OSPF综合实验

题目：

我的拓扑图：

相应配置参考拓扑图：

1、配置缺省路由指向外网

[R1]ip route-static 0.0.0.0 0 17.1.1.7

[R2]ip route-static 0.0.0.0 0 27.1.1.7

[R3]ip route-static 0.0.0.0 0 37.1.1.7

[R4]ip route-static 0.0.0.0 0 34.1.1.3

[R5]ip route-static 0.0.0.0 0 45.1.1.4

[R6]ip route-static 0.0.0.0 0 56.1.1.5

查看连通性：

2、设置R1/2/3为全连MGRE结构

[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R1-Tunnel0/0/0]source 17.1.1.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic 
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.2 register 
[R1-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.3 register 


[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 10.1.1.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R2-Tunnel0/0/0]source 27.1.1.2
[R2-Tunnel0/0/0]nhrp entry multicast dynamic 
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 10.1.1.1 17.1.1.1 register 
[R2-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.3 register 


[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]source 37.1.1.3
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 17.1.1.1 register 
[R3-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.2 register 

测试连通性：

3、启动ospf协议

[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255


[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

R3的区域0
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
R3的区域1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 34.1.1.0 0.0.0.255


[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 34.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]network 45.1.1.0 0.0.0.255

R5的区域1
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]network 5.5.5.5 0.0.0.0 
[R5-ospf-1-area-0.0.0.1]network 45.1.1.0 0.0.0.255
R5的区域2
[R5-ospf-1]area 2
[R5-ospf-1-area-0.0.0.2]network 56.1.1.0 0.0.0.255


[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]network 6.6.6.6 0.0.0.0
[R6-ospf-1-area-0.0.0.2]network 56.1.1.0 0.0.0.255

1）tunnel接口默认的点到点工作方式，只能建立一个邻居，需要修改接口工作方式为broadcast。

[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ospf network-type broadcast 

[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ospf network-type broadcast 

[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf network-type broadcast 

2）修改后，邻接关系正常建立

3）测试连通性

4、因为a2区域为远离了骨干的非骨干区域，所以不能正常通信

1）创建一个ospf虚拟路，使非法ABR R5具有区域间路由共享的能力

[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]vlink-peer 5.5.5.5


[R5]ospf 1
[R5-ospf-1]area 1
[R5-ospf-1-area-0.0.0.1]vlink-peer 3.3.3.3

2）测试连通性

至此所有私有网段实现全网互通

5、R4-R6可以正常访问环回

1）在R3上创建NAT，使私网可以访问外网

[R3]acl 2000	
[R3-acl-basic-2000]rule permit source 34.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 45.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 56.1.1.0 0.0.0.255
[R3-acl-basic-2000]rule permit source 4.4.4.4 0.0.0.0
[R3-acl-basic-2000]rule permit source 5.5.5.5 0.0.0.0
[R3-acl-basic-2000]rule permit source 6.6.6.6 0.0.0.0

[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000

2）连通性测试：

6、R1telnetR3公有IP，实际登录到R6

1）在R6上创建远程登录

[R6]aaa
[R6-aaa]local-user huawei password cipher 123
Info: Add a new user.
[R6-aaa]local-user huawei service-type telnet
[R6-aaa]local-user huawei privilege level 15

[R6]user-interface vty 0 4
[R6-ui-vty0-4]authentication-mode aaa

2）在R3上的公有IP地址接口创建NAT转接

[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 23 ins
ide 56.1.1.6 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

3）查看结果：R1 telnet R3的公有IP：37.1.1.3  ，最后登录到了R6，实现结果！