shortcut场景DSVPN（OSPF协议）配置

最新推荐文章于 2024-05-09 16:28:40 发布

Qconfig100

最新推荐文章于 2024-05-09 16:28:40 发布

阅读量137

点赞数

分类专栏： ENSP试验汇总文章标签：信息与通信网络网络协议

本文链接：https://blog.csdn.net/qconfig100/article/details/132861473

版权

ENSP试验汇总专栏收录该内容

17 篇文章 0 订阅

订阅专栏

该拓扑中，某大型企业有企业总部（Hub）和多个分公司 (Spoke 1、Spoke 2、Spoke 3、Spoke 4）分布在不同地域，总部和分公司的子网环境经常出现变动，分支采用动态的地址接入公网。计划使用OSPF 路由协议，希望实现分公司和总部之间VPN互联的同时，分公司间也能建立VPN互联。

配置步骤

1、配置各设备接口IP（含隧道接口），Hub和两个Spoke 间的公网路由，采用ospf协议。

2、使用OSPF路由协议通告本地子网和tunnel口的网段，注意要区别与公网路由进程。

3、配置各个设备上的mGRE Tunnel接口与NHRP协议。

具体配置如下：

【Hub】

[Huawei]sysname Hub

[Hub-GigabitEthernet0/0/1]ip address 11.1.1.1 24 //配置Hub公网口ip

[Hub-GigabitEthernet0/0/2]ip address 10.1.1.1 24//配置Hub子网口ip

[Hub]interface Tunnel 0/0/0

[Hub-Tunnel0/0/0]ip address 192.168.1.1 24 //配置隧道口ip

[Hub]ospf 2 //配置Hub连接公网OSPF路由

[Hub-ospf-2]area 1

[Hub-ospf-2-area-0.0.0.1]network 11.1.1.0 0.0.0.255

[Hub]ospf 1 router-id 192.168.1.1 //配置Hub的OSPF路由ID号为mGRE隧道接口IP

[Hub-ospf-1]area 0

[Hub-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 //通告Hub mGRE隧道IP网段。

[Hub-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 //通告Hub 子网IP网段

[Hub-Tunnel0/0/0]tunnel-protocol gre p2mp //配置mGRE隧道协议为 GER p2mp

[Hub-Tunnel0/0/0]source GigabitEthernet 0/0/1 //指定 mGRE隧道源端为Hub公网接口

[Hub-Tunnel0/0/0]nhrp entry multicast dynamic //允许Spoke 在Hub上进行动态注册

[Hub-Tunnel0/0/0]ospf network-type p2mp //配置隧道接口的OSPF 网路类型为P2MP

[Hub-Tunnel0/0/0]ospf dr-priority 100 //配置 mGRE隧道接口DR优先为100 为最高

[Hub-Tunnel0/0/0]nhrp redirect //配置NHRP的重定向功能

【Spoke 1】
[Huawei]sysname Sopke 1

[Sopke 1-GigabitEthernet0/0/1]ip address 12.1.1.1 24

[Sopke 1-GigabitEthernet0/0/2]ip address 10.1.2.1 24

[Sopke 1-Tunnel0/0/0]ip address 192.168.1.2 24

[Sopke 1]ospf 2

[Sopke 1-ospf-2]area 1

[Sopke 1-ospf-2-area-0.0.0.1]network 12.1.1.0 0.0.0.255

[Sopke 1]ospf 1 router-id 192.168.1.2

[Sopke 1-ospf-1]area 0

[Sopke 1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Sopke 1-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[Sopke 1]interface Tunnel 0/0/0

[Sopke 1-Tunnel0/0/0]tunnel-protocol gre p2mp

[Sopke 1-Tunnel0/0/0]source GigabitEthernet 0/0/1

[Sopke 1-Tunnel0/0/0]nhrp entry 192.168.1.1 11.1.1.1 register //配置静态NHRP peer表项并向Hub发起NHRP动态注册。

[Sopke 1-Tunnel0/0/0]ospf network-type p2mp

[Sopke 1-Tunnel0/0/0]ospf dr-priority 0 //配置 mGRE隧道接口DR优先为0

[Sopke 1-Tunnel0/0/0]nhrp shortcut //启用shortcut功能

【Spoke 2】
[Huawei]sysname Sopke 2

[Sopke 2-GigabitEthernet0/0/1]ip address 13.1.1.1 24

[Sopke 2-GigabitEthernet0/0/2]ip address 10.1.3.1 24

[Sopke 2-Tunnel0/0/0]ip address 192.168.1.3 24

[Sopke 2]ospf 2

[Sopke 2-ospf-2]area 1

[Sopke 2-ospf-2-area-0.0.0.1]network 13.1.1.0 0.0.0.255

[Sopke 2]ospf 1 router-id 192.168.1.3

[Sopke 2-ospf-1]area 0

[Sopke 2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Sopke 2-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[Sopke 2]interface Tunnel 0/0/0

[Sopke 2-Tunnel0/0/0]tunnel-protocol gre p2mp

[Sopke 2-Tunnel0/0/0]source GigabitEthernet 0/0/1

[Sopke 2-Tunnel0/0/0]nhrp entry 192.168.1.1 11.1.1.1 register

[Sopke 2-Tunnel0/0/0]ospf network-type p2mp

[Sopke 2-Tunnel0/0/0]ospf dr-priority 0

[Sopke 2-Tunnel0/0/0]nhrp shortcut

【Spoke 3】
[Huawei]sysname Sopke 3

[Sopke 3-GigabitEthernet0/0/1]ip address 14.1.1.1 24

[Sopke 3-GigabitEthernet0/0/2]ip address 10.1.4.1 24

[Sopke 3-Tunnel0/0/0]ip address 192.168.1.4 24

[Sopke 3]ospf 2

[Sopke 3-ospf-2]area 1

[Sopke 3-ospf-2-area-0.0.0.1]network 14.1.1.0 0.0.0.255

[Sopke 3]ospf 1 router-id 192.168.1.4

[Sopke 3-ospf-1]area 0

[Sopke 3-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Sopke 3-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[Sopke 3]interface Tunnel 0/0/0

[Sopke 3-Tunnel0/0/0]tunnel-protocol gre p2mp

[Sopke 3-Tunnel0/0/0]source GigabitEthernet 0/0/1

[Sopke 3-Tunnel0/0/0]nhrp entry 192.168.1.1 11.1.1.1 register

[Sopke 3-Tunnel0/0/0]ospf network-type p2mp

[Sopke 3-Tunnel0/0/0]ospf dr-priority 0

[Sopke 3-Tunnel0/0/0]nhrp shortcut

【Spoke 4】
[Huawei]sysname Sopke 4

[Sopke 4-GigabitEthernet0/0/1]ip address 15.1.1.1 24

[Sopke 4-GigabitEthernet0/0/2]ip address 10.1.5.1 24

[Sopke 4-Tunnel0/0/0]ip address 192.168.1.5 24

[Sopke 4]ospf 2

[Sopke 4-ospf-2]area 1

[Sopke 4-ospf-2-area-0.0.0.1]network 15.1.1.0 0.0.0.255

[Sopke 4]ospf 1 router-id 192.168.1.5

[Sopke 4-ospf-1]area 0

[Sopke 4-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Sopke 4-ospf-1-area-0.0.0.0]network 10.1.5.0 0.0.0.255

[Sopke 4]interface Tunnel 0/0/0

[Sopke 4-Tunnel0/0/0]tunnel-protocol gre p2mp

[Sopke 4-Tunnel0/0/0]source GigabitEthernet 0/0/1

[Sopke 4-Tunnel0/0/0]nhrp entry 192.168.1.1 11.1.1.1 register

[Sopke 4-Tunnel0/0/0]ospf network-type p2mp

[Sopke 4-Tunnel0/0/0]ospf dr-priority 0

[Sopke 4-Tunnel0/0/0]nhrp shortcut

【Internet】

[Huawei]sysname Internet

[Internet-GigabitEthernet0/0/1]ip address 12.1.1.2 24

[Internet-GigabitEthernet0/0/2]ip address 13.1.1.2 24

[Internet-GigabitEthernet0/0/0]ip address 11.1.1.2 24

[Internet-GigabitEthernet4/0/0]ip address 15.1.1.2 24

[Internet-GigabitEthernet4/0/1]ip address 14.1.1.2 24

[Internet]ospf 2

[Internet-ospf-2]area 1

[Internet-ospf-2-area-0.0.0.1]network 12.1.1.0 0.0.0.255

[Internet-ospf-2-area-0.0.0.1]network 13.1.1.0 0.0.0.255

[Internet-ospf-2-area-0.0.0.1]network 14.1.1.0 0.0.0.255

[Internet-ospf-2-area-0.0.0.1]network 15.1.1.0 0.0.0.255

配置验证

<Hub>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.4     32    14.1.1.1        192.168.1.4     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:02:24
Expire time     : 01:58:40
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.2     32    12.1.1.1        192.168.1.2     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:02:12
Expire time     : 01:57:48
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.5     32    15.1.1.1        192.168.1.5     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:55
Expire time     : 01:58:05
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.3     32    13.1.1.1        192.168.1.3     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:45
Expire time     : 01:58:15

Number of nhrp peers: 4

Number of nhrp peers: 1

………………其他Spoke相同省略

以上查看nhrp peer 都已完成建立。

<Hub>display ospf 1 routing

OSPF Process 1 with Router ID 192.168.1.1
Routing Tables

Routing for Network
Destination        Cost Type       NextHop         AdvRouter       Area
10.1.1.0/24        1     Stub       10.1.1.1        192.168.1.1     0.0.0.0
192.168.1.1/32     0     Stub       192.168.1.1     192.168.1.1     0.0.0.0
10.1.2.0/24        1563 Stub       192.168.1.2     192.168.1.2     0.0.0.0
10.1.3.0/24        1563 Stub       192.168.1.3     192.168.1.3     0.0.0.0
10.1.4.0/24        1563 Stub       192.168.1.4     192.168.1.4     0.0.0.0
10.1.5.0/24        1563 Stub       192.168.1.5     192.168.1.5     0.0.0.0
192.168.1.2/32     1562 Stub       192.168.1.2     192.168.1.2     0.0.0.0
192.168.1.3/32     1562 Stub       192.168.1.3     192.168.1.3     0.0.0.0
192.168.1.4/32     1562 Stub       192.168.1.4     192.168.1.4     0.0.0.0
192.168.1.5/32     1562 Stub       192.168.1.5     192.168.1.5     0.0.0.0

Total Nets: 10
Intra Area: 10 Inter Area: 0 ASE: 0 NSSA: 0

<Sopke 1>display ospf 1 routing

OSPF Process 1 with Router ID 192.168.1.2
Routing Tables

Routing for Network
Destination        Cost Type       NextHop         AdvRouter       Area
10.1.2.0/24        1     Stub       10.1.2.1        192.168.1.2     0.0.0.0
192.168.1.2/32     0     Stub       192.168.1.2     192.168.1.2     0.0.0.0
10.1.1.0/24        1563 Stub       192.168.1.1     192.168.1.1     0.0.0.0
10.1.3.0/24        3125 Stub       192.168.1.1     192.168.1.3     0.0.0.0
10.1.4.0/24        3125 Stub       192.168.1.1     192.168.1.4     0.0.0.0
10.1.5.0/24        3125 Stub       192.168.1.1     192.168.1.5     0.0.0.0
192.168.1.1/32     1562 Stub       192.168.1.1     192.168.1.1     0.0.0.0
192.168.1.3/32     3124 Stub       192.168.1.1     192.168.1.3     0.0.0.0
192.168.1.4/32     3124 Stub       192.168.1.1     192.168.1.4     0.0.0.0
192.168.1.5/32     3124 Stub       192.168.1.1     192.168.1.5     0.0.0.0

Total Nets: 10
Intra Area: 10 Inter Area: 0 ASE: 0 NSSA: 0

其他Spoke ……略

以上查看均已学习到其他端的公网和私网路由。

PC2>ping 10.1.3.2（PC3）

Ping 10.1.3.2: 32 data bytes, Press Ctrl_C to break
From 10.1.3.2: bytes=32 seq=1 ttl=125 time=31 ms
From 10.1.3.2: bytes=32 seq=2 ttl=125 time=47 ms
From 10.1.3.2: bytes=32 seq=3 ttl=125 time=31 ms
From 10.1.3.2: bytes=32 seq=4 ttl=125 time=31 ms
From 10.1.3.2: bytes=32 seq=5 ttl=125 time=47 ms

--- 10.1.3.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/37/47 ms

………………………………

<Sopke 1>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.1     32    11.1.1.1        192.168.1.1     static       hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 01:24:13
Expire time     : --
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
10.1.3.2        24    13.1.1.1        192.168.1.3     dynamic      route network
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:02:01
Expire time     : 01:57:59
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.3     32    13.1.1.1        192.168.1.3     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:59
Expire time     : 01:58:01
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
10.1.2.2        24    12.1.1.1        192.168.1.2     dynamic      local
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:59
Expire time     : 01:58:33
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
10.1.4.2        24    14.1.1.1        192.168.1.4     dynamic      route network
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:49
Expire time     : 01:58:11
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.4     32    14.1.1.1        192.168.1.4     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:47
Expire time     : 01:58:13
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
10.1.5.2        24    15.1.1.1        192.168.1.5     dynamic      route network
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:29
Expire time     : 01:58:31
-------------------------------------------------------------------------------
Protocol-addr   Mask NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.5     32    15.1.1.1        192.168.1.5     dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:01:27
Expire time     : 01:58:33

Number of nhrp peers: 8

通过spoke间互ping 发送流量触发相互学习到对方的nhrp peer。

Qconfig100

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
1
评论
shortcut场景DSVPN（OSPF协议）配置

该拓扑中，某大型企业有企业总部（Hub）和多个分公司 (Spoke 1、Spoke 2、Spoke 3、Spoke 4）分布在不同地域，总部和分公司的子网环境经常出现变动，分支采用动态的地址接入公网。计划使用OSPF 路由协议，希望实现分公司和总部之间VPN互联的同时，分公司间也能建立VPN互联。
复制链接

扫一扫