isis（六）

IS-IS的综合实验

拓扑如图：

要求：

1、根据拓扑环境，配置直连IP地址，保证底层的联通性。
2、在不同路由器对应接口和环回接口上开启集成ISIS。
3、R1-R2-R3处于区域49.0001、R4处于区域49.0002、R5-R6处于区域49.0003、R7-R8处于49.0004 。ISIS路由器的system id规划为：R1=0000.0000.0001，R2=0000.0000.0002其余的依次类推。
4、要求在所有路由器上开启ISIS的日志功能用来检测运行。
5、修改对应路由器的层次类型。
6、通过在接口下定义电路类型来限制ISIS没必要的分组。
7、通过修改接口或者链路的开销来实现选路的优化，要求R2和R3到达对方时都走以太网链路。
8、R7和R8通过帧中继链路运行ISIS，DLCI号分别为708和807 。
9、在R3上重新创建环回口loop back100，配置从网段地址：172.16.1.0/24，172.16.2.0/24，172.16.3.0/24，172.16.4.0/24然后汇总。
10、要求在R3上将其LSP的泛洪周期从默认的15分钟<900s>修改为<1800s>，将其老化时间从默认的<1200s>修改为<2000s>；将R4的hello间隔改为30s。
11、在R4上通告动态默认路由。
12、在R5和R6之间建立基于链路的认证并要求采用MD5；要求在区域49.0001上采用区域认证<L1认证>；要求L2全部开启域认证<L2>。
13、要求R5上实施路由泄露，将4.4.4.4/32泄露到L1，使得R6可以学习到。
14、要求在整个实验机器上开启CLNS路由功能，并在接口上开启ISIS，并查看CLNS路由表。
15、要求将区域49.0003和49.0004合并。

配置（可能不全，还是以实验现象为主）：

R1#show run
hostname R1
clns routing   //clns路由功能

key chain area_auth    //配置区域认证
 key 1
   key-string huawei
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis     
 clns router isis     

interface Ethernet1/0
 ip address 192.168.1.1 255.255.255.0
 ip router isis 
 clns router isis 

router isis 
 net 49.0001.0000.0000.0001.00
 is-type level-1
 authentication mode md5 level-1
 authentication key-chain area_auth level-1
 log-adjacency-changes   //开启日志功能

R2#show run
hostname R2
         
clns routing
key chain area_auth
 key 1
   key-string huawei
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
 clns router isis 

interface Serial0/0
 ip address 10.1.23.2 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis metric 20  //更改isis的metric

interface Serial0/1
 ip address 10.1.24.2 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only
interface Ethernet1/0
 ip address 192.168.1.2 255.255.255.0
 ip router isis 
 half-duplex
 clns router isis 
 isis circuit-type level-1
router isis 
 net 49.0001.0000.0000.0002.00
 authentication mode md5
 authentication key-chain area_auth level-1
 authentication key-chain bone_auth level-2
 log-adjacency-changes
 summary-address 172.16.0.0 255.255.252.0  //汇总

R3#show run
hostname R3
clns routing
key chain area_auth
 key 1
   key-string huawei
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 clns router isis 

interface Loopback100
 ip address 172.16.1.1 255.255.255.0 secondary
 ip address 172.16.2.1 255.255.255.0 secondary
 ip address 172.16.3.1 255.255.255.0 secondary
 ip address 172.16.0.1 255.255.255.0
 ip router isis 

interface Serial0/0
 ip address 10.1.23.3 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis metric 20

interface Serial0/1
 ip address 10.1.37.3 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only
interface Ethernet1/0
 ip address 192.168.1.3 255.255.255.0
 ip router isis 
 half-duplex
 clns router isis 
 isis circuit-type level-1
router isis 
 net 49.0001.0000.0000.0003.00
 authentication mode md5
 authentication key-chain area_auth level-1
 authentication key-chain bone_auth level-2
 max-lsp-lifetime 2000   //更改isis的老化时间
 lsp-refresh-interval 1800   //更改isis的泛洪周期
 log-adjacency-changes
 summary-address 172.16.0.0 255.255.252.0

R4#show run
hostname R4
clns routing
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 clns router isis 

interface Serial0/0
 ip address 10.1.24.4 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis hello-interval 30

interface Serial0/1
 ip address 10.1.45.4 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only
 isis hello-interval 30
router isis 
 net 49.0002.0000.0000.0004.00
 is-type level-2-only
 authentication mode md5 level-2
 authentication key-chain bone_auth level-2
 log-adjacency-changes
 default-information originate  //通告动态默认路由

R5#show run
hostname R5
clns routing
key chain link_auth
 key 1
   key-string cisco
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis 
 clns router isis 

interface Serial0/0
 ip address 10.1.57.5 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only

interface Serial0/1
 ip address 10.1.45.5 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only

interface Serial0/2
 ip address 10.1.58.5 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
 isis circuit-type level-2-only
interface Ethernet1/0
 ip address 10.1.56.5 255.255.255.0
 ip router isis 
 half-duplex
 clns router isis 
 isis circuit-type level-1
 isis authentication mode md5
 isis authentication key-chain link_auth
router isis 
 net 49.0003.0000.0000.0005.00
 authentication mode md5
 authentication key-chain bone_auth level-2
 log-adjacency-changes
 redistribute isis ip level-2 into level-1 distribute-list 100  //路由泄漏
access-list 100 permit ip host 4.4.4.4 any  //路由泄露

R6#show run
hostname R6
clns routing
key chain link_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis 
 clns router isis 
interface Ethernet1/0
 ip address 10.1.56.6 255.255.255.0
 ip router isis 
 half-duplex
 clns router isis 
 isis authentication mode md5
 isis authentication key-chain link_auth
router isis 
 net 49.0003.0000.0000.0006.00
 is-type level-1
 log-adjacency-changes

R7#show run
hostname R7
clns routing
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
 ip router isis 
 clns router isis 

interface Serial0/0
 ip address 10.1.37.7 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 

interface Serial0/1
 ip address 10.1.78.7 255.255.255.0
 ip router isis 
 encapsulation frame-relay
 serial restart-delay 0
 clns router isis 
 frame-relay map ip 10.1.78.8 101 broadcast  //帧中继
 frame-relay map clns 101 broadcast
 no frame-relay inverse-arp

interface Serial0/2
 ip address 10.1.57.7 255.255.255.0
 ip router isis 
 serial restart-delay 0
router isis 
 net 49.0004.0000.0000.0007.00
 is-type level-2-only
 authentication mode md5 level-2
 authentication key-chain bone_auth level-2
 log-adjacency-changes

R8#show run
hostname R8  
clns routing
key chain bone_auth
 key 1
   key-string cisco
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
 ip router isis 
 clns router isis 

interface Serial0/0
 ip address 10.1.78.8 255.255.255.0
 ip router isis 
 encapsulation frame-relay
 serial restart-delay 0
 clns router isis 
 frame-relay map clns 202 broadcast
 frame-relay map ip 10.1.78.7 202 broadcast
 no frame-relay inverse-arp

interface Serial0/1
 ip address 10.1.58.8 255.255.255.0
 ip router isis 
 serial restart-delay 0
 clns router isis 
router isis 
 net 49.0004.0000.0000.0008.00
 is-type level-2-only
 authentication mode md5 level-2
 authentication key-chain bone_auth level-2
 log-adjacency-changes