1、实验拓扑

wKioL1X_fWeQyxgSAAG2m4jSikQ208.jpg


2、基础网络配置

R1配置:

ip dhcp excluded-address 16.1.1.1 16.1.1.5

ip dhcp excluded-address 13.1.1.1 13.1.1.2

ip dhcp pool net16

   network 16.1.1.0 255.255.255.0

   default-router 16.1.1.1 

ip dhcp pool net13

   network 13.1.1.0 255.255.255.0

   default-router 13.1.1.1 

interface FastEthernet0/0

 ip address 12.1.1.1 255.255.255.0

interface FastEthernet1/0

 ip address 13.1.1.1 255.255.255.0

interface FastEthernet2/0

 ip address 16.1.1.1 255.255.255.0


R2配置:

interface FastEthernet0/0

 ip address 12.1.1.2 255.255.255.0

interface FastEthernet1/0

 ip address 172.16.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 12.1.1.1


R3配置:

interface FastEthernet0/0

 ip address dhcp

interface FastEthernet1/0

 ip address 192.168.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 13.1.1.1


R4配置:

interface FastEthernet0/0

 ip address 172.16.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.16.1.254


R5配置:

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.254


R6配置:

interface FastEthernet0/0

 ip address dhcp

interface FastEthernet1/0

 ip address 10.1.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 16.1.1.1


R7配置:

interface FastEthernet0/0

 ip address 10.1.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.1.1.254


3、配置Dynamic Multipoint ×××

R2配置:

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0


crypto ipsec transform-set ccie esp-3des esp-sha-hmac 


crypto ipsec profile cisco

 set transform-set ccie 


interface Tunnel2

 bandwidth 1000

 ip address 100.1.1.2 255.255.255.0

 ip mtu 1400

 ip nhrp authentication ccie123

 ip nhrp map multicast dynamic

 ip nhrp network-id 1

 no ip split-horizon eigrp 1

 tunnel source FastEthernet0/0

 tunnel mode gre multipoint

 tunnel key 10000

 tunnel protection ipsec profile cisco


R3配置:

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0


crypto ipsec transform-set ccie esp-3des esp-sha-hmac 


crypto ipsec profile cisco

 set transform-set ccie 


interface Tunnel3

 bandwidth 1000

 ip address 100.1.1.3 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip nhrp authentication ccie123

 ip nhrp map 100.1.1.2 12.1.1.2

 ip nhrp map multicast 12.1.1.2

 ip nhrp network-id 1

 ip nhrp nhs 100.1.1.2

 tunnel source FastEthernet0/0

 tunnel mode gre multipoint

 tunnel key 10000

 tunnel protection ipsec profile cisco


R6配置:

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0


crypto ipsec transform-set ccie esp-3des esp-sha-hmac 


crypto ipsec profile cisco

 set transform-set ccie 


interface Tunnel6

 bandwidth 1000

 ip address 100.1.1.6 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip nhrp authentication ccie123

 ip nhrp map 100.1.1.2 12.1.1.2

 ip nhrp map multicast 12.1.1.2

 ip nhrp network-id 1

 ip nhrp nhs 100.1.1.2

 tunnel source FastEthernet0/0

 tunnel mode gre multipoint

 tunnel key 10000

 tunnel protection ipsec profile cisco


4、配置动态路由协议

R2配置:

router eigrp 1

 network 100.1.1.0 0.0.0.255

 network 172.16.1.0 0.0.0.255

 no auto-summary


R3配置:

router eigrp 1

 network 100.1.1.0 0.0.0.255

 network 192.168.1.0

 no auto-summary


R6配置:

router eigrp 1

 network 10.1.1.0 0.0.0.255

 network 100.1.1.0 0.0.0.255

 no auto-summary


wKioL1YA9kagK1iOAAD6r6e4cvY465.jpg

wKiom1YA9AfzD-iGAAEHfl7Udzc677.jpg


5、spoke-to-spoke tunnel优化路由

R2配置

interface Tunnel2

 no ip next-hop-self eigrp 1


wKioL1YA9vfCiP9rAADW8BvGJF8977.jpg

wKiom1YA9LiQJWxFAADeUnswVDw409.jpg


6、OSPF路由协议测试

R2配置:

R2(config)#no router eigrp 1


R2(config)#router ospf 1

R2(config-router)#network 100.1.1.0 0.0.0.255 area 0

R2(config-router)#network 172.16.1.0 0.0.0.255 area 0


R3配置:

R3(config)#no router eigrp 1


R3(config)#router ospf 1

R3(config-router)#network 192.168.1.0 0.0.0.255 area 0

R3(config-router)#network 100.1.1.0 0.0.0.255 area 0


R6配置:

R6(config)#no router eigrp 1


R6(config)#router ospf 1

R6(config-router)#network 10.1.1.0 0.0.0.255 area 0

R6(config-router)#network 100.1.1.0 0.0.0.255 area 0


此时出现如下情况

*Mar  1 01:03:13.531: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done

R2#

*Mar  1 01:03:23.143: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.155: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.254 on Tunnel2 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.263: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 192.168.1.254

R2#

*Mar  1 01:03:23.427: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done


修改隧道的借口类型

R2配置:

R2(config)#int tunnel 2

R2(config-if)#ip ospf network point-to-multipoint 


R3配置:

R3(config)#int tunnel 3

R3(config-if)#ip ospf network point-to-multipoint


R6配置:

 

R6(config)#int tunnel 6

R6(config-if)#ip ospf network point-to-multipoint 


注:OSPF下无法实现spoke-and-spoke tunnel的通信