华为eNSP搭建的综合实验

综合实验

拓扑如图:

华为eNSP搭建的综合实验_第1张图片
实验需求:

1.网络地址规划为200.102.Y.0,x为学号编号,所有路由器均创建环回接口
2.R1-R2-R3使用MGRE网络 OK
3.R5-R6点对点链路,使用chap双向认证
4.按图配置动态路由协议
5.area 2中不得出现5类LSA
6.R7-R8之间EBGP邻居关系,R8-R9-10之间建立全互联的IBGP邻居关系,R10-R11之间建立EBGP邻居关系
7.R11另外创建3个环回接口192.168.1.0 192.168.2.0 192.168.3.0 网段
8.网络优化,全网可达

实验配置:
1、 合理规划IP地址,所有路由器创建环回接口
2、 R1-R2-R3使用MGRE网络
这里使用200.102.1.1、200.102.2.1、200.102.3.2作为接口地址,使用10.1.1.1、10.1.1.2、10.1.1.3,作为隧道地址,进行hub-spoke的MGRE配置,将R3作为hub端,R1 R2作为spoke端,修改优先级可以实现。中间R1-R4使用静态路由进行互通。
配置如下:
R1:

#
interface GigabitEthernet0/0/0
 ip address 200.102.1.1 255.255.255.0 
 ospf dr-priority 0
##
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
interface Tunnel0/0/1
 ip address 10.1.1.1 255.255.255.0 
 tunnel-protocol gre p2mp
 source 200.102.1.1
 nhrp network-id 100
 nhrp entry 10.1.1.3 200.102.3.2 register
 nhrp entry 30.1.3.2 200.102.3.2
##
ospf 10 router-id 51.1.1.1 
 area 0.0.0.0 
  network 1.1.1.1 0.0.0.0 
  network 200.102.1.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 200.102.1.2
#

R2:

#
interface GigabitEthernet0/0/0
 ip address 200.102.2.1 255.255.255.0 
 ospf dr-priority 0
#
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.0 
#
interface Tunnel0/0/1
 ip address 10.1.1.2 255.255.255.0 
 tunnel-protocol gre p2mp
 source 200.102.2.1
 nhrp network-id 100
 nhrp entry 30.1.3.2 200.102.3.2 register
 nhrp entry 10.1.1.3 200.102.3.2 register
#
#
ospf 10 router-id 52.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 200.102.2.1 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 200.102.2.2
#

R3:

#
interface GigabitEthernet0/0/2
 ip address 200.102.3.2 255.255.255.0 
 ospf dr-priority 10
#
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 
#
interface Tunnel0/0/1
 ip address 10.1.1.3 255.255.255.0 
 tunnel-protocol gre p2mp
 source 200.102.3.2
 nhrp entry multicast dynamic
 nhrp network-id 100
#
ip route-static 0.0.0.0 0.0.0.0 200.102.3.1
#

R4:

#
interface GigabitEthernet0/0/0
 ip address 200.102.2.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 200.102.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 200.102.3.1 255.255.255.0 
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
#

3、 R5-R6点对点链路,使用chap双向认证
用户名和密码分别是: admin1 、huawei123 admin2、huawei456
配置如下:
R5:

#
aaa 
domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user admin2 password cipher %$%$&KG*ZuWWP+4ZpDUU.fnBW")(%$%$
 local-user admin2 service-type ppp
#
interface Serial4/0/0
 link-protocol ppp
 ppp authentication-mode chap 
 ppp chap user admin1
 ppp chap password cipher %$%$iFdX6$1_!Y'Pl>.!:2YR,$s"%$%$
 ip address 200.102.5.1 255.255.255.0 
#

R6:

#
aaa 
domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user admin1 password cipher %$%$Lva'UGk#sW/-p02T~tb@Vfap%$%$
 local-user admin1 service-type ppp
#
interface Serial4/0/0
 link-protocol ppp
#
interface Serial4/0/1
 link-protocol ppp
 ppp authentication-mode chap 
 ppp chap user admin2
 ppp chap password cipher %$%$kG~$CPxpV@u#D"VBhi=',$=w%$%$
 ip address 200.102.5.2 255.255.255.0 
#

4、 配置动态路由协议。
4.1、R1-R4属于OSPF10的区域0,R3和R5属于OSPF10的区域1,R5和R6属于OSPF20的区域2,使用双进程双向引入连接区域。RIP和OSPF也做重发布。R6和R7属于RIP 100。其中area 2区域修改为nssa区域。
R1:

ospf 10 router-id 51.1.1.1 
 area 0.0.0.0 
  network 1.1.1.1 0.0.0.0 
  network 200.102.1.1 0.0.0.0 
#

R2:

#
ospf 10 router-id 52.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 200.102.2.1 0.0.0.0 
#

R3:

#
ospf 10 router-id 53.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 200.102.3.2 0.0.0.0 
 area 0.0.0.1 
  network 200.102.4.1 0.0.0.0 
#

R4:

#
ospf 10 router-id 54.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 200.102.1.2 0.0.0.0 
  network 200.102.2.2 0.0.0.0 
  network 200.102.3.1 0.0.0.0 
#

R5:

#
ospf 10 router-id 55.5.5.5 
 import-route ospf 20
 area 0.0.0.1 
  network 5.5.5.5 0.0.0.0 
  network 200.102.4.2 0.0.0.0 
#
ospf 20 router-id 65.5.5.5 
 import-route ospf 10
 area 0.0.0.2 
  network 200.102.5.1 0.0.0.0 
  nssa
#

R6:

#
ospf 20 router-id 66.6.6.6 
 import-route rip 100
 area 0.0.0.2 
  network 6.6.6.6 0.0.0.0 
  network 200.102.5.2 0.0.0.0 
  nssa
#
rip 100
 version 2
 network 200.102.6.0
 network 6.0.0.0
 import-route ospf 20
#

R7:

#
rip 100
 version 2
 network 200.102.6.0
 network 7.0.0.0
#

4.2、配置BGP协议,R1-R7为BGP100,R8-R10为BGP200,并且该区域内路由器建立BGP邻居的时候使用全互联的方式。R11属于BGP300。
R1:

bgp 100
 router-id 1.1.1.1
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 1.1.1.1 255.255.255.255 
  peer 4.4.4.4 enable
#

R2:

#
bgp 100
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 2.2.2.2 255.255.255.255 
  peer 4.4.4.4 enable
#

R3:

#
bgp 100
 router-id 3.3.3.3
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 3.3.3.3 255.255.255.255 
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
#

R4:

#
bgp 100
 router-id 4.4.4.4
 peer 1.1.1.1 as-number 100 
 peer 1.1.1.1 connect-interface LoopBack0
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
#

R5:

#
bgp 100
 router-id 5.5.5.5
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 6.6.6.6 as-number 100 
 peer 6.6.6.6 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 5.5.5.5 255.255.255.255 
  peer 3.3.3.3 enable
  peer 6.6.6.6 enable
#

R6:

bgp 100
 router-id 6.6.6.6
 peer 5.5.5.5 as-number 100 
 peer 5.5.5.5 connect-interface LoopBack0
 peer 7.7.7.7 as-number 100 
 peer 7.7.7.7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 6.6.6.6 255.255.255.255 
  peer 5.5.5.5 enable
  peer 7.7.7.7 enable
#

R7:

#
bgp 100
 router-id 7.7.7.7
 peer 6.6.6.6 as-number 100 
 peer 6.6.6.6 connect-interface LoopBack0
 peer 200.102.7.2 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 7.7.7.7 255.255.255.255 
  peer 6.6.6.6 enable
  peer 6.6.6.6 next-hop-local 
  peer 200.102.7.2 enable
#

R8

#
bgp 200
 router-id 8.8.8.8
 peer 9.9.9.9 as-number 200 
 peer 9.9.9.9 connect-interface LoopBack0
 peer 10.10.10.10 as-number 200 
 peer 10.10.10.10 connect-interface LoopBack0
 peer 200.102.7.1 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 8.8.8.8 255.255.255.255 
  peer 9.9.9.9 enable
  peer 9.9.9.9 next-hop-local 
  peer 10.10.10.10 enable
  peer 200.102.7.1 enable
#

R9:

bgp 200
 router-id 9.9.9.9
 peer 8.8.8.8 as-number 200 
 peer 8.8.8.8 connect-interface LoopBack0
 peer 10.10.10.10 as-number 200 
 peer 10.10.10.10 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 9.9.9.9 255.255.255.255 
  peer 8.8.8.8 enable
  peer 8.8.8.8 reflect-client
  peer 10.10.10.10 enable
  peer 10.10.10.10 reflect-client
#

R10:

#
bgp 200
 router-id 10.10.10.10
 peer 8.8.8.8 as-number 200 
 peer 8.8.8.8 connect-interface LoopBack0
 peer 9.9.9.9 as-number 200 
 peer 9.9.9.9 connect-interface LoopBack0
 peer 200.102.10.2 as-number 300 
 #
 ipv4-family unicast
  undo synchronization
  network 10.10.10.10 255.255.255.255 
  peer 8.8.8.8 enable
  peer 9.9.9.9 enable
  peer 9.9.9.9 next-hop-local 
  peer 200.102.10.2 enable
#

R11:

#
bgp 300
 router-id 11.11.11.11
 peer 200.102.10.1 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  aggregate 192.168.0.0 255.255.252.0 detail-suppressed 
  network 11.11.11.11 255.255.255.255 
  network 192.168.1.0 
  network 192.168.2.0 
  network 192.168.3.0 
  peer 200.102.10.1 enable
#
ip route-static 0.0.0.0 0.0.0.0 200.102.10.1
#

5、 area 2中不得出现5类LSA
修改area2区域为nssa特殊区域
R5:

ospf 20 router-id 65.5.5.5
area 0.0.0.2
nssa

R6:

ospf 20 router-id 66.6.6.6
area 0.0.0.2
nssa

6、 R11另外创建3个环回接口192.168.1.0 192.168.2.0 192.168.3.0 网段,

 #
interface LoopBack0
 ip address 11.11.11.11 255.255.255.255 
#
interface LoopBack1
 ip address 192.168.1.1 255.255.255.0 
#
interface LoopBack2
 ip address 192.168.2.1 255.255.255.0 
#
interface LoopBack3
 ip address 192.168.3.1 255.255.255.0 
#

7、 网络优化,全网可达
7.1、在R11上使用BGP汇总属性,将192.168.1.0、192.168.2.0、192.168.3.0汇聚为192.168.0.0 255.255.252.0
配置如下:

#
bgp 300
 router-id 11.11.11.11
 peer 200.102.10.1 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  aggregate 192.168.0.0 255.255.252.0 detail-suppressed 
  network 11.11.11.11 255.255.255.255 
  network 192.168.1.0 
  network 192.168.2.0 
  network 192.168.3.0 
  peer 200.102.10.1 enable
#

7.2、在R3上面使用OSPF的ABR汇总,将200.102.1.0、200.102.2.0、200.102.3.0汇总为200.102.0.0 255.255.252.0
配置如下:

ospf 10 router-id 53.3.3.3
area 0.0.0.0 
    abr-summary 200.102.0.0 255.255.252.0

7.3、全网可达
1、先使BGP中AS 200和BGP中AS 300之间互通,因为BGP中AS 200使用了全互联技术,可以使用路由反射器,在R9将R8和R10作为客户端,AS300的路由可以传递到AS200的边界路由器R8。
R8:

#
bgp 200
 router-id 8.8.8.8
 peer 9.9.9.9 as-number 200 
 peer 9.9.9.9 connect-interface LoopBack0
 peer 10.10.10.10 as-number 200 
 peer 10.10.10.10 connect-interface LoopBack0
 peer 200.102.7.1 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 8.8.8.8 255.255.255.255 
  peer 9.9.9.9 enable
  peer 9.9.9.9 next-hop-local 
  peer 10.10.10.10 enable
  peer 200.102.7.1 enable
#
ip route-static 9.9.9.0 255.255.255.0 200.102.8.2
ip route-static 10.10.10.0 255.255.255.0 200.102.8.2
#

R9:

#
bgp 200
 router-id 9.9.9.9
 peer 8.8.8.8 as-number 200 
 peer 8.8.8.8 connect-interface LoopBack0
 peer 10.10.10.10 as-number 200 
 peer 10.10.10.10 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 9.9.9.9 255.255.255.255 
  peer 8.8.8.8 enable
  peer 8.8.8.8 reflect-client
  peer 10.10.10.10 enable
  peer 10.10.10.10 reflect-client
#

R10:

#
bgp 200
 router-id 10.10.10.10
 peer 8.8.8.8 as-number 200 
 peer 8.8.8.8 connect-interface LoopBack0
 peer 9.9.9.9 as-number 200 
 peer 9.9.9.9 connect-interface LoopBack0
 peer 200.102.10.2 as-number 300 
 #
 ipv4-family unicast
  undo synchronization
  network 10.10.10.10 255.255.255.255 
  peer 8.8.8.8 enable
  peer 8.8.8.8 reflect-client
  peer 9.9.9.9 enable
  peer 9.9.9.9 reflect-client
  peer 9.9.9.9 next-hop-local 
  peer 200.102.10.2 enable
#
ip route-static 8.8.8.0 255.255.255.0 200.102.9.1
ip route-static 9.9.9.0 255.255.255.0 200.102.9.1
#

2、接下来是AS 100和AS 200之间路由传递,因为R8可以通过EBGP接受R7上的路由,我这里在R7上面将RIP学习到的R1-R7的路由引入到BGP的AS 100中,这样BGP的AS 200,就可以通过EBGP方式学习到AS 100内的路由。**
配置如下:
R7:

   bgp 100
 			    import-route rip 100

3、下面是AS 100之内的路由传递。因为BGP的IBGP的水平分割机制,导致R7学习到的EBGP路由只能传递给R6,不能继续向内传递,因此我这里使用了路由反射器来使AS 100内的所有路由器学习到R7上面的EBGP路由条目,最终达到全网可达的目标。
在R6上把R7作为反射器客户端,在R5上把R6作为反射器客户端,在R3上把R5作为反射器客户端,在R4上把R3作为反射器客户端。
配置如下:
R6:

bgp 100
					  peer 7.7.7.7 reflect-client

R5:

bgp 100
  peer 6.6.6.6 reflect-client

R3:

bgp 100
  peer 5.5.5.5 reflect-client

R4:

bgp 100
			  peer 2.2.2.2 reflect-client
			  peer 1.1.1.1 reflect-cilent
       		  peer 3.3.3.3 reflect-cilent

结果测试:

  1. 测试1.1.1.1 到 11.11.11.11
    华为eNSP搭建的综合实验_第2张图片

  2. 测试2.2.2.2 到 11.11.11.11
    华为eNSP搭建的综合实验_第3张图片

链接:https://download.csdn.net/download/qq_50929489/86261503

你可能感兴趣的:(网络知识,华为,网络)