实验要求如下:
r1上配置:
[r1-GigabitEthernet0/0/0]ip address 192.168.1.2 24
[r1-GigabitEthernet0/0/2]ip address 14.1.1.1 24
[r1-GigabitEthernet0/0/1]ip address 41.1.1.1 2
r2上配置:
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[r2-GigabitEthernet0/0/1]ip address 24.1.1.1 24
r3上配置:
[r3-GigabitEthernet0/0/1]ip address 192.168.3.2 24
[r3-GigabitEthernet0/0/1]ip address 34.1.1.1 24
r5上配置:
[r5-GigabitEthernet0/0/0]ip address 192.168.5.2 24
[r5-GigabitEthernet0/0/1]ip address 54.1.1.1 24
r6上配置:
[r6-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[r6-GigabitEthernet0/0/1]ip address 64.1.1.1 24
r4上环回给的是4.4.4.4
第二步、下发缺省路由和配置NAT
缺省:
[r1]ip route-static 0.0.0.0 0 14.1.1.2
[r1]ip route-static 0.0.0.0 0 41.1.1.2
[r2]ip route-static 0.0.0.0 0 24.1.1.2
[r3]ip route-static 0.0.0.0 0 34.1.1.2
[r5]ip route-static 0.0.0.0 0 54.1.1.2
[r6]ip route-static 0.0.0.0 0 64.1.1.2
NAT:
acl 2000
rule 1 permit source any
interface g0/0/1
nat outbound 2000
第三步、R1R2R3为星型结构的MGRE环境,R1为中心
R1中心配置:网段给的是10.0.0.0网段 域ID100
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 14.1.1.1
[r1-Tunnel0/0/0]nhrp network-id 100
R2分支配置:
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 10.1.1.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]source g0/0/1 //用端口号来代替IP地址,解决IP地址不固定问题
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 register
R3分支配置:
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.1.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source g0/0/1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 register
第四步、R1R5R6为全连的MGRE环境(定R1R5为中心站点)
定R1R5为中心,也就是要分别对R1和R5注册。隧道给0/0/1接口,网段20.0.0.0 域ID200
r1上配置:
[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]ip address 20.1.1.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre p2mp
[r1-Tunnel0/0/1]source 41.1.1.1
[r1-Tunnel0/0/1]nhrp network-id 200
[r1-Tunnel0/0/1]nhrp entry 20.1.1.5 54.1.1.1 register //中心r1给中心r5注册
r5上配置:
[r5]interface Tunnel 0/0/1
[r5-Tunnel0/0/1]ip address 20.1.1.5 24
[r5-Tunnel0/0/1]tunnel-protocol gre p2mp
[r5-Tunnel0/0/1]source 54.1.1.1
[r5-Tunnel0/0/1]nhrp network-id 200
[r5-Tunnel0/0/1]nhrp entry 20.1.1.2 41.1.1.1 register
r6上配置:(r6需要给两个中心都注册)
[r6]interface Tunnel 0/0/1
[r6-Tunnel0/0/1]ip address 20.1.1.6 24
[r6-Tunnel0/0/1]tunnel-protocol gre p2mp
[r6-Tunnel0/0/1]source 64.1.1.1
[r6-Tunnel0/0/1]nhrp network-id 200
[r6-Tunnel0/0/1]nhrp entry 20.1.1.2 41.1.1.1 register
[r6-Tunnel0/0/1]nhrp entry 20.1.1.5 54.1.1.1 register
最后一步,使用OSPF实现整个私有网段的互通
首先跟正常配置ospf方法一样,在宣告网段时只用宣告私网网段和隧道网段即可,公网接口网段先不管
r1ospf配置:
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
其余路由器大经相同,就是宣告网段不一样,注意区分不同路由隧道网段
r2ospf配置:
[r2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
r3ospf配置:
[r3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
r5ospf配置:
[r5-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[r5-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
r6ospf配置:
[r6-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[r6-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255