目录
实验要求:
1.R4为ISP,其上只能配置IP地址;
R4与其他所有直连设备间均使用公有IP;
2.R3-R5/6/7为MGRE环境,R3为中心站点;
3.整个OSPF环境IP基于172.16.0.0/16划分;
4.所有设备均可访问R4的环回;
5.减少LSA的更新量,加快收效,保障更新安全;
6.全网可达。
划分网段:
172.16.0.0/16--借1位,划分两个网段给OSPF和RIP网络
172.16.0.0/17 ---OSPF
有5个区域,借3位,划分6个网段
172.16.0.0/20 --area 0
172.16.0.0/24--MGRE
172.16.1.0/24--R5
172.16.2.0/24--R6
172.16.3.0/24--R7
172.16.16.0/20 --area 1
172.16.16.0/24--骨干
( 172.16.16.0/30--不够划分)
172.16.16.0/29
...
172.16.17.0/24--R1
172.16.18.0/24--R2
172.16.19.0/24--R3
172.16.32.0/20 --area 2
172.16.32.0/24--骨干
172.16.32.0/30
172.16.33.4/30
...
172.16.33.0/24--R11
....
172.16.48.0/20 --area 3
172.16.48.0/24--骨干
172.16.48.0/30
172.16.48.4/30
...
172.16.49.0/24--R8
....
172.16.64.0/20 --arae 4
172.16.64.0/24--骨干
172.16.64.0/30
...
172.16.65.0/24--R9
172.16.66.0/24--R10
172.16.80.0/20--预留
172.16.128.0/17 --RIP
172.16.128.0/18--环回
172.16.192.0/18--环回
一、基础配置
1.Area 1
R1:
[R1-GigabitEthernet0/0/0]ip add 172.16.16.1 29
[R1-GigabitEthernet0/0/0]int l0
[R1-LoopBack0]ip add 172.16.17.1 24
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.17.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]network 172.16.16.1 0.0.0.0
R2:
[R2-GigabitEthernet0/0/0]ip add 172.16.16.2 29
[R2-GigabitEthernet0/0/0]int l0
[R2-LoopBack0]ip add 172.16.18.1 24
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.18.1 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 172.16.16.2 0.0.0.0
R3:
[R3-GigabitEthernet0/0/0]ip add 172.16.16.3 29
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip add 172.16.19.1 24
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 172.16.19.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 172.16.16.3 0.0.0.0
测试area 1的连通性:
2.Area 0
R3:
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 43.0.0.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.0.255
R4:
[ISP]int s4/0/0
[ISP-Serial4/0/0]ip add 43.0.0.4 24
[ISP-Serial4/0/0]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 47.0.0.7 24
[ISP-GigabitEthernet0/0/0]int s3/0/1
[ISP-Serial3/0/1]ip add 46.0.0.4 24
[ISP-Serial3/0/1]int s3/0/0
[ISP-Serial3/0/0]ip add 45.0.0.4 24
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
R5:
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 45.0.0.5 0.0.0.0
R6:
[R6]int s4/0/0
[R6-Serial4/0/0]ip add 46.0.0.6 24
[R6-Serial4/0/0]int l0
[R6]int g0/0/1
[R6-GigabitEthernet0/0/1]ip add 172.16.32.1 30
[R6-LoopBack0]ip add 172.16.2.1 24
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[R6-ospf-1-area-0.0.0.0]network 46.0.0.6 0.0.0.0
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]network 172.16.32.1 0.0.0.0
R7:
GigabitEthernet0/0/0 47.0.0.7/24
GigabitEthernet0/0/1 172.16.48.1/30
LoopBack0 172.16.3.1/24
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 47.0.0.7 0.0.0.0
network 172.16.3.1 0.0.0.0
写缺省,公网可达:
[R3]ip route-static 0.0.0.0 0 43.0.0.4
[R5]ip route-static 0.0.0.0 0 45.0.0.4
[R6]ip route-static 0.0.0.0 0 46.0.0.4
[R7]ip route-static 0.0.0.0 0 47.0.0.4
测试连通性:
3.Area2
R11:
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.33.1 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.32.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.32.5 0.0.0.0
R12:
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]network 172.16.32.6 0.0.0.0
4.Area 3
R8:
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.49.1 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.48.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.48.5 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.48.5 0.0.0.0
5.Area 4
R9:
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.48.6 0.0.0.0
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4] network 172.16.64.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]network 172.16.65.1 0.0.0.0
R10:
[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.66.1 0.0.0.0
[R10-ospf-1-area-0.0.0.4]network 172.16.64.2 0.0.0.0
二、配置MGRE:
R3:
[R3]int t0/0/0
[R3-Tunnel0/0/0]ip add 172.16.0.1 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 4/0/0
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]nhrp redirect
R5:
[R5]int t0/0/0
[R5-Tunnel0/0/0]ip add 172.16.0.2 24
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source s4/0/0
[R5-Tunnel0/0/0]nhrp entry 172.16.0.1 43.0.0.3 register
[R5-Tunnel0/0/0]ospf network-type broadcast
[R5-Tunnel0/0/0]ospf dr-priority 0
[R5-Tunnel0/0/0]nhrp shortcut
R6:
[R6]int t0/0/0
[R6-Tunnel0/0/0]ip add 172.16.0.3 24
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]source s4/0/0
[R6-Tunnel0/0/0]nhrp entry 172.16.0.1 43.0.0.3 register
[R6-Tunnel0/0/0]ospf network-type broadcast
[R6-Tunnel0/0/0]ospf dr-priority 0
R7:
[R7]int t0/0/0
[R7-Tunnel0/0/0]ip add 172.16.0.4 24
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source g0/0/0
[R7-Tunnel0/0/0]nhrp entry 172.16.0.1 43.0.0.3 register
[R7-Tunnel0/0/0]ospf network-type broadcast
[R7-Tunnel0/0/0]ospf dr-priority 0
查看nhrp映射表:
查看学到的ospf路由表:
拓扑中已经成功学习到与骨干区域相连的非骨干区域的路由信息;
R12:
ospf 1 router-id 12.12.12.12
import-route rip 1 --把rip重发布area 2的ospf 1进程中
#
rip 1
undo summary
version 2
network 172.16.0.0
import-route ospf 1 --把area 2的ospf 1进程重发布到rip中
#
这会就能学到rip区域的路由信息:
测试一下连通性:
对R9:
#
ospf 1 router-id 9.9.9.9
import-route ospf 2 ---把ospf 2 重发布到ospf 里
area 0.0.0.3
network 172.16.48.6 0.0.0.0
area 0.0.0.4
#
#
ospf 2 router-id 9.9.9.9
import-route ospf 1 --把ospf 1 中发布到ospf 2里
area 0.0.0.4
network 172.16.64.1 0.0.0.0
network 172.16.65.1 0.0.0.0
#
这会学到了area 4的路由信息:
测试连通性:
这会则可实现全网可达。
二、加快收敛
[R7-Tunnel0/0/0]ospf timer hello 10
[R3-Tunnel0/0/0]ospf timer hello 10
[R5-Tunnel0/0/0]ospf timer hello 10
[R6-Tunnel0/0/0]ospf timer hello 10
三、划分特殊区域,减少LSA的更新量
1.Totally Stub:Aarea1
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]stub
2.Totally NSSA:Area2
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary
[R11]ospf 1
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]nssa
[R12]ospf 1
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]nssa
3.Totally NSSA:Area 3
[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary
[R8-ospf-1-area-0.0.0.3]nssa
[R9-ospf-1-area-0.0.0.3]nssa
四、所有设备均可访问R4的环回
做端口映射
R3:
[R3]acl number 2000
[R3-acl-basic-2000]rule 5 permit source 172.16.16.0 0.0.15.255
[R3-acl-basic-2000]q
[R3]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000
R6:
[R6]acl number 2000
[R6-acl-basic-2000]rule 15 permit source 172.16.128.0 0.0.64.255
[R6-acl-basic-2000]rule 5 permit source 172.16.32.0 0.0.15.255
[R6]int s4/0/0
[R6-Serial4/0/0]nat outbound 2000
R7:
[R7]acl number 2000
[R7-acl-basic-2000]rule 5 permit source 172.16.48.0 0.0.15.255
[R7-acl-basic-2000]rule 15 permit source 172.16.64.0 0.0.15.255
[R7-GigabitEthernet0/0/0]nat outbound 2000
测试:
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
