温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

【Fortinet】飞塔(FortiGate)防火墙命令行下配置OSPF

发布时间:2020-07-09 21:49:41 来源:网络 阅读:4434 作者:TTTommyyy 栏目:安全技术

【Fortinet】飞塔(FortiGate)防火墙命令行下配置OSPF

ForGate和Cisco建立OSPF连接关系,动态学习路由。相关的IP信息如拓扑图所示。
FortiGate internal7接口与Cisco Router G0/0接口相连,Fortigate ip:134.167.19.5,Cisco ip:134.167.19.254
配置思路:
1.设置OSPF router-id
2.新建area:
3.宣告网段,并应用area:
4.加入需要运行OSPF的接口和一些必要参数:
5.将直连路由重分发进ospf:

命令行配置:
ZhongQu-SH-FW # config router ospf

1.设置OSPF router-id
ZhongQu-SH-FW (ospf) # set router-id 134.167.19.5

2.新建area:
ZhongQu-SH-FW (ospf) # config area
ZhongQu-SH-FW (area) # edit 0.0.0.0
new entry '0.0.0.0' added
ZhongQu-SH-FW (0.0.0.0) # next
ZhongQu-SH-FW (area) # end

3.宣告网段,并应用area:
ZhongQu-SH-FW (ospf) # config network
ZhongQu-SH-FW (network) # edit 1
new entry '1' added
ZhongQu-SH-FW (1) # set prefix 134.167.19.5 255.255.255.255
ZhongQu-SH-FW (1) # set area 0.0.0.0
ZhongQu-SH-FW (1) # next
ZhongQu-SH-FW (network) # end

4.加入需要运行OSPF的接口和一些必要参数:
ZhongQu-SH-FW (ospf) # config ospf-interface
ZhongQu-SH-FW (ospf-interface) # edit ospf-area0
new entry 'ospf-area0' added
ZhongQu-SH-FW (ospf-area0) # set interface port16
ZhongQu-SH-FW (ospf-area0) # set hello-interval 10 //和 对端的ospf hello-interval值 一样
ZhongQu-SH-FW (ospf-area0) # set dead-interval 40 //和 对端的ospf dead-interval值 一样
ZhongQu-SH-FW (ospf-area0) # set status enable
ZhongQu-SH-FW (ospf-area0) # next
ZhongQu-SH-FW (ospf-interface) # end

5.将静态路由重分发进ospf
ZhongQu-SH-FW (ospf) # config redistribute static
ZhongQu-SH-FW (static) # set status enable
ZhongQu-SH-FW (ospf) # end

验证效果:
查看学习到的ospf邻居建立情况
ZhongQu-SH-FW # get router info ospf neighbor

OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
134.167.19.2 1 Full/Backup 00:00:36 134.167.19.2 internal7
134.167.19.254 1 Full/DR 00:00:31 134.167.19.254 internal7

查看学习到的OSPF路由
ZhongQu-SH-FW # get router info routing-table ospf
O E1 134.119.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E2 134.120.0.0/16 [110/1] via 134.167.19.2, internal7, 1d04h69m
O E1 134.121.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.125.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.127.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.24.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.36.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.40.0/22 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.80.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.129.120.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.131.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.132.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.133.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.51.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.134.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.40.0/22 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 134.166.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O 134.167.22.0/24 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.30.0/23 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.32.0/23 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.34.0/24 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.35.0/24 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.40.0/22 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.50.0/24 [110/2] via 134.167.19.254, internal7, 1d04h69m
O 134.167.100.0/24 [110/2] via 134.167.19.254, internal7, 1d04h69m
O E2 172.16.0.0/16 [110/1] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.0.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.2.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.4.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.6.0/24 [110/2] via 134.167.19.2, internal7, 03:57:43
O E1 172.17.7.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.9.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.10.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.13.0/24 [110/2] via 134.167.19.2, internal7, 23:58:16
O E1 172.17.14.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.15.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.16.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.17.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.18.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.20.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.22.0/23 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.24.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.25.0/24 [110/2] via 134.167.19.2, internal7, 1d04h69m
O E1 172.17.248.0/22 [110/2] via 134.167.19.2, internal7, 1d04h69m

ospf协商不起来的排错:
1.基础的命令不对
2.和对端的OSPF设备的 hello-interval和dead-interval不一致
3.和对端的OSPF设备的认证不一致
4.DR和BDR选举问题
5.其他。。。

execute router clear ospf process //clear ospf进程
get router info ospf neighbor //查看ospf的邻居

向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI