目录
题目:
实验拓扑要求:
实验要求:
实验前期准备步骤:
步骤一:搭建拓扑
步骤二:搭建思路
实验步骤:
步骤一:IP地址配置
步骤二:配置MGRE
步骤三:OSPF配置
步骤四:NAT配置
步骤五:加快收敛
步骤六:双向重发布
步骤七:区域汇总
步骤八:保证更新安全
步骤九:检测
1、R4为ISP,其上只配置IP地址;R4与其他所直连设备间均使用公有IP;
2、R3(R5、R6、R7)为MGRE环境,R3为中心站点;
3、整个OSPF环境IP基于172.16.0.0/16划分;除了R12有两个环回,其他路由器均有一个环回IP
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,减少路由表的路由条目,加快收敛,保障更新安全;
6、全网可达;
1.IP地址的规划:首先将172.16.0.0/16网段划分出六个网段,具体如下:
其余网段按作用再次进行详细划分;
区域/作用范围 IP地址 area0 172.116.0.0/19 area1 172.32.0/1916. area2 172.16.64.0/19 area3 172.16.96.0/19 area4 172.16.128.0/19 R12回环 172.16.160.0/19 保留地址段 172.16.192.0/19
172.16.124.0/19
2. MGRE规划:将首先配置R3将R3设置位中心站点,其次配置私网指向隧道的缺省路由。并且修改隧道接口网络类型,为OSPF配置做准备。
3.配置OSPF:MGRE环境下的分支站点不参与选举。
4.配置NAT:使的私网可以访问公网
5.加快收敛:修改hello时间
6.双向重发布 :边界路由器上经行双向重发布
7.区域汇总:以达到减少路由条目的作用
8.保证更新安全 :
R1
# R1
interface GigabitEthernet0/0/0
ip address 172.16.33.1 255.255.255.0
interface LoopBack0
ip address 172.16.34.1 255.255.255.0
#R2
interface GigabitEthernet0/0/0
ip address 172.16.33.2 255.255.255.0
interface LoopBack0
ip address 172.16.35.2 255.255.255.0
# R3
interface Serial4/0/0
link-protocol ppp
ip address 34.0.0.3 255.255.255.0
interface GigabitEthernet0/0/0
ip address 172.16.33.3 255.255.255.0
interface LoopBack0
ip address 172.16.36.3 255.255.255.0
# R4
interface Serial3/0/0
link-protocol ppp
ip address 46.0.0.4 255.255.255.0
interface Serial4/0/0
link-protocol ppp
ip address 34.0.0.4 255.255.255.0
interface Serial4/0/1
link-protocol ppp
ip address 45.0.0.4 255.255.255.0
interface GigabitEthernet0/0/0
ip address 47.0.0.4 255.255.255.0
interface LoopBack0
ip address 172.16.2.4 255.255.255.0
# R5
interface Serial4/0/0
link-protocol ppp
ip address 45.0.0.5 255.255.255.0
interface LoopBack0
ip address 172.16.3.5 255.255.255.0
# R6
interface Serial4/0/0
link-protocol ppp
ip address 46.0.0.6 255.255.255.0
interface GigabitEthernet0/0/0
ip address 172.16.65.1 255.255.255.252
interface LoopBack0
ip address 172.16.4.6 255.255.255.0
# R7
interface GigabitEthernet0/0/0
ip address 47.0.0.7 255.255.255.0
interface GigabitEthernet0/0/1
ip address 172.16.97.1 255.255.255.252
interface LoopBack0
ip address 172.16.5.7 255.255.255.0
# R8
interface GigabitEthernet0/0/0
ip address 172.16.97.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 172.16.97.5 255.255.255.252
interface LoopBack0
ip address 172.16.98.8 255.255.255.0
# R9
interface GigabitEthernet0/0/0
ip address 172.16.97.6 255.255.255.252
interface GigabitEthernet0/0/1
ip address 172.16.129.1 255.255.255.252
interface LoopBack0
ip address 172.16.130.9 255.255.255.0
# R10
interface GigabitEthernet0/0/0
ip address 172.16.129.2 255.255.255.252
interface LoopBack0
ip address 172.16.131.10 255.255.255.0
# R11
interface GigabitEthernet0/0/0
ip address 172.16.65.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 172.16.65.5 255.255.255.252
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 172.16.66.11 255.255.255.0
# R12
interface GigabitEthernet0/0/0
ip address 172.16.65.6 255.255.255.252
interface LoopBack0
ip address 172.16.160.12 255.255.255.0
interface LoopBack1
ip address 172.16.161.12 255.255.255.0
中心站点R3:
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip add 172.16.6.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source 34.0.0.3
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]ospf dr-priority 255
[R3-Tunnel0/0/0]q
[R3]ip route-static 0.0.0.0 0 34.0.0.4
分支站点R5.R6.R7:
# R5
[R5]int t0/0/0
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source Serial 4/0/0
[R5-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr-priority 0
[R5]ip route-static 0.0.0.0 0 45.0.0.4
# R6
[R6]int t 0/0/0
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]source Serial 4/0/0
[R6-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R6-Tunnel0/0/0]ospf network-type broadcast
[R6-Tunnel0/0/0]ospf dr-priority 0
[R6-Tunnel0/0/0]q
[R6]ip route-static 0.0.0.0 0 46.0.0.4
# R7
[R7]int t 0/0/0
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source GigabitEthernet 0/0/0
[R7-Tunnel0/0/0]nhrp entry 172.16.6.3 34.0.0.3 register
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0
[R7]ip route-static 0.0.0.0 0 47.0.0.4
R1
ospf 1 router-id 1.1.1.1
area 0.0.0.1
network 172.16.33.0 0.0.0.255
network 172.16.34.0 0.0.0.255
R2
ospf 1 router-id 2.2.2.2
area 0.0.0.1
network 172.16.33.0 0.0.0.255
network 172.16.35.0 0.0.0.255
R3
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 172.16.6.0 0.0.0.255
area 0.0.0.1
network 172.16.33.0 0.0.0.255
network 172.16.36.0 0.0.0.255
R5
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 172.16.3.0 0.0.0.255
network 172.16.6.0 0.0.0.255
R6
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 172.16.4.0 0.0.0.255
network 172.16.6.0 0.0.0.255
area 0.0.0.2
network 172.16.65.1 0.0.0.0
R7
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 172.16.5.0 0.0.0.255
network 172.16.6.0 0.0.0.255
area 0.0.0.3
network 172.16.97.1 0.0.0.0
R8
ospf 1 router-id 8.8.8.8
area 0.0.0.3
network 172.16.97.2 0.0.0.0
network 172.16.97.5 0.0.0.0
network 172.16.98.0 0.0.0.255
R9
ospf 1 router-id 9.9.9.9
area 0.0.0.3
network 172.16.97.6 0.0.0.0
ospf 2 router-id 9.9.9.9
area 0.0.0.4
network 172.16.129.1 0.0.0.0
network 172.16.130.0 0.0.0.255
R10
ospf 2 router-id 10.10.10.10
area 0.0.0.4
network 172.16.129.2 0.0.0.0
network 172.16.131.0 0.0.0.255
R11
ospf 1 router-id 11.11.11.11
area 0.0.0.2
network 172.16.65.2 0.0.0.0
network 172.16.65.5 0.0.0.0
network 172.16.66.0 0.0.0.0
R12
ospf 1 router-id 12.12.12.12
area 0.0.0.2
network 172.16.65.6 0.0.0.0
rip 1
version 2
network 172.16.0.0
# R3
[R3]acl 2000
[R3-acl-basic-2000]rule 1 permit source any
[R3]int Serial 4/0/0
[R3-Serial4/0/0]nat outbound 2000
# R5
[R5]acl 2000
[R5-acl-basic-2000]rule 1 permit source any
[R5]int Serial 4/0/0
[R5-Serial4/0/0]nat outbound 2000
# R6
[R6]acl 2000
[R6-acl-basic-2000]rule 1 permit source any
[R6-acl-basic-2000]int s 4/0/0
[R6-Serial4/0/0]nat outbound 2000
# R7
[R7]acl 2000
[R7-acl-basic-2000]rule 1 permit source any
[R7-acl-basic-2000]int g 0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000
修改hello时间:每个使用OSPF协议的路由器接口均需要修改:ospf timer hello 5
R9:
[R9]ospf 1
[R9-ospf-1]import-route ospf 2
[R9]ospf 2
[R9-ospf-2]import-route ospf 1
R12:
[R12-ospf-1]import-route rip 1
[R12]rip 1
[R12-rip-1]import-route ospf 1
# R3
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
# R9
[R9-ospf-1]asbr-summary 172.16.96.0 255.255.224.0
# R12
[R12-ospf-1]asbr-summary 172.16.64.0 255.255.224.0
给每个路由器配置:authentication-mode md5 1 cipher 123456
随机抽取路由器ping任何一个接口地址