一.题目
1、r4为ISP,其上只能配置IP地址;r4与其他所有直连设备间使用公有IP;
2、r3—r5/6/7为MGRE环境,r3为中心站点
3、整个OSPF环境IP地址为172.16.0.0/16
4、所有设备均可方位r4的环回;
5、减少LSA的更新量。加快收敛,保障更新安全
6、全网可达
二、配置
1.网络拓扑图
2.IP配置
因为大体上有六个区域,所以ip地址划分划分为六个区域
变长子网掩码,借两位分为8个网段
172.16.0.0/19
172.16.32.0/19
172.16.64.0/19
172.16.96.0/19
172.16.128.0/19
172.16.160.0/19
172.16.192.0/19
172.16.224.0/19
区域1:
使用 172.16.32.0/19
172.16.32.0/25 p2p
172.16.32.128/25 MA
区域0:
使用 172.16.0.0/19
骨干
172.16.0.0/25 ——p2p 172.16.0.0/30
172.16.0.128/25 ——MA 172.16.0.128/29
区域2:
使用 172.16.64.0/19
172.16.64.0/25 p2p
区域3:
使用 172.16.96.0/19
区域4:
使用 172.16.128.0/19
RIP:
使用 172.16.160.0/19
172.16.160.0/20
172.16.176.0/20
设备 | IP |
---|---|
R1 | g0/0/0 172.16.32.129/29 |
LoopBack0 172.16.33.1/25 | |
R2 | g0/0/0 172.16.32.130/29 |
LoopBack0 172.16.33.129/25 | |
R3 | s4/0/0 34.1.1.1/24 |
LoopBack0 172.16.34.1/25 | |
g0/0/0 172.16.32.131/29 | |
R4 | s3/0/0 34.1.1.2/24 |
s3/0/1 54.1.1.2/24 | |
s4/0/0 64.1.1.2/24 | |
s4/0/1 74.1.1.2/24 | |
LoopBack0 4.4.4.4/24 | |
R5 | LoopBack0 172.16.1.1/25 |
s4/0/0 54.1.1.2/24 | |
R6 | s4/0/0 64.1.1.2/24 |
LoopBack0 172.16.1.129/25 | |
s4/0/1 172.16.64.1/30 | |
R7 | 74.1.1.2/24 |
LoopBack0 172.16.2.1/25 | |
s4/0/1 172.16.96.1/30 | |
R8 | s4/0/0 172.16.96.2/30 |
LoopBack0 172.16.97.1/25 | |
s4/0/1 172.16.96.5/30 | |
R9 | s4/0/0 172.16.96.6/30 |
LoopBack0 172.16.129.1/25 | |
s4/0/1 172.16.128.1/30 | |
R10 | s4/0/0 172.16.128.2/30 |
LoopBack0 172.16.129.129/25 | |
R11 | LoopBack0 172.16.65.1/25 |
s4/0/0 172.16.64.2/30 | |
s4/0/1 172.16.64.5/30 | |
R12 | LoopBack0 172.16.160.1/20 |
LoopBack1 172.16.176.1/20 | |
s4/0/0 1172.16.64.6/30 |
配置完接口地址之后,对R3,R5,R6,R7 配置缺省路由,指向R4
R3
ip route-static 0.0.0.0 0 34.1.1.2
R5
ip route-static 0.0.0.0 0 54.1.1.2
R6
ip route-static 0.0.0.0 0 64.1.1.2
R7
ip route-static 0.0.0.0 0 74.1.1.2
测试缺省路由
由图可知连通性良好
3 r3—r5/6/7为MGRE环境,r3为中心站点
R3 :
int Tunnel 0/0/0
ip add 172.16.0.129 29
tunnel-protocol gre p2mp
source s4/0/0
nhrp network-id 100
nhrp entry multicast dynamic
nhrp authentication cipher 123 # 认证
gre key 123 #三种保护措施,防止其他用户进入当前MGRE网络(network-id ,cipher,key)
R5 :
int Tunnel 0/0/0
ip add 172.16.0.130 29
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 100
nhrp authentication cipher 123
nhrp entry 172.16.0.129 34.1.1.1 register
R6 :
int t0/0/0
ip add 172.16.0.131 29
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 100
nhrp authentication cipher 123
nhrp entry 172.16.0.129 34.1.1.1 register
R7 :
int t0/0/0
ip add 172.16.0.132 29
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 1
nhrp authentication cipher 123
nhrp entry 172.16.0.129 34.1.1.1 register
测试
4、所有设备均可方位r4的环回;(配置OSPF)
区域0
R3
ospf 1 router-id 3.3.3.3
area 0
network 172.16.0.129 0.0.0.0
R5
ospf 1 router-id 5.5.5.5
area 0
network 172.16.0.0 0.0.255.255
R6
ospf 1 router-id 6.6.6.6
area 0
network 172.16.0.0 0.0.1.255
R7
ospf 1 router-id 7.7.7.7
area 0
network 172.16.0.0 0.0.3.255
修改接口类型,把ospf在MGRE环境下的工作模式设置成广播模式,然后人工干涉选举DR
R3
int t0/0/0
ospf network-type broadcast
R5
int t0/0/0
ospf network-type broadcast
ospf dr-priority 0
R6
int t0/0/0
ospf network-type broadcast
ospf dr-priority 0
R7
int t0/0/0
ospf network-type broadcast
ospf dr-priority 0
测试
配置其他的OSPF
区域1
R3
ospf 1 router-id 3.3.3.3
area 1
network 172.16.32.0 0.0.3.255
R1
ospf 1 router-id 1.1.1.1
area 1
network 172.16.0.0 0.0.255.255
R2
ospf 1 router-id 2.2.2.2
area 1
network 172.16.0.0 0.0.255.255
区域2
R6
ospf 1
area 2
network 172.16.64.1 0.0.0.0
R11
ospf 1 router-id 11.11.11.11
area 2
network 172.16.0.0 0.0.255.255
R12
ospf 1 router-id 12.12.12.12
area 2
network 172.16.64.6 0.0.0.0
q
在R12路由器上启动rip进程,将两条环回宣告进rip,再重发布
rip 1
ver 2
undo summary
network 172.16.0.0
q
ospf 1
import-route rip
区域3
R7
ospf 1 router-id 7.7.7.7
area 3
network 172.16.96.1 0.0.0.0
R8
ospf 1 router-id 8.8.8.8
area 3
network 172.16.0.0 0.0.255.255
R9
ospf 1 router-id 9.9.9.9
area 3
network 172.16.96.6 0.0.0.0
区域4
R9
ospf 1 router-id 9.9.9.9
area 4
network 172.16.128.0 0.0.1.255
R10
ospf 1 router-id 10.10.10.10
area 4
network 172.16.0.0 0.0.255.255
利用双进程多项重发布将不规则区域打通
R9
ospf
a 4
undo network 172.16.128.0 0.0.1.255
q
q
ospf 2 router-id 9.9.9.9
a 4
network 172.16.128.0 0.0.1.255
q
default-route-advertise
q
ospf 1
import-route ospf 2
5.将区域1设置STUB区域,将区域2与区域3设置NSSA
区域1
R1
ospf 1
a 1
stub
R2
ospf 1
a 1
stub
R3
ospf 1
a 1
abr-summary 172.16.32.0 255.255.224.0
stub no-summary
q
q
ip route-static 172.16.32.0 19 NULL 0 #防环
区域2
R6
ospf 1
a 2
abr-summary 172.16.64.0 255.255.224.0
nssa no-summary
q
q
ip route-static 172.16.64.0 19 NULL 0
R11
ospf 1
a 2
nssa
R12
ospf 1
a 2
nssa
区域3
R7
ospf 1
a 3
nssa no-summary
abr-summary 172.16.96.0 255.255.224.0
q
q
ip route-static 172.16.96.0 19 NULL 0
R8
ospf 1
a 3
nssa
R12
ospf 1
asbr-summary 172.16.160.0 255.255.224.0
q
q
ip route-static 172.16.160.0 19 NULL 0
R9
ospf 1
a 3
nssa
asbr-summary 172.16.128.0 255.255.224.0
q
ip route-static 172.16.128.0 19 NULL 0
R9重发布,没有把缺省路由发送到R10,
R9
ospf 2
default-route-advertise
测试内网
6.与公网全网可达
R3
acl 2000
rule permit source 172.16.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
R6
acl 2000
rule permit source 172.16.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
R7
acl 2000
rule permit source 172.16.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
测试