0216网络应用

拓扑图：

配置效果：

r1#sh ip rou R1-R2,R3_ipsec *** 效果，重发布 RIP 效果

     10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

O IA    10.0.8.0/24 [110/65] via 10.0.0.18, 00:17:50, Serial0/0

O E1    10.0.9.0/24 [110/264] via 10.0.0.19, 00:17:40, Serial0/0

O E1    10.0.0.12/30 [110/264] via 10.0.0.19, 00:17:40, Serial0/0

O       10.0.2.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O       10.0.3.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O       10.0.0.0/30 [110/3] via 10.0.0.6, 00:17:50, FastEthernet1/0

O       10.0.1.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O IA    10.0.7.0/24 [110/65] via 10.0.0.18, 00:17:50, Serial0/0

O       10.0.4.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

C       10.0.0.4/30 is directly connected, FastEthernet1/0

O       10.0.5.0/24 [110/3] via 10.0.0.6, 00:17:50, FastEthernet1/0

O       10.0.0.18/32 [110/64] via 10.0.0.18, 00:18:00, Serial0/0

O       10.0.0.19/32 [110/64] via 10.0.0.19, 00:18:01, Serial0/0

C       10.0.0.16/29 is directly connected, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:17:41, FastEthernet1/0

r1#sh cry is sa

dst             src             state          conn-id slot

10.0.0.17       10.0.0.19       QM_IDLE              1    0

10.0.0.17       10.0.0.18       QM_IDLE              2    0

r1#sh ip os ne

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

5.5.5.5           0   FULL/  -           -        10.0.0.18       OSPF_VL1

----> 一定要配置虚链路！如果没有配置 R3 还是可以学到 area0 的路由的，但 R1 学习不到 R3 的 area20 的路由！

2.2.2.2           1   FULL/DR         00:00:34    10.0.0.6        FastEthernet1/0

5.5.5.5           0   FULL/  -        00:01:49    10.0.0.18       Serial0/0

4.4.4.4           0   FULL/  -        00:01:33    10.0.0.19       Serial0/0

r1#

r1#

r2#sh ip rou R1-R2_ipsec *** 效果

     10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

O IA    10.0.8.0/24 [110/129] via 10.0.0.17, 00:18:22, Serial0/0

R       10.0.9.0/24 [120/1] via 10.0.0.14, 00:00:26, FastEthernet2/0

C       10.0.0.12/30 is directly connected, FastEthernet2/0

O IA    10.0.2.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.3.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.0.0/30 [110/67] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.1.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.7.0/24 [110/129] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.4.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.0.4/30 [110/65] via 10.0.0.17, 00:18:22, Serial0/0

O IA    10.0.5.0/24 [110/67] via 10.0.0.17, 00:18:22, Serial0/0

O       10.0.0.18/32 [110/128] via 10.0.0.17, 00:18:22, Serial0/0

C       10.0.0.16/29 is directly connected, Serial0/0

O       10.0.0.17/32 [110/64] via 10.0.0.17, 00:18:22, Serial0/0

C    192.168.1.0/24 is directly connected, FastEthernet1/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.17, 00:18:12, Serial0/0

r2#sh cry is sa

dst             src             state          conn-id slot

10.0.0.17       10.0.0.19       QM_IDLE              1    0

r2#sh ip os ne

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

3.3.3.3           0   FULL/  -        00:01:32    10.0.0.17       Serial0/0

r2#

r2#

r3#sh ip rou  R1-R3_ipsec *** 效果， OSPF虚链路效果

---->一定要配置！

     10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

C       10.0.8.0/24 is directly connected, FastEthernet1/0.80

O E1    10.0.9.0/24 [110/328] via 10.0.0.17, 00:18:38, Serial0/0

O E1    10.0.0.12/30 [110/328] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.2.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.3.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.0.0/30 [110/67] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.1.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

C       10.0.7.0/24 is directly connected, FastEthernet1/0.70

O       10.0.4.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.0.4/30 [110/65] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.5.0/24 [110/67] via 10.0.0.17, 00:18:38, Serial0/0

O       10.0.0.19/32 [110/128] via 10.0.0.17, 00:18:48, Serial0/0

C       10.0.0.16/29 is directly connected, Serial0/0

O       10.0.0.17/32 [110/64] via 10.0.0.17, 00:18:48, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.17, 00:18:38, Serial0/0

r3#sh cry is sa

dst             src             state          conn-id slot

10.0.0.17       10.0.0.18       QM_IDLE              1    0

 

r3#sh ip os ne

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

3.3.3.3           0   FULL/  -           -        10.0.0.17       OSPF_VL1

----> 虚链路一定要配置！！！

3.3.3.3           0   FULL/  -        00:01:53    10.0.0.17       Serial0/0

r3#

r9#sh ip rou  重发布 OSPF 效果：

     10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

R       10.0.8.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

C       10.0.9.0/24 is directly connected, Vlan90

C       10.0.0.12/30 is directly connected, FastEthernet0/0

R       10.0.2.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.3.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.0.0/30 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.1.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.7.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.4.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.0.4/30 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.5.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.0.18/32 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R       10.0.0.16/29 [120/1] via 10.0.0.13, 00:00:07, FastEthernet0/0

R       10.0.0.17/32 [120/2] via 10.0.0.13, 00:00:07, FastEthernet0/0

R*   0.0.0.0/0 [120/2] via 10.0.0.13, 00:00:07, FastEthernet0/0

r9#

VPC 测试：

上图是 R1 到 R2,R3 的 ipsec *** 连通效果。

上图是广州分部到外网的 NAT 效果。

上图是总部到外网的 NAT 效果。

下面是分部时间 ACL 的测试：

测试后，上面的顺序反了，是这样：

ti work

per weekda 9:00 to 18:00

r2(config)#acc 130 per udp an an // RIP 所有的消息都是被封装在 UDP 数据报里面的，源和目的端口都设置为 520

r2(config)#acc 130 per ip an 10.0.0.0 0.255.255.255

r2(config)#acc 130 per ip 10.0.9.0 0.0.0.255 an ti work

int f2/0

ip acce 130 in

下面是总部的时间 ACL 测试：

配置参数：

ti work

r5(config)#acc 130 per os an an // 使 R5 可以学习到 OSPF 的路由

r5(config)#acc 130 per ip 10.0.1.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.2.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.3.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.4.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.7.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.8.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.5.0 0.0.0.255 an // 允许服务器网络，用于发布到公网

int f1/0

ip acce 130 in

下面是总部的 PPTP 测试：

转载于:https://blog.51cto.com/4708948/1134299