一.题目
1、r4为ISP,其上只能配置IP地址;r4与其他所有直连设备间使用公有IP;
2、r3—r5/6/7为MGRE环境,r3为中心站点
3、所有设备均可方位r4的环回;
4、减少LSA的更新量。加快收敛,保障更新安全
5、全网可达
二、配置
1.网络拓扑图
2.IP配置
设备 | IP |
---|---|
R1 | g0/0/0 10.1.123.1/24 |
LoopBack0 10.1.1.1/32 | |
R2 | g0/0/0 10.1.123.2/24 |
LoopBack0 10.1.2.1/32 | |
R3 | s4/0/0 200.1.34.1/24 |
LoopBack0 10.1.3.1/32 | |
g0/0/0 10.1.123.3/24 | |
R4 | s3/0/0 200.1.34.2/24 |
s3/0/1 200.1.45.2/24 | |
s4/0/0 200.1.46.2/24 | |
s4/0/1 200.1.47.2/24 | |
LoopBack0 8.8.8.8/24 | |
R5 | LoopBack0 10.0.5.1/32 |
s4/0/0 200.1.45.1/24 | |
R6 | s4/0/0 200.1.46.1/24 |
LoopBack0 10.0.6.1/32 | |
s4/0/1 10.2.116.6/24 | |
R7 | s4/0/0 200.1.47.1/24 |
LoopBack0 10.0.7.1 32 | |
s4/0/1 10.3.78.7/24 | |
R8 | s4/0/0 10.3.78.8/24 |
LoopBack0 10.3.8.1/32 | |
s4/0/1 10.3.89.8/24 | |
R9 | s4/0/0 10.3.89.9/24 |
LoopBack0 10.4.9.1/32 | |
s4/0/1 10.4.109.9/24 | |
R10 | s4/0/0 10.4.109.10/24 |
LoopBack0 10.4.10.1/32 | |
R11 | LoopBack0 10.2.11.1/32 |
s4/0/0 10.2.116.11/24 | |
s4/0/1 10.2.112.11/24 | |
R12 | LoopBack0 10.8.1.1/32 |
LoopBack1 10.8.2.2/32 | |
s4/0/0 10.2.112.12/24 |
配置完接口地址之后,对R3,R5,R6,R7 配置缺省路由,指向R4
R3
ip route-static 0.0.0.0 0 200.1.34.2
R5
ip route-static 0.0.0.0 0 200.1.45.2
R6
ip route-static 0.0.0.0 0 200.1.46.2
R7
ip route-static 0.0.0.0 0 200.1.47.2
测试缺省路由
由图可知连通性良好
3 r3—r5/6/7为MGRE环境,r3为中心站点
R3 : 10.0.30.3
int Tunnel 0/0/0
ip add 10.0.30.3 24
tunnel-protocol gre p2mp
source s4/0/0
nhrp network-id 1
nhrp entry multicast dynamic
nhrp authentication cipher 123 # 认证
gre key 123 #三种保护措施,防止其他用户进入当前MGRE网络(network-id ,cipher,key)
R5 :
int Tunnel 0/0/0
ip add 10.0.30.5 24
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 1
nhrp authentication cipher 123
nhrp entry 10.0.30.3 200.1.34.1 register
R6 :
int t0/0/0
ip add 10.0.30.6 24
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 1
nhrp authentication cipher 123
nhrp entry 10.0.30.3 200.1.34.1 register
R7 :
int t0/0/0
ip add 10.0.30.7 24
tunnel-protocol gre p2mp
source s4/0/0
gre key 123
nhrp network-id 1
nhrp authentication cipher 123
nhrp entry 10.0.30.3 200.1.34.1 register
4、所有设备均可方位r4的环回;(配置OSPF)
区域0
R3
ospf 1 router-id 3.3.3.3
area 0
network 10.0.30.0 0.0.0.255
R5
ospf 1 router-id 5.5.5.5
area 0
network 10.0.5.1 0.0.0.0
network 10.0.30.0 0.0.0.255
R6
ospf 1 router-id 6.6.6.6
area 0
network 10.0.6.1 0.0.0.0
network 10.0.30.0 0.0.0.255
R7
ospf 1 router-id 7.7.7.7
area 0
network 10.0.30.0 0.0.0.255
network 10.0.7.1 0.0.0.0
修改接口类型,把ospf在MGRE环境下的工作模式设置成广播模式,然后人工干涉选举DR
R3
int t0/0/0
ospf network-type broadcast
R5
INT t0/0/0
ospf network-type broadcast
ospf dr-priority 0
R6
int t0/0/0
ospf network-type broadcast
ospf dr-priority 0
R7
int t0/0/0
ospf network-type broadcast
ospf dr-priority 0
测试
配置其他的OSPF
区域1
R3
ospf
area 1
network 10.1.123.0 0.0.0.255
network 10.1.3.1 0.0.0.0
R1
ospf 1 router-id 1.1.1.1
area 1
network 10.1.1.1 0.0.0.0
network 10.1.123.0 0.0.0.255
R2
ospf 1 router-id 2.2.2.2
area 1
network 10.1.2.1 0.0.0.0
network 10.1.123.0 0.0.0.255
区域2
R6
ospf 1
area 2
network 10.2.116.0 0.0.0.255
R11
ospf 1 router-id 11.11.11.11
area 2
network 10.2.11.1 0.0.0.0
network 10.2.116.0 0.0.0.255
network 10.2.112.0 0.0.0.255
R12
ospf 1 router-id 12.12.12.12
area 2
network 10.2.112.0 0.0.0.255
在R12路由器上启动rip进程,将两条环回宣告进rip,再重发布
rip
ver 2
undo summary
network 10.0.0.0
q
ospf 1
import-route rip
区域3
R7
ospf 1 router-id 7.7.7.7
area 3
network 10.3.78.0 0.0.0.255
R8
ospf 1 router-id 8.8.8.8
area 3
network 10.3.78.0 0.0.0.255
network 10.3.89.0 0.0.0.255
network 10.3.8.1 0.0.0.0
R9
ospf 1 router-id 9.9.9.9
area 3
network 10.3.89.0 0.0.0.255
区域4
利用双进程多项重发布将不规则区域打通
R9
ospf 2 router-id 9.9.9.9
a 4
network 10.4.9.1 0.0.0.0
network 10.4.109.0 0.0.0.255
q
ospf 1
import-route ospf 2
q
ospf 2
import-route ospf 1
R10
ospf 1 router-id 10.10.10.10
area 4
network 10.4.109.0 0.0.0.255
network 10.4.10.1 0.0.0.0
5.减少LSA的更新量。加快收敛,保障更新安全
将区域1设置STUB区域,将区域2与区域3设置NSSA
区域1
R1
ospf 1
a 1
stub
R2
ospf 1
a 1
stub
R3
ospf 1
a 1
stub no-summary
区域2
R6
ospf 1
a 2
nssa no-summary
R11
ospf 1
a 2
nssa
R12
ospf 1
a 2
nssa
区域3
R7
ospf 1
a 3
nssa no-summary
R8
ospf 1
a 3
nssa
R9
ospf 1
a 3
nssa
在R3/6/7/9/12上进行汇总,尽量减少骨干区域0的LSA更新量
R3
ospf 1
a 1
abr-summary 10.1.0.0 255.255.0.0
R7
ospf 1
a 3
abr-summary 10.3.0.0 255.255.0.0
R6
ospf 1
a 2
abr-summary 10.2.0.0 255.255.0.0
R12
ospf 1
asbr-summary 10.8.0.0 255.255.0.0
R9
ospf
asbr-summary 10.4.0.0 255.255.0.0
全网通信
测试使用R1连通各环回
与a4区域不通,因为R9重发布,没有把缺省路由发送到R10,
解决方案
R9
ospf 2
default-route-advertise
6.与公网全网可达(所有设备均可访问r4的环回)
使用nat服务,使其可以访问公网
R3
acl 2000
rule permit source 10.1.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
R6
acl 2000
rule permit source 10.2.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
R7
acl 2000
rule permit source 10.3.0.0 0.0.255.255
q
int s4/0/0
nat outbound 2000
测试
实验结束