拓扑如图:
1.网络地址规划为200.102.Y.0,x为学号编号,所有路由器均创建环回接口
2.R1-R2-R3使用MGRE网络 OK
3.R5-R6点对点链路,使用chap双向认证
4.按图配置动态路由协议
5.area 2中不得出现5类LSA
6.R7-R8之间EBGP邻居关系,R8-R9-10之间建立全互联的IBGP邻居关系,R10-R11之间建立EBGP邻居关系
7.R11另外创建3个环回接口192.168.1.0 192.168.2.0 192.168.3.0 网段
8.网络优化,全网可达
实验配置:
1、 合理规划IP地址,所有路由器创建环回接口
2、 R1-R2-R3使用MGRE网络
这里使用200.102.1.1、200.102.2.1、200.102.3.2作为接口地址,使用10.1.1.1、10.1.1.2、10.1.1.3,作为隧道地址,进行hub-spoke的MGRE配置,将R3作为hub端,R1 R2作为spoke端,修改优先级可以实现。中间R1-R4使用静态路由进行互通。
配置如下:
R1:
#
interface GigabitEthernet0/0/0
ip address 200.102.1.1 255.255.255.0
ospf dr-priority 0
##
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Tunnel0/0/1
ip address 10.1.1.1 255.255.255.0
tunnel-protocol gre p2mp
source 200.102.1.1
nhrp network-id 100
nhrp entry 10.1.1.3 200.102.3.2 register
nhrp entry 30.1.3.2 200.102.3.2
##
ospf 10 router-id 51.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 200.102.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 200.102.1.2
#
R2:
#
interface GigabitEthernet0/0/0
ip address 200.102.2.1 255.255.255.0
ospf dr-priority 0
#
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
#
interface Tunnel0/0/1
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source 200.102.2.1
nhrp network-id 100
nhrp entry 30.1.3.2 200.102.3.2 register
nhrp entry 10.1.1.3 200.102.3.2 register
#
#
ospf 10 router-id 52.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 200.102.2.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 200.102.2.2
#
R3:
#
interface GigabitEthernet0/0/2
ip address 200.102.3.2 255.255.255.0
ospf dr-priority 10
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Tunnel0/0/1
ip address 10.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source 200.102.3.2
nhrp entry multicast dynamic
nhrp network-id 100
#
ip route-static 0.0.0.0 0.0.0.0 200.102.3.1
#
R4:
#
interface GigabitEthernet0/0/0
ip address 200.102.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 200.102.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 200.102.3.1 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
3、 R5-R6点对点链路,使用chap双向认证
用户名和密码分别是: admin1 、huawei123 admin2、huawei456
配置如下:
R5:
#
aaa
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user admin2 password cipher %$%$&KG*ZuWWP+4ZpDUU.fnBW")(%$%$
local-user admin2 service-type ppp
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user admin1
ppp chap password cipher %$%$iFdX6$1_!Y'Pl>.!:2YR,$s"%$%$
ip address 200.102.5.1 255.255.255.0
#
R6:
#
aaa
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user admin1 password cipher %$%$Lva'UGk#sW/-p02T~tb@Vfap%$%$
local-user admin1 service-type ppp
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user admin2
ppp chap password cipher %$%$kG~$CPxpV@u#D"VBhi=',$=w%$%$
ip address 200.102.5.2 255.255.255.0
#
4、 配置动态路由协议。
4.1、R1-R4属于OSPF10的区域0,R3和R5属于OSPF10的区域1,R5和R6属于OSPF20的区域2,使用双进程双向引入连接区域。RIP和OSPF也做重发布。R6和R7属于RIP 100。其中area 2区域修改为nssa区域。
R1:
ospf 10 router-id 51.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 200.102.1.1 0.0.0.0
#
R2:
#
ospf 10 router-id 52.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 200.102.2.1 0.0.0.0
#
R3:
#
ospf 10 router-id 53.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 200.102.3.2 0.0.0.0
area 0.0.0.1
network 200.102.4.1 0.0.0.0
#
R4:
#
ospf 10 router-id 54.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 200.102.1.2 0.0.0.0
network 200.102.2.2 0.0.0.0
network 200.102.3.1 0.0.0.0
#
R5:
#
ospf 10 router-id 55.5.5.5
import-route ospf 20
area 0.0.0.1
network 5.5.5.5 0.0.0.0
network 200.102.4.2 0.0.0.0
#
ospf 20 router-id 65.5.5.5
import-route ospf 10
area 0.0.0.2
network 200.102.5.1 0.0.0.0
nssa
#
R6:
#
ospf 20 router-id 66.6.6.6
import-route rip 100
area 0.0.0.2
network 6.6.6.6 0.0.0.0
network 200.102.5.2 0.0.0.0
nssa
#
rip 100
version 2
network 200.102.6.0
network 6.0.0.0
import-route ospf 20
#
R7:
#
rip 100
version 2
network 200.102.6.0
network 7.0.0.0
#
4.2、配置BGP协议,R1-R7为BGP100,R8-R10为BGP200,并且该区域内路由器建立BGP邻居的时候使用全互联的方式。R11属于BGP300。
R1:
bgp 100
router-id 1.1.1.1
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
peer 4.4.4.4 enable
#
R2:
#
bgp 100
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 4.4.4.4 enable
#
R3:
#
bgp 100
router-id 3.3.3.3
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 3.3.3.3 255.255.255.255
peer 4.4.4.4 enable
peer 5.5.5.5 enable
#
R4:
#
bgp 100
router-id 4.4.4.4
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
R5:
#
bgp 100
router-id 5.5.5.5
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 6.6.6.6 as-number 100
peer 6.6.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 5.5.5.5 255.255.255.255
peer 3.3.3.3 enable
peer 6.6.6.6 enable
#
R6:
bgp 100
router-id 6.6.6.6
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack0
peer 7.7.7.7 as-number 100
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
peer 5.5.5.5 enable
peer 7.7.7.7 enable
#
R7:
#
bgp 100
router-id 7.7.7.7
peer 6.6.6.6 as-number 100
peer 6.6.6.6 connect-interface LoopBack0
peer 200.102.7.2 as-number 200
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255
peer 6.6.6.6 enable
peer 6.6.6.6 next-hop-local
peer 200.102.7.2 enable
#
R8
#
bgp 200
router-id 8.8.8.8
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
peer 200.102.7.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 8.8.8.8 255.255.255.255
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-local
peer 10.10.10.10 enable
peer 200.102.7.1 enable
#
R9:
bgp 200
router-id 9.9.9.9
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 9.9.9.9 255.255.255.255
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
#
R10:
#
bgp 200
router-id 10.10.10.10
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 200.102.10.2 as-number 300
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
peer 8.8.8.8 enable
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-local
peer 200.102.10.2 enable
#
R11:
#
bgp 300
router-id 11.11.11.11
peer 200.102.10.1 as-number 200
#
ipv4-family unicast
undo synchronization
aggregate 192.168.0.0 255.255.252.0 detail-suppressed
network 11.11.11.11 255.255.255.255
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
peer 200.102.10.1 enable
#
ip route-static 0.0.0.0 0.0.0.0 200.102.10.1
#
5、 area 2中不得出现5类LSA
修改area2区域为nssa特殊区域
R5:
ospf 20 router-id 65.5.5.5
area 0.0.0.2
nssa
R6:
ospf 20 router-id 66.6.6.6
area 0.0.0.2
nssa
6、 R11另外创建3个环回接口192.168.1.0 192.168.2.0 192.168.3.0 网段,
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack2
ip address 192.168.2.1 255.255.255.0
#
interface LoopBack3
ip address 192.168.3.1 255.255.255.0
#
7、 网络优化,全网可达
7.1、在R11上使用BGP汇总属性,将192.168.1.0、192.168.2.0、192.168.3.0汇聚为192.168.0.0 255.255.252.0
配置如下:
#
bgp 300
router-id 11.11.11.11
peer 200.102.10.1 as-number 200
#
ipv4-family unicast
undo synchronization
aggregate 192.168.0.0 255.255.252.0 detail-suppressed
network 11.11.11.11 255.255.255.255
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
peer 200.102.10.1 enable
#
7.2、在R3上面使用OSPF的ABR汇总,将200.102.1.0、200.102.2.0、200.102.3.0汇总为200.102.0.0 255.255.252.0
配置如下:
ospf 10 router-id 53.3.3.3
area 0.0.0.0
abr-summary 200.102.0.0 255.255.252.0
7.3、全网可达
1、先使BGP中AS 200和BGP中AS 300之间互通,因为BGP中AS 200使用了全互联技术,可以使用路由反射器,在R9将R8和R10作为客户端,AS300的路由可以传递到AS200的边界路由器R8。
R8:
#
bgp 200
router-id 8.8.8.8
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
peer 200.102.7.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 8.8.8.8 255.255.255.255
peer 9.9.9.9 enable
peer 9.9.9.9 next-hop-local
peer 10.10.10.10 enable
peer 200.102.7.1 enable
#
ip route-static 9.9.9.0 255.255.255.0 200.102.8.2
ip route-static 10.10.10.0 255.255.255.0 200.102.8.2
#
R9:
#
bgp 200
router-id 9.9.9.9
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 9.9.9.9 255.255.255.255
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
#
R10:
#
bgp 200
router-id 10.10.10.10
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 200.102.10.2 as-number 300
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 next-hop-local
peer 200.102.10.2 enable
#
ip route-static 8.8.8.0 255.255.255.0 200.102.9.1
ip route-static 9.9.9.0 255.255.255.0 200.102.9.1
#
2、接下来是AS 100和AS 200之间路由传递,因为R8可以通过EBGP接受R7上的路由,我这里在R7上面将RIP学习到的R1-R7的路由引入到BGP的AS 100中,这样BGP的AS 200,就可以通过EBGP方式学习到AS 100内的路由。**
配置如下:
R7:
bgp 100
import-route rip 100
3、下面是AS 100之内的路由传递。因为BGP的IBGP的水平分割机制,导致R7学习到的EBGP路由只能传递给R6,不能继续向内传递,因此我这里使用了路由反射器来使AS 100内的所有路由器学习到R7上面的EBGP路由条目,最终达到全网可达的目标。
在R6上把R7作为反射器客户端,在R5上把R6作为反射器客户端,在R3上把R5作为反射器客户端,在R4上把R3作为反射器客户端。
配置如下:
R6:
bgp 100
peer 7.7.7.7 reflect-client
R5:
bgp 100
peer 6.6.6.6 reflect-client
R3:
bgp 100
peer 5.5.5.5 reflect-client
R4:
bgp 100
peer 2.2.2.2 reflect-client
peer 1.1.1.1 reflect-cilent
peer 3.3.3.3 reflect-cilent
结果测试:
链接:https://download.csdn.net/download/qq_50929489/86261503