侧边栏壁纸
博主头像
落叶人生博主等级

走进秋风,寻找秋天的落叶

  • 累计撰写 130562 篇文章
  • 累计创建 28 个标签
  • 累计收到 9 条评论
标签搜索

目 录CONTENT

文章目录
系统/网络安全

华为防火墙和路由器之间运行OSPF协议配置案例(可跟做)

2023-03-24 星期五 / 0 评论 / 0 点赞 / 73 阅读 / 2849 字

防火墙的动态路由 防火墙和一台路由器之间配置OSPF过程如下:FW1:ospf 1 router-id 10.10.10.10 ----------RID不能相同 area 0.0.0.0

.

防火墙的动态路由

 防火墙和一台路由器之间配置OSPF过程如下:

FW1:ospf 1 router-id 10.10.10.10 ----------RID不能相同  area 0.0.0.0   network 202.100.1.0 0.0.0.255  ---------采用通配符方法   network 10.10.10.10 0.0.0.0

放行OSPF安全策略

 默认情况防火墙只放行组播的报文,单播包不放行,需要配置安全策略
 OSPF网络类型------OSPF报文的单播还是组播--------是否需要放行安全策略
第一步: 定义OSPF服务 

ip service-set OSPF type object service 0 protocol 89

第二步:配置安全策略

 security-policy rule name permit_ospf  source-zone local  source-zone untrust  destination-zone local  destination-zone untrust  source-address 202.100.1.10 mask 255.255.255.255  source-address 202.100.1.254 mask 255.255.255.255  destination-address 202.100.1.10 mask 255.255.255.255  destination-address 202.100.1.254 mask 255.255.255.255  service OSPF      调用OSPF对象  action permit

检查: 

<FW1>display security-policy  rule   permit_ospf    (13 times matched)    ----已经命令的安全策略 rule name permit_ospf  source-zone local  source-zone untrust  destination-zone local  destination-zone untrust  source-address 202.100.1.10 mask 255.255.255.255  source-address 202.100.1.254 mask 255.255.255.255  destination-address 202.100.1.10 mask 255.255.255.255  destination-address 202.100.1.254 mask 255.255.255.255  service OSPF  action permit<FW1>

查看OSPF的邻居关系

[FW1]display  ospf peer   17:17:32  2019/10/13         OSPF Process 1 with Router ID 10.10.10.10                 Neighbors  Area 0.0.0.0 interface 202.100.1.10(G0/0/0)'s neighbors Router ID: 1.1.1.1          Address: 202.100.1.254    GR State: Normal        State: Full  Mode:Nbr is  Slave  Priority: 1   DR: 202.100.1.254  BDR: 202.100.1.10  MTU: 0       Dead timer due in 36  sec    Neighbor is up for 00:02:23        Authentication Sequence: [ 0 ]

查看路由表

[FW1]display ip routing-table protocol ospf  17:18:13  2019/10/13Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Public Routing Table : OSPF         Destinations : 3           Routes : 3OSPF Routing Table Status : <Active>         Destinations : 1           Routes : 1Destination/Mask    Proto   Pre  Cost     Flags NextHop         Interface       1.1.1.1/32         OSPF    10   2           D  202.100.1.254   G0/0/0==================================================
.

赞一下 返回首页
本文链接: https://www.qiuyue.org/internet/system/54721.html
广告 广告

评论区