题目:
我的拓扑图:
相应配置参考拓扑图:
1、配置缺省路由指向外网
[R1]ip route-static 0.0.0.0 0 17.1.1.7
[R2]ip route-static 0.0.0.0 0 27.1.1.7
[R3]ip route-static 0.0.0.0 0 37.1.1.7
[R4]ip route-static 0.0.0.0 0 34.1.1.3
[R5]ip route-static 0.0.0.0 0 45.1.1.4
[R6]ip route-static 0.0.0.0 0 56.1.1.5
查看连通性:
2、设置R1/2/3为全连MGRE结构
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 17.1.1.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.2 register
[R1-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.3 register
[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 10.1.1.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source 27.1.1.2
[R2-Tunnel0/0/0]nhrp entry multicast dynamic
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 10.1.1.1 17.1.1.1 register
[R2-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.3 register
[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source 37.1.1.3
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 17.1.1.1 register
[R3-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.2 register
测试连通性:
3、启动ospf协议
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
R3的区域0
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
R3的区域1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 34.1.1.0 0.0.0.255
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 34.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]network 45.1.1.0 0.0.0.255
R5的区域1
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]network 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.1]network 45.1.1.0 0.0.0.255
R5的区域2
[R5-ospf-1]area 2
[R5-ospf-1-area-0.0.0.2]network 56.1.1.0 0.0.0.255
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]network 6.6.6.6 0.0.0.0
[R6-ospf-1-area-0.0.0.2]network 56.1.1.0 0.0.0.255
1)tunnel接口默认的点到点工作方式,只能建立一个邻居,需要修改接口工作方式为broadcast。
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ospf network-type broadcast
[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ospf network-type broadcast
[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf network-type broadcast
2)修改后,邻接关系正常建立
3)测试连通性
4、因为a2区域为远离了骨干的非骨干区域,所以不能正常通信
1)创建一个ospf虚拟路,使非法ABR R5具有区域间路由共享的能力
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]vlink-peer 5.5.5.5
[R5]ospf 1
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]vlink-peer 3.3.3.3
2)测试连通性
至此所有私有网段实现全网互通
5、R4-R6可以正常访问环回
1)在R3上创建NAT,使私网可以访问外网
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 34.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 45.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 56.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 4.4.4.4 0.0.0.0
[R3-acl-basic-2000]rule permit source 5.5.5.5 0.0.0.0
[R3-acl-basic-2000]rule permit source 6.6.6.6 0.0.0.0
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000
2)连通性测试:
6、R1telnetR3公有IP,实际登录到R6
1)在R6上创建远程登录
[R6]aaa
[R6-aaa]local-user huawei password cipher 123
Info: Add a new user.
[R6-aaa]local-user huawei service-type telnet
[R6-aaa]local-user huawei privilege level 15
[R6]user-interface vty 0 4
[R6-ui-vty0-4]authentication-mode aaa
2)在R3上的公有IP地址接口创建NAT转接
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 23 ins
ide 56.1.1.6 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
3)查看结果:R1 telnet R3的公有IP:37.1.1.3 ,最后登录到了R6,实现结果!