redistribute connectedでの注意点からの続き。
初期設定、回答を投入した状態でスタートする。
【課題】
現在、iosv-2,3,4,5にはiosv-1をデフォルトゲートウェイとするスタティックルートが設定されている。また、iosv-0とは同じエリアでネイバー関係となっている。そしてiosv-0,1間では互いのLoopbackIFのアドレスを広告している。
iosv-1にて、iosv-1,2,3間とiosv-1,4,5間のネットワークをLSA Type 1でiosv-0に広告しなさい。
ただしCPU負荷や不正なネイバー形成防止の観点から、不要なLSAは極力流さないこと。
【初期設定】
iosv-1
iosv-1#sh run
Load for five secs: 5%/0%; one minute: 6%; five minutes: 4%
Time source is hardware calendar, *01:23:46.083 UTC Fri Dec 22 2023
Building configuration…
Current configuration : 3502 bytes
!
! Last configuration change at 01:22:18 UTC Fri Dec 22 2023
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname iosv-1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/0.123
encapsulation dot1Q 123
ip address 192.168.200.1 255.255.255.0
!
interface GigabitEthernet0/0.145
encapsulation dot1Q 145
ip address 172.16.100.1 255.255.255.0
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 10
redistribute connected subnets route-map Only-Lo0
network 192.168.100.1 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
route-map Only-Lo0 permit 10
match interface Loopback0
!
!
!
control-plane
!
banner exec ^C
- IOSv is strictly limited to use for evaluation, demonstration and IOS *
- education. IOSv is provided as-is and is not supported by Cisco’s *
- Technical Advisory Center. Any use or disclosure, in whole or in part, *
- of the IOSv Software or Documentation to any third party for any *
- purposes is expressly prohibited except as otherwise authorized by *
- Cisco in writing. *
****^C
banner incoming ^C
- IOSv is strictly limited to use for evaluation, demonstration and IOS *
- education. IOSv is provided as-is and is not supported by Cisco’s *
- Technical Advisory Center. Any use or disclosure, in whole or in part, *
- of the IOSv Software or Documentation to any third party for any *
- purposes is expressly prohibited except as otherwise authorized by *
- Cisco in writing. *
****^C
banner login ^C
- IOSv is strictly limited to use for evaluation, demonstration and IOS *
- education. IOSv is provided as-is and is not supported by Cisco’s *
- Technical Advisory Center. Any use or disclosure, in whole or in part, *
- of the IOSv Software or Documentation to any third party for any *
- purposes is expressly prohibited except as otherwise authorized by *
- Cisco in writing. *
****^C
!
line con 0
privilege level 15
logging synchronous
exec prompt timestamp
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
【回答】
論理構成図と検証環境のトポロジでIF名が違いますが、うまく読み替えてください。
今回の場合、構成図iosv-1のGi0/1がgi0/0.123、Gi0/2がgi0/0.145となる。
conf t
router ospf 10
network 192.168.200.0 0.0.0.255 area 0
network 172.16.100.0 0.0.0.255 area 0
passive-interface gi0/0.123
passive-interface gi0/0.145
end
【解説】
passive-interfaceの設定が必要。
OSPFはネイバーを形成するために、定期的にHelloパケットを送信している。
ネイバーを形成するため、つまりネイバー形成前に送信されるものであり、対向にOSPFが設定されていなくてもOSPFに所属するネットワークにはHelloパケットを送り続ける。(パケットキャプチャ図参照)
↑今回の場合、送信元192.168.100.1のみならず、192.168.200.1, 172.16.100.1からもHelloパケットが送信されている。
一方でiosv-0に対しては192.168.200.0/24, 172.16.100.0/24を広告してあげたい。
そんな時に設定するのがpassive-interface。
passive-interfaceが設定されたインターフェースからはOSPF Helloパケットが送信されなくなる。
もちろんpassive-interfaceの向こう側にある端末とのOSPFネイバーの形成はできなくなるので注意。
↓iosv-1#show ip ospf interface gi0/0.123(真ん中あたりにPassiveIntの記載有)
iosv-1#sh ip o int gi0/0.123
Load for five secs: 5%/0%; one minute: 2%; five minutes: 4%
Time source is hardware calendar, *01:53:07.646 UTC Fri Dec 22 2023
GigabitEthernet0/0.123 is up, line protocol is up
Internet Address 192.168.200.1/24, Area 0, Attached via Network Statement
Process ID 10, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 192.168.200.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/2/2, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
↓回答後iosv-0ルーティングテーブル
iosv-0#sh ip ro | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 192.168.100.1, 00:47:59, GigabitEthernet0/0.10
10.0.0.0/32 is subnetted, 1 subnets
C 10.10.10.10 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.100.0
[110/2] via 192.168.100.1, 00:23:47, GigabitEthernet0/0.10
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, GigabitEthernet0/0.10
L 192.168.100.10/32 is directly connected, GigabitEthernet0/0.10
O 192.168.200.0/24
[110/2] via 192.168.100.1, 00:23:47, GigabitEthernet0/0.10
【参考】
IP Routing Configuration Guide, Cisco IOS XE Cupertino 17.9.x (Catalyst 9300 Switches)