要求:
1,R4为ISP,其上只能配置IP地址; R4与其他所有直连设备间均使用公有IP
2, R3-R5/6/7为MGRE环境,R3为中心站点;
3, 整个OSPF环境IP基于172.16.0.0/16划分;
4, 所有设备均可访问R4的环回;减少LSA的更新量,加快收敛,保障更新安全;
5, 全网可达
一.配置缺省路由
[r3]ip route-static 0.0.0.0 0 34.0.0.4
[r5]ip route-static 0.0.0.0 0 45.0.0.4
[r6]ip route-static 0.0.0.0 0 46.0.0.4
[r7]ip route-static 0.0.0.0 0 47.0.0.4
二.配置环境
AR3
[r3]int Tunnel 0/0/0[r3-Tunnel0/0/0]ip address 172.16.0.1 255.255.255.0
[r3-Tunnel0/0/0] tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial4/0/0
[r3-Tunnel0/0/0]ospf network-type broadcast
[r3-Tunnel0/0/0]nhrp redirect
[r3-Tunnel0/0/0]nhrp entry multicast dynamicAR5
[r5]int tunnel0/0/0[r5-Tunnel0/0/0ip address 172.16.0.2 255.255.255.0
[r5-Tunnel0/0/0 tunnel-protocol gre p2mp
[r5-Tunnel0/0/0source Serial4/0/0
[r5-Tunnel0/0/0ospf network-type broadcast
[r5-Tunnel0/0/0 ospf dr-priority 0
[r5-Tunnel0/0/0 nhrp shortcut[r5-Tunnel0/0/0nhrp entry 172.16.0.1 34.0.0.3 register
AR6
[r6]int t0/0/0[r6-Tunnel0/0/0]ip address 172.16.0.3 255.255.255.0
[r6-Tunnel0/0/0] tunnel-protocol gre p2mp
[r6-Tunnel0/0/0] source Serial4/0/0
[r6-Tunnel0/0/0] ospf network-type broadcast
[r6-Tunnel0/0/0]ospf dr-priority 0
[r6-Tunnel0/0/0] nhrp shortcut
[r6-Tunnel0/0/0] nhrp entry 172.16.0.1 34.0.0.3 registerAR7
[r7]int t0/0/0[r7-Tunnel0/0/0] address 172.16.0.4 255.255.255.0
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp
[r7-Tunnel0/0/0] source GigabitEthernet0/0/0
[r7-Tunnel0/0/0] ospf network-type broadcast
[r7-Tunnel0/0/0] ospf dr-priority 0
[r7-Tunnel0/0/0] nhrp shortcut
[r7-Tunnel0/0/0] nhrp entry 172.16.0.1 34.0.0.3 register
三.OSPF的配置
AR1
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
AR2
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
AR3
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.7.255
[r3-ospf-1-area-0.0.0.1]a 0
[r3-ospf-1-area-0.0.0.0]net
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
AR5
[r5]ospf 1 rout
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
AR6
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]a 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[r6-ospf-1-area-0.0.0.0]a 2
[r6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
AR7
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r7-ospf-1-area-0.0.0.0]a 3
[r7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
AR8
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255
AR9
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9-ospf-1-area-0.0.0.3]a 4
[r9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.3.255
AR10
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]a 4
[r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
AR11
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
AR12
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[r12]rip 1
[r12-rip-1]v 2
[r12-rip-1]network 172.16.0.0
四.在ABR的设备上做域间路由汇总以及ASBR的设备上做域外路由汇总
区域一
[R1]ospf 1
[R1-ospf-l]area 1
[R1-ospf-1-area-0.0.0.1]stub no-summary
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub no-summary
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary
区域二
[R6]ospf 1
[R6-ospf-l]area 2
[R6-ospf-1-area-0.0.0.2] nssa no-summary
[R11]ospf 1
[R11-ospf-l]area 2
[R11-ospf-1-area-0.0.0.2] nssa no-summary[R12]ospf 1
[R12-ospf-l]area 2
[R12-ospf-1-area-0.0.0.2] nssa no-summary
区域三
[R7]ospf 1
[R7-ospf-l]area 3
[R7-ospf-1-area-0.0.0.3] nssa no-summary
[R8]ospf 1
[R8-ospf-l]area 3
[R8-ospf-1-area-0.0.0.3] nssa no-summary
[R9]ospf 1
[R9-ospf-l]area 3
[R9-ospf-1-area-0.0.0.3] nssa no-summary
四.NAT协议的配置
AR3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3]int s 4/0/0
[r3-Serial4/0/0]nat outbound 2000
AR5
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r5]int s4/0/0
[r5-Serial4/0/0]nat outbound 2000
AR6
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6]int s 4/0/0
[r6-Serial4/0/0]nat outbound 2000
AR7
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
五.互相ping通全网可达