168.23.0/24 [110/20] via 192.168.34.3, 00:00:57, Ethernet0/0
access-list 1 deny 192.168.12.1 0.0.0.0 # 通配符掩码,和IP地址一样是32位二进制,二进制位是1,表示IP这一位不需要一样,二进制位是0,表示IP这一位必须要一样。 # ACL同一个序列号,可以写多个匹配条件和动作,在遇到流量的时候,会按照从上而下的顺序去匹配,匹配上了,就执行动作。匹配不上就继续向下。尽量将匹配条件严格的放在上面。 access-list 1 permit any # ACL默认最后会拒绝所有,所以至少需要一条放行 interface Ethernet0/0 ip access-group 1 in # 要注意,ACL必须要在接口上使用才能生效,使用的时候一定要想清楚是in还是out
最后检查效果
1 2 3 4 5 6 7 8 9 10 11
R1#ping 4.4.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) R1#ping 4.4.4.4 source 1.1.1.1 #换了一个源IP地址,就通了 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms