实验要求:
R1、R2是A公司的设备,内网起RIPV2,R3、R4是B公司的设备,内网起EIGRP,R5、R6、R7、R8是C公司设备,内网起OSPF。C公司吞并了A、B两公司。原本C公司通过电信4M带宽上网,合并后,网关R8又向网通申请了2M带宽,作为原本A、B两家公司使用。
1、    每个公司内部起好相应协议,其中RIP要求采用单播更新,不要向不必要的接口通告路由更新,关闭RIPV2和EIGRP自动汇总;
2、    确保合并后整个内网完全可达;
3、    要求尽量减少OSPF区域1的路由条目数量,尽量减少网关R8上的路由条目;
4、    尽量减少R3上学到的EIGRP条目数;
5、    R1性能不足,确保其只是从原C公司学到一条默认路由;
6、    确保C公司内网访问ISP的WEB服务器是走电信的200.1.1.0/24网段,而A、B公司是走网通的202.1.1.0/24网段,并相互做备份。
实验拓扑:
CCNP之IGP实验案例_第1张图片

实验步骤:
1、配置相应的路由协议
R1、R2起RIP协议,R3、R4起EIGRP协议,R2、R4~R8起OSPF协议。
R1:
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#net 192.168.2.0
R1(config-router)#net 192.168.1.0
R2:
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#net 192.168.2.0
R2(config-router)#router ospf 1
R2(config-router)#net 10.1.6.2 0.0.0.0 a 0
R3:
R3(config)#router eigrp 1
R3(config-router)#no auto-summary
R3(config-router)#net 172.16.0.0
R4:
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#net 172.16.0.0
R4(config-router)#router ospf 1
R4(config-router)#net 10.1.5.2 0.0.0.0 a 0
R5:
R5(config)#router ospf 1
R5(config-router)#net 10.1.6.1 0.0.0.0 a 0
R5(config-router)#net 10.1.5.1 0.0.0.0 a 0
R5(config-router)#net 10.1.4.1 0.0.0.0 a 0
R5(config-router)#net 10.1.7.2 0.0.0.0 a 0
R6:
R6(config)#router ospf 1
R6(config-router)#net 10.1.4.2 0.0.0.0 a 0
R6(config-router)#net 10.1.3.1 0.0.0.0 a 1
R7:
R7(config)#router ospf 1
R7(config-router)#net 10.1.3.2 0.0.0.0 a 1
R7(config-router)#net 10.1.1.1 0.0.0.0 a 1
R7(config-router)#net 10.1.2.1 0.0.0.0 a 1
R8:
R8(config)#router ospf 1
R8(config-router)#net 10.1.7.1 0.0.0.0 a 0
R8(config-router)#default-information original   //在网关上配置OSPF默认路由
2、配置RIP被动接口和单播更新
R1:
R1(config)#router rip
R1(config-router)#passive-interface default   //设置路由器所有接口为被动接口
R1(config-router)#neighbor 192.168.2.1
R2:
R2(config)#router rip
R1(config-router)#passive-interface default  
R2(config-router)#neighbor 192.168.2.2
查看单播更新:
R2#debug ip rip
RIP protocol debugging is on
R2#
*Mar  1 00:56:02.095: RIP: received v2 update from 192.168.2.2 on FastEthernet0/0
*Mar  1 00:56:02.095:      192.168.1.0/24 via 0.0.0.0 in 1 hops
*Mar  1 00:56:02.523: RIP: sending v2 update to 192.168.2.2 via FastEthernet0/0 (192.168.2.1)
*Mar  1 00:56:02.523: RIP: build update entries
*Mar  1 00:56:02.523:   0.0.0.0/0 via 0.0.0.0, metric 3, tag 0

R1#debug ip rip
RIP protocol debugging is on
R1#
*Mar  1 00:55:26.711: RIP: received v2 update from 192.168.2.1 on FastEthernet0/0
*Mar  1 00:55:26.711:      0.0.0.0/0 via 0.0.0.0 in 3 hops
*Mar  1 00:55:26.739: RIP: sending v2 update to 192.168.2.1 via FastEthernet0/0 (192.168.2.2)
*Mar  1 00:55:26.739: RIP: build update entries
*Mar  1 00:55:26.739:   192.168.1.0/24 via 0.0.0.0, metric 1, tag 0
3、进行IGP重分发
由于重分发时要确保A、B公司只学到C公司的一条默认路由,所以要在重分发时配置路由策略,将不必要的路由条目过滤掉。
R2:
R2(config)#ip prefix-list 1 permit 0.0.0.0/0   //建立前缀列表1,只允许0.0.0.0/0的默认路由
R2(config)#route-map sovand permit 10   //建立名为sovand的route-map,设为允许,编号为10
R2(config-route-map)#match ip add prefix-list 1   //在route-map中匹配前缀列表1
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 3 route-map sovand   //重分发进RIP时设置度量值为3跳,并引用route-map
R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets   //将RIP重分发进OSPF,要加上subnets参数
R4:
R4(config)#ip prefix-list 1 permit 0.0.0.0/0
R4(config)#route-map sovand permit 10
R4(config-route-map)#match ip add prefix-list 1
R4(config)#router eigrp 1
R4(config-router)#redistribute ospf 1 metric 1000 33 255 1 1500 route-map sovand
                       //将ospf重分发进EIGRP,度量设为1000 33 255 1 1500,引用router-map
R4(config)#router ospf 1
R4(config-router)#redistribute eigrp 1 subnets   //将EIGRP重分发进OSPF
查看R1、R3路由表:
R1#show ip rou rip
R*   0.0.0.0/0 [120/3] via 192.168.2.1, 00:00:26, FastEthernet0/0
R3#show ip rou eigrp
D*EX 0.0.0.0/0 [170/2571008] via 172.16.2.1, 00:25:04, FastEthernet0/0
3、配置OSPF区域汇总:
因为R2、R4属于自治区域边界路由器,发送的是5类LSA,因此需要在R2、R4上进行ASBR汇总。R6属于区域边界路由器,发送3类LSA,因此在R6上进行ABR汇总。
R2(config-router)#summary-address 192.168.0.0 255.255.252.0
R4(config-router)#summary-address 172.16.0.0 255.255.252.0
R6(config-router)#area 0 range 10.1.0.0 255.255.248.0
R6(config-router)#area 1 range 10.1.0.0 255.255.252.0
查看汇总后的路由表:
R7#show ip rou os 
    172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/20] via 10.1.3.1, 00:29:45, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA    10.1.0.0/21 [110/2] via 10.1.3.1, 00:30:00, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.3.1, 00:29:45, FastEthernet0/0
O E2 192.168.0.0/22 [110/20] via 10.1.3.1, 00:29:45, FastEthernet0/0

R8#show ip rou os 
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.0.0 [110/20] via 10.1.7.2, 00:35:25, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA    10.1.0.0/22 [110/3] via 10.1.7.2, 00:35:25, FastEthernet0/0
O       10.1.6.0/24 [110/2] via 10.1.7.2, 00:35:25, FastEthernet0/0
O       10.1.5.0/24 [110/2] via 10.1.7.2, 00:35:25, FastEthernet0/0
O       10.1.4.0/24 [110/2] via 10.1.7.2, 00:35:25, FastEthernet0/0
O E2 192.168.0.0/22 [110/20] via 10.1.7.2, 00:35:25, FastEthernet0/0

查看OSPF数据库:
R6#show ip os database

            OSPF Router with ID (10.1.4.2) (Process ID 1)

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.0        10.1.4.2        442         0x80000002   0x0069B8
                Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.0        10.1.4.2        443         0x80000002   0x0055D0
                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         202.1.1.1       402         0x80000002     0x0003E0 1
172.16.0.0      172.16.2.1       676         0x80000002     0x00AA7B 0
192.168.0.0     192.168.2.1      504          0x80000002     0x0005C7 0


4、在网关R8上启用PAT并做备份
首先建立两个标准访问控制列表,分别允许A、B公司和C公司的网段。
R8(config)#access-list 1 permit 10.1.0.0 0.0.255.255
R8(config)#access-list 2 permit 172.16.0.0 0.0.255.255
R8(config)#access-list 2 permit 192.168.0.0 0.0.255.255
配置S1/0出口的备份路由策略:
R8(config)#route-map sovand permit 1   //建立名为sovand的route-map
R8(config-route-map)#match int s1/0   //匹配出口s1/0
R8(config)#route-map sovand2 permit 1   //建立名为sovand2的route-map
R8(config-route-map)#match int s1/1   //匹配出口s1/1
配置S1/1出口的备份路由策略:
R8(config)#route-map cisco permit 1
R8(config-route-map)#match int s1/0
R8(config)#route-map cisco2 permit 1
R8(config-route-map)#match int s1/1
配置出口地址复用,调用route-map:
R8(config)#ip nat inside source route-map sovand int s1/0 overload
R8(config)#ip nat inside source route-map sovand2 int s1/1 overload
R8(config)#ip nat inside source route-map cisco int s1/0 overload
R8(config)#ip nat inside source route-map cisco2 int s1/1 overload
配置默认路由:
R8(config)#ip route 0.0.0.0 0.0.0.0 s1/0
R8(config)#ip route 0.0.0.0 0.0.0.0 s1/1
配置选路route-map:
R8(config)#route-map pbr permit 10   //创建名为pbr,编号为10的route-map
R8(config-route-map)#match ip address 1   //匹配访问控制列表1
R8(config-route-map)#set int s1/0   //设置出接口为s1/0
R8(config)#route-map pbr permit 30   //在名字pbr的基础上添加一个编号30的route-map
R8(config-route-map)#match ip address 2   //匹配访问控制列表2
R8(config-route-map)#set int s1/1   //设置出接口为s1/1
在入口上配置NAT和PBR以进行出口选路:
R8(config)#int f0/0
R8(config-if)#ip nat inside
R8(config-if)#ip policy route-map pbr  //在PBR上调用名为pbr的route-map
在出口上配置NAT:
R8(config)#int s1/0
R8(config-if)#ip nat outside
R8(config)#int s1/1
R8(config-if)#ip nat outside
查看ACL:
R8#show ip access-lists
Standard IP access list 1
    10 permit 10.1.0.0, wildcard bits 0.0.255.255 (456 matches)
Standard IP access list 2
    10 permit 172.16.0.0, wildcard bits 0.0.255.255 (11 matches)
20 permit 192.168.0.0, wildcard bits 0.0.255.255 (11 matches)
查看路由图:
R8#show route-map
route-map sovand, permit, sequence 1
  Match clauses:
    interface Serial1/0
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map sovand2, permit, sequence 1
  Match clauses:
    interface Serial1/1
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map cisco, permit, sequence 2
  Match clauses:
    interface Serial1/0
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map cisco2, permit, sequence 2
  Match clauses:
    interface Serial1/1
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map pbr, permit, sequence 10
  Match clauses:
    ip address (access-lists): 1
  Set clauses:
    interface Serial1/0
  Policy routing matches: 8 packets, 696 bytes
route-map pbr, permit, sequence 30
  Match clauses:
    ip address (access-lists): 2
  Set clauses:
    interface Serial1/1
  Policy routing matches: 16 packets, 1392 bytes


查看NAT:
R8#show ip nat st
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  Serial1/0, Serial1/1
Inside interfaces:
  FastEthernet0/0
Hits: 34  Misses: 12
CEF Translated packets: 39, CEF Punted packets: 14
Expired translations: 12
Dynamic mappings:
-- Inside Source
[Id: 1] route-map cisco interface Serial1/0 refcount 0
[Id: 2] route-map cisco2 interface Serial1/1 refcount 0
[Id: 3] route-map sovand interface Serial1/0 refcount 0
[Id: 4] route-map sovand2 interface Serial1/1 refcount 0
Queued Packets: 0

查看PBR:
R8#show ip policy
Interface      Route map
Fa0/0          pbr

验证结果:
R8#show ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
icmp 200.1.1.1:0       10.1.3.2:0         210.1.1.1:0        210.1.1.1:0
icmp 202.1.1.1:1       172.16.2.2:0       210.1.1.1:0        210.1.1.1:1
icmp 202.1.1.1:0       192.168.2.2:0      210.1.1.1:0        210.1.1.1:0

我们可以发现172.16.0.0网段(B公司)和192.168.0.0网段(A公司)出口地址是202.1.1.1,出接口为s1/1,即使用的是网通专线。10.1.0.0网段(C公司)出口地址是200.1.1.1,出接口为s1/0,即使用的是电信专线。
现将s1/0接口shut掉(模拟电信专线故障),观察结果:
R8#show ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
icmp 202.1.1.1:0       10.1.3.2:0         210.1.1.1:0        210.1.1.1:0
icmp 202.1.1.1:1       172.16.2.2:0       210.1.1.1:0        210.1.1.1:1
icmp 202.1.1.1:0       192.168.2.2:0      210.1.1.1:0        210.1.1.1:0

可发现所有网段全部走s1/1出口,即网通专线,实现了备份的要求。
将s1/0接口开启,再将s1/1出口shut掉(模拟网通专线故障),观察结果:
R8#show ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
icmp 200.1.1.1:0       10.1.3.2:0         210.1.1.1:0        210.1.1.1:0
icmp 200.1.1.1:1       172.16.2.2:0       210.1.1.1:0        210.1.1.1:1
icmp 200.1.1.1:0       192.168.2.2:0      210.1.1.1:0        210.1.1.1:0

这时所有网段全部走s1/0出口,即电信专线。

实验成功!