Cisco设备关于GRE的小案例

 

Cisco设备关于GRE的小案例

实验拓扑:

实验设备:

五台cisco路由器

有三台分别作r1r2r3

另两台作pc1pc2

实验步骤:

为每个设备的各个端口配置正确的ip

r1r2上配置一条通往公共网的默认路由、创建gre隧道、配置通过隧道的路由

测试连通性

实验目的:

能使1.0网段的主机能通过gre隧道和2.0网段的主机通讯

参考配置:

r1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 61.130.130.2 to network 0.0.0.0

C    192.168.4.0/24 is directly connected, Tunnel10

C    192.168.1.0/24 is directly connected, Serial1/1

S    192.168.2.0/24 is directly connected, Tunnel10

     61.0.0.0/30 is subnetted, 1 subnets

C       61.130.130.0 is directly connected, Serial1/0

S*   0.0.0.0/0 [1/0] via 61.130.130.2

r1#show running-config 

Building configuration...

 

Current configuration : 1003 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname r1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

interface Tunnel10

 ip address 192.168.4.1 255.255.255.0

 tunnel source 61.130.130.1

 tunnel destination 61.130.132.1

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial1/0

 ip address 61.130.130.1 255.255.255.252

 serial restart-delay 0

!

interface Serial1/1

 ip address 192.168.1.254 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!        

ip http server

ip route 0.0.0.0 0.0.0.0 61.130.130.2

ip route 192.168.2.0 255.255.255.0 Tunnel10

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

!        

!

end

r2#show running-config

Building configuration...

Current configuration : 757 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname r2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial1/0

 ip address 61.130.130.2 255.255.255.252

 serial restart-delay 0

!        

interface Serial1/1

 ip address 61.130.132.2 255.255.255.252

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

ip http server

!

!

control-plane

!        

!

line con 0

line aux 0

line vty 0 4

!

!

end

r3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 61.130.132.2 to network 0.0.0.0

C    192.168.4.0/24 is directly connected, Tunnel20

S    192.168.1.0/24 is directly connected, Tunnel20

C    192.168.2.0/24 is directly connected, Serial1/0

     61.0.0.0/30 is subnetted, 1 subnets

C       61.130.132.0 is directly connected, Serial1/1

S*   0.0.0.0/0 [1/0] via 61.130.132.2

r3#show running-config

Building configuration...

Current configuration : 1018 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname r3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

interface Tunnel20

 ip address 192.168.4.2 255.255.255.0

 tunnel source 61.130.132.1

 tunnel destination 61.130.130.1

!        

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial1/0

 ip address 192.168.2.254 255.255.255.0

 serial restart-delay 0

!

interface Serial1/1

 ip address 61.130.132.1 255.255.255.252

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

ip http server

ip route 0.0.0.0 0.0.0.0 61.130.132.2

ip route 192.168.1.0 255.255.255.0 Tunnel20

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

!

!

End

测试:

Pc1ping pc2

pc1#ping 192.168.2.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 136/148/172 ms

Pc2pingpc1

pc2#ping 192.168.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 100/147/204 ms

跟踪一下路由:

pc1#traceroute ip

Target IP address: 192.168.2.100

Source address: 192.168.1.100

Numeric display [n]:

Timeout in seconds [3]:

Probe count [3]:

Minimum Time to Live [1]:

Maximum Time to Live [30]:

Port Number [33434]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Type escape sequence to abort.

Tracing the route to 192.168.2.1

  1 192.168.1.254 68 msec 36 msec 52 msec

  2 192.168.4.2 100 msec 136 msec 140 msec

  3 192.168.2.100 188 msec 228 msec *

很显然ping包是从虚拟的隧道通过的

你可能感兴趣的:(Cisco,VPN,gre)