在飞塔FortiGate防火墙的命令行界面中如何设置OSPF

ForGate和Cisco建立OSPF连接关系，动态学习路由。相关的IP信息如拓扑图所示。 FortiGate internal7接口与Cisco Router G0/0接口相连，Fortigate ip:134.167.19.5,Cisco ip:134.167.19.254 配置思路： 1.设置OSPF router-id 2.新建area： 3.宣告网段，并应用area： 4.加入需要运行OSPF的接口和一些必要参数： 5.将直连路由重分发进ospf：

命令行配置： ZhongQu-SH-FW # config router ospf

1.设置OSPF router-id ZhongQu-SH-FW (ospf) # set router-id 134.167.19.5

2.新建area： ZhongQu-SH-FW (ospf) # config area ZhongQu-SH-FW (area) # edit 0.0.0.0 new entry '0.0.0.0' added ZhongQu-SH-FW (0.0.0.0) # next ZhongQu-SH-FW (area) # end

3.宣告网段，并应用area： ZhongQu-SH-FW (ospf) # config network ZhongQu-SH-FW (network) # edit 1 new entry '1' added ZhongQu-SH-FW (1) # set prefix 134.167.19.5 255.255.255.255 ZhongQu-SH-FW (1) # set area 0.0.0.0 ZhongQu-SH-FW (1) # next ZhongQu-SH-FW (network) # end

4.加入需要运行OSPF的接口和一些必要参数： ZhongQu-SH-FW (ospf) # config ospf-interface ZhongQu-SH-FW (ospf-interface) # edit ospf-area0 new entry 'ospf-area0' added ZhongQu-SH-FW (ospf-area0) # set interface port16 ZhongQu-SH-FW (ospf-area0) # set hello-interval 10 //和 对端的ospf hello-interval值 一样 ZhongQu-SH-FW (ospf-area0) # set dead-interval 40 //和 对端的ospf dead-interval值 一样 ZhongQu-SH-FW (ospf-area0) # set status enable ZhongQu-SH-FW (ospf-area0) # next ZhongQu-SH-FW (ospf-interface) # end

5.将静态路由重分发进ospf： ZhongQu-SH-FW (ospf) # config redistribute static ZhongQu-SH-FW (static) # set status enable ZhongQu-SH-FW (ospf) # end

验证效果： 查看学习到的ospf邻居建立情况 ZhongQu-SH-FW # get router info ospf neighbor

OSPF process 0: Neighbor ID Pri State Dead Time Address Interface 134.167.19.2 1 Full/Backup 00:00:36 134.167.19.2 internal7 134.167.19.254 1 Full/DR 00:00:31 134.167.19.254 internal7

查看学习到的OSPF路由 ZhongQu-SH-FW # get router info routing-table ospf O E1 134.119.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E2 134.120.0.0/16 [110/1] via 134.167.19.2, internal7, 1d04h59m O E1 134.121.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.125.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.127.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.24.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.36.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.40.0/22 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.80.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.129.120.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.131.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.132.0.0/16 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.133.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.51.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.134.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.22.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.30.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.32.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.34.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.35.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.40.0/22 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 134.166.100.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O 134.167.22.0/24 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.30.0/23 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.32.0/23 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.34.0/24 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.35.0/24 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.40.0/22 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.50.0/24 [110/2] via 134.167.19.254, internal7, 1d04h59m O 134.167.100.0/24 [110/2] via 134.167.19.254, internal7, 1d04h59m O E2 172.16.0.0/16 [110/1] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.0.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.2.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.4.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.6.0/24 [110/2] via 134.167.19.2, internal7, 03:57:43 O E1 172.17.7.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.9.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.10.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.13.0/24 [110/2] via 134.167.19.2, internal7, 23:58:16 O E1 172.17.14.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.15.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.16.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.17.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.18.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.19.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.20.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.22.0/23 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.24.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.25.0/24 [110/2] via 134.167.19.2, internal7, 1d04h59m O E1 172.17.248.0/22 [110/2] via 134.167.19.2, internal7, 1d04h59m

ospf协商不起来的排错： 1.基础的命令不对 2.和对端的OSPF设备的 hello-interval和dead-interval不一致 3.和对端的OSPF设备的认证不一致 4.DR和BDR选举问题 5.其他。。。

execute router clear ospf process //clear ospf进程 get router info ospf neighbor //查看ospf的邻居