1.网段划分
172.16.0.0/16
172.16.0.0/19 六个区域借三位,八个网段用六段
128 64 32 16 8 4 2 1
172.16.0.0/19 area0
172.16.0.0/24--p2p
172.16.0.0/30
......
172.16.1.0/24--MA
172.16.1.0/29
......
172.16.32.0/19 area1
172.16.32.0/24--p2p
172.16.32.0/30
......
172.16.33.0/24--MA
172.16.33.0/29
......
172.16.64.0/19 area2
172.16.64.0/24--P2P
172.16.64.0/30
.....
172.16.65.0/24--MA
172.16.65.0/29
......
172.16.96.0/19 area3
172.16.96.0/24--P2P
172.16.96.0/30
......
172.16.97.0/24--MA
172.16.97.0/29
......
172.16.128.0/19 area4
172.16.128.0/24--P2P
172.16.128.0/30
......
172.16.129.0/24--MA
172.16.129.0/29
......
172.16.160.0/19 rip
172.16.160.0/24
172.16.161.0/24
172.16.192.0/19
172.16.224.0/19
2.拓扑概要
3.配各个公网链路和环回
area0
[R3]int s 4/0/0
[R3-Serial4/0/0]ip add 34.0.0.1 24
[R3-Serial4/0/0]q
[R3]ip route-static 0.0.0.0 0 34.0.0.2
[R4]int s 4/0/0
[R4-Serial4/0/0]ip add 34.0.0.2 24
[R4-Serial4/0/0]int s 4/0/1
[R4-Serial4/0/1]ip add 45.0.0.2 24
[R4-Serial4/0/1]int s 3/0/0
[R4-Serial3/0/0]ip add 46.0.0.2 24
[R4-Serial3/0/0]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip add 47.0.0.2 24
[R4-GigabitEthernet0/0/0]int lo 0 #公网环回模拟互联网
[R4-LoopBack0]ip add 4.4.4.4 24
[R5]int s 4/0/0
[R5-Serial4/0/0]ip add 45.0.0.1 24
[R5-Serial4/0/0]int l0
[R5-LoopBack0]ip add 172.16.2.1 24
[R5-LoopBack0]q
[R5]ip route-static 0.0.0.0 0 45.0.0.2
[R6]int s 4/0/0
[R6-Serial4/0/0]ip add 46.0.0.1 24
[R6-Serial4/0/0]int l0
[R6-LoopBack0]ip add 172.16.3.1 24
[R6-LoopBack0]q
[R6]ip route-static 0.0.0.0 0 46.0.0.2
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip add 47.0.0.1 24
[R7-GigabitEthernet0/0/0]int l0
[R7-LoopBack0]ip add 172.16.4.1 24
[R7-LoopBack0]q
[R7]ip route-static 0.0.0.0 0 47.0.0.2
area1
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 172.16.33.1 29
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip add 172.16.34.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 172.16.33.2 29
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip add 172.16.35.1 24
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip add 172.16.33.3 29
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip add 172.16.36.1 24
area2
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip add 172.16.64.1 30
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip add 172.16.64.2 30
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip add 172.16.64.5 30
[R11]int l0
[R11-LoopBack0]ip add 172.16.66.1 24
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip add 172.16.64.6 30
area3
[R7]int g0/0/1
[R7-GigabitEthernet0/0/1]ip add 172.16.96.1 30
[R8]int g0/0/0
[R8-GigabitEthernet0/0/0]ip add 172.16.96.2 30
[R8-GigabitEthernet0/0/0]int g0/0/1
[R8-GigabitEthernet0/0/1]ip add 172.16.96.5 30
[R8]int l0
[R8-LoopBack0]ip add 172.16.98.1 24
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip add 172.16.96.6 30
[R9]int l0
[R9-LoopBack0]ip add 172.16.99.1 24
area4
[R9]int g0/0/1
[R9-GigabitEthernet0/0/1]ip add 172.16.128.1 30
[R9-GigabitEthernet0/0/1]int l0
[R9-LoopBack0]ip add 172.16.130.1 24
[R10]int g0/0/0
[R10-GigabitEthernet0/0/0]ip add 172.16.128.2 30
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip add 172.16.131.1 24
RIP
[R12]int l0
[R12-LoopBack0]ip add 172.16.160.1 24
[R12-LoopBack0]int l1
[R12-LoopBack1]ip add 172.16.161.1 24
4.R3中心的MGRE隧道
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip add 172.16.1.1 29 #模拟MA骨干
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source 34.0.0.1
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry multicast dynamic #开启伪广播
interface Tunnel0/0/0
ip address 172.16.1.1 255.255.255.248
tunnel-protocol gre p2mp
source 34.0.0.1
nhrp entry multicast dynamic
nhrp network-id 100
[R5]int t 0/0/0
[R5-Tunnel0/0/0]ip add 172.16.1.2 29
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source s 4/0/0
[R5-Tunnel0/0/0]nhrp network-id 100
[R5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[R6]int t 0/0/0
[R6-Tunnel0/0/0]ip add 172.16.1.3 29
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]source s 4/0/0
[R6-Tunnel0/0/0]nhrp network-id 100
[R6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[R7]int t0/0/0
[R7-Tunnel0/0/0]ip add 172.16.1.4 29
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g 0/0/0
[R7-Tunnel0/0/0]nhrp network-id 100
[R7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
5.启动ospf
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.0]network 172.16.33.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]area 0
[R3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.3.1 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 172.16.1.3 0.0.0.0
[R6-ospf-1]area 2
[R5-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
[R7-ospf-1-area-0.0.0.0]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.96.0 0.0.31.255
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.96.6 0.0.0.0
[R9-ospf-1-area-0.0.0.3]area 4
[R9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.31.255
[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.31.255
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
6.更改R3,R5,R6,R7的tunnel接口类型
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf network-type p2mp
[R5]int Tunnel 0/0/0
[R5-Tunnel0/0/0]ospf network-type p2mp
[R6]int Tunnel 0/0/0
[R6-Tunnel0/0/0]ospf network-type p2mp
[R7]int Tunnel 0/0/0
[R7-Tunnel0/0/0]ospf network-type p2mp
7.在R12上进行重发布,使得运行OSPF的设备学习到域外路由信息
[R12]ospf 1
[R12-ospf-1]import-route rip
[R12-ospf-1]rip 1
[R12-rip-1]network 172.16.0.0
远离骨干的area4创建一个新的ospf区域2
[R9]ospf 1
[R9-ospf-1]undo area 4
[R9-ospf-2]q
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 0
[R9-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
[R9-ospf-2-area-0.0.0.0]q
[R9-ospf-2]q
[R9]ospf 1
[R9-ospf-1]import-route ospf 2
[R10]undo ospf 1
Warning: The OSPF process will be deleted. Continue? [Y/N]:y
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]area 0
[R10-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
8.路由汇总
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[R9]ospf 1
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[R12]ospf
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
9.特殊区域
[R1]ospf
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]stub
[R2]ospf
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub
[R3]ospf
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary
[R6]ospf
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]nssa
[R6-ospf-1-area-0.0.0.2]nssa no-summary
[R11]ospf
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]nssa
[R12]ospf
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]nssa
[R9]ospf 2
[R9-ospf-2]default-route-advertise
10.配置nat,使得可以访问公网
[R3]acl 2000
[R3-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000
[R5]acl 2000
[R5-acl-basic-2000]ru
[R5-acl-basic-2000]rule pe
[R5-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[R5-acl-basic-2000]int s 4/0/0
[R5-Serial4/0/0]nat
[R5-Serial4/0/0]nat out
[R5-Serial4/0/0]nat outbound 2000
[R6]acl 2000
[R6-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s 4/0/0
[R6-Serial4/0/0]int s 4/0/0
[R6-Serial4/0/0]nat ou
[R6-Serial4/0/0]nat outbound 2000
[R7]acl 2000
[R7-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g 0/0/0
[R7-GigabitEthernet0/0/0]nat ou
[R7-GigabitEthernet0/0/0]nat outbound 2000
11.区域加密认证
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
12.加快收敛,修改hello时间
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf timer hello 10
[R5]int Tunnel 0/0/0
[R5-Tunnel0/0/0]ospf timer hello 10
[R6]int Tunnel 0/0/0
[R6-Tunnel0/0/0]ospf timer hello 10
[R7]int Tunnel 0/0/0
[R7-Tunnel0/0/0]ospf timer hello 10
13.全网可达