网络拓扑图
目录
一、IPS-1到IPS-7的BGP配置
1.配置IP地址
IPS-1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface Ethernet0/0
ip address 101.102.0.101 255.255.255.0
interface Ethernet0/3
ip address 101.103.0.101 255.255.255.0
IPS-2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface Ethernet0/0
ip address 101.102.0.102 255.255.255.0
interface Ethernet0/1
ip address 102.103.0.102 255.255.255.0
interface Ethernet0/2
ip address 30.102.0.102 255.255.255.0
IPS-3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface Ethernet0/0
ip address 102.103.0.103 255.255.255.0
interface Ethernet0/1
ip address 30.103.0.103 255.255.255.0
interface Ethernet0/3
ip address 101.103.0.103 255.255.255.0
IPS-4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
interface Ethernet0/0
ip address 201.202.0.201 255.255.255.0
IPS-5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface Ethernet0/0
ip address 30.202.0.202 255.255.255.0
interface Ethernet0/1
ip address 201.202.0.202 255.255.255.0
IPS-6
interface Loopback0
ip address 6.6.6.6 255.255.255.255
interface Ethernet0/0
ip address 30.203.0.203 255.255.255.0
IPS-7
interface Loopback0
ip address 7.7.7.7 255.255.255.255
interface Ethernet0/0
ip address 30.102.0.30 255.255.255.0
interface Ethernet0/1
ip address 30.103.0.30 255.255.255.0
interface Ethernet0/2
ip address 30.202.0.30 255.255.255.0
interface Ethernet0/3
ip address 30.203.0.30 255.255.255.0
2.BGP配置
IPS-1
router bgp 101
bgp router-id 1.1.1.1
network 1.1.1.1 mask 255.255.255.255
network 101.102.0.0 mask 255.255.255.0
network 101.103.0.0 mask 255.255.255.0
neighbor 101.102.0.102 remote-as 102
neighbor 101.103.0.103 remote-as 103
IPS-2
router bgp 102
bgp router-id 2.2.2.2
network 2.2.2.2 mask 255.255.255.255
network 30.102.0.0 mask 255.255.255.0
network 101.102.0.0 mask 255.255.255.0
network 102.103.0.0 mask 255.255.255.0
neighbor 30.102.0.30 remote-as 30
neighbor 101.102.0.101 remote-as 101
neighbor 102.103.0.103 remote-as 103
IPS-3
router bgp 103
bgp router-id 3.3.3.3
network 3.3.3.3 mask 255.255.255.255
network 30.103.0.0 mask 255.255.255.0
network 101.103.0.0 mask 255.255.255.0
network 102.103.0.0 mask 255.255.255.0
neighbor 30.103.0.30 remote-as 30
neighbor 101.103.0.101 remote-as 101
neighbor 102.103.0.102 remote-as 102
IPS-4
router bgp 201
bgp router-id 4.4.4.4
network 4.4.4.4 mask 255.255.255.255
network 201.202.0.0 mask 255.255.255.0
neighbor 201.202.0.202 remote-as 202
IPS-5
router bgp 202
bgp router-id 5.5.5.5
network 5.5.5.5 mask 255.255.255.255
network 30.202.0.0 mask 255.255.255.0
network 201.202.0.0 mask 255.255.255.0
neighbor 30.202.0.30 remote-as 30
neighbor 201.202.0.201 remote-as 201
IPS-6
router bgp 203
bgp router-id 6.6.6.6
network 6.6.6.6 mask 255.255.255.255
network 30.203.0.0 mask 255.255.255.0
neighbor 30.203.0.30 remote-as 30
IPS-7
router bgp 30
bgp router-id 7.7.7.7
network 7.7.7.7 mask 255.255.255.255
network 30.102.0.0 mask 255.255.255.0
network 30.103.0.0 mask 255.255.255.0
network 30.202.0.0 mask 255.255.255.0
network 30.203.0.0 mask 255.255.255.0
neighbor 30.102.0.102 remote-as 102
neighbor 30.103.0.103 remote-as 103
neighbor 30.202.0.202 remote-as 202
neighbor 30.203.0.203 remote-as 203
3.查看
查看IPS-7的各类信息,其他命令一样
1.查看邻居状态
IPS-7#show ip bgp summary
BGP router identifier 7.7.7.7, local AS number 30
BGP table version is 30, main routing table version 30
29 network entries using 4060 bytes of memory
46 path entries using 3680 bytes of memory
10/7 BGP path/bestpath attribute entries using 1440 bytes of memory
9 BGP AS-PATH entries using 216 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 9396 total bytes of memory
BGP activity 29/0 prefixes, 46/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
30.102.0.102 4 102 45 45 30 0 0 00:33:45 13
30.103.0.103 4 103 46 46 30 0 0 00:33:47 13
30.202.0.202 4 202 46 46 30 0 0 00:33:42 9
30.203.0.203 4 203 40 46 30 0 0 00:33:37 4
2.查看路由
IPS-7#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 30, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 30.102.0.102 0 102 101 i
*> 30.103.0.103 0 103 101 i
* 2.2.2.2/32 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
* 3.3.3.3/32 30.102.0.102 0 102 103 i
*> 30.103.0.103 0 0 103 i
*> 4.4.4.4/32 30.202.0.202 0 202 201 i
*> 5.5.5.5/32 30.202.0.202 0 0 202 i
*> 6.6.6.6/32 30.203.0.203 0 0 203 i
*> 7.7.7.7/32 0.0.0.0 0 32768 i
* 21.101.0.0/24 30.102.0.102 0 102 101 i
*> 30.103.0.103 0 103 101 i
* 22.102.0.0/24 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
*> 25.201.0.0/24 30.202.0.202 0 202 201 i
*> 26.202.0.0/24 30.202.0.202 0 0 202 i
* 30.102.0.0/24 30.103.0.103 0 103 102 i
* 30.102.0.102 0 0 102 i
*> 0.0.0.0 0 32768 i
* 30.103.0.0/24 30.102.0.102 0 102 103 i
* 30.103.0.103 0 0 103 i
*> 0.0.0.0 0 32768 i
* 30.202.0.0/24 30.202.0.202 0 0 202 i
*> 0.0.0.0 0 32768 i
* 30.203.0.0/24 30.203.0.203 0 0 203 i
*> 0.0.0.0 0 32768 i
* 31.101.0.0/24 30.102.0.102 0 102 101 i
*> 30.103.0.103 0 103 101 i
*> 32.30.0.0/24 0.0.0.0 0 32768 i
* 32.102.0.0/24 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
*> 33.201.0.0/24 30.202.0.202 0 202 201 i
*> 34.30.0.0/24 0.0.0.0 0 32768 i
*> 34.202.0.0/24 30.202.0.202 0 0 202 i
* 41.103.0.0/24 30.102.0.102 0 102 103 i
*> 30.103.0.103 0 0 103 i
*> 42.203.0.0/24 30.203.0.203 0 0 203 i
*> 43.203.0.0/24 30.203.0.203 0 0 203 i
*> 51.201.0.0/24 30.202.0.202 0 202 201 i
* 101.102.0.0/24 30.103.0.103 0 103 101 i
*> 30.102.0.102 0 0 102 i
* 101.103.0.0/24 30.102.0.102 0 102 101 i
*> 30.103.0.103 0 0 103 i
* 102.103.0.0/24 30.103.0.103 0 0 103 i
*> 30.102.0.102 0 0 102 i
*> 201.202.0.0 30.202.0.202 0 0 202 i
二、与IPS1-7连接路由器配置BGP接入网络
1.配置地址以及BGP
R11
interface Loopback0
ip address 11.11.11.11 255.255.255.255
interface Ethernet0/0
ip address 11.21.0.11 255.255.255.0
interface Ethernet0/3
ip address 11.22.0.11 255.255.255.0
router bgp 1
bgp router-id 11.11.11.11
network 11.11.11.11 mask 255.255.255.255
network 11.21.0.0 mask 255.255.255.0
network 11.22.0.0 mask 255.255.255.0
neighbor 11.21.0.21 remote-as 2
neighbor 11.22.0.22 remote-as 2
R21
interface Loopback0
ip address 21.21.21.21 255.255.255.255
interface Ethernet0/2
ip address 21.101.0.21 255.255.255.0
interface Ethernet0/3
ip address 11.21.0.21 255.255.255.0
router bgp 2
bgp router-id 21.21.21.21
network 11.21.0.0 mask 255.255.255.0
network 21.21.21.21 mask 255.255.255.255
network 21.101.0.0 mask 255.255.255.0
neighbor 11.21.0.11 remote-as 1
neighbor 21.101.0.101 remote-as 101
R22
interface Loopback0
ip address 22.22.22.22 255.255.255.255
interface Ethernet0/2
ip address 22.102.0.22 255.255.255.0
interface Ethernet0/3
ip address 11.22.0.22 255.255.255.0
router bgp 2
network 11.22.0.0 mask 255.255.255.0
network 22.22.22.22 mask 255.255.255.255
network 22.102.0.0 mask 255.255.255.0
neighbor 11.22.0.11 remote-as 1
neighbor 22.102.0.102 remote-as 102
R25
interface Loopback0
ip address 25.25.25.25 255.255.255.255
interface Ethernet0/2
ip address 25.201.0.25 255.255.255.0
router bgp 2
bgp log-neighbor-changes
network 25.25.25.25 mask 255.255.255.255
network 25.201.0.0 mask 255.255.255.0
neighbor 25.201.0.201 remote-as 201
R26
interface Loopback0
ip address 26.26.26.26 255.255.255.255
interface Ethernet0/2
ip address 26.202.0.26 255.255.255.0
router bgp 2
network 26.26.26.26 mask 255.255.255.255
network 26.202.0.0 mask 255.255.255.0
neighbor 26.202.0.202 remote-as 202
R31
interface Loopback0
ip address 31.31.31.31 255.255.255.255
interface Ethernet0/2
ip address 31.101.0.31 255.255.255.0
router bgp 3
bgp router-id 31.31.31.31
network 31.31.31.31 mask 255.255.255.255
network 31.101.0.0 mask 255.255.255.0
neighbor 31.101.0.101 remote-as 101
R32
interface Loopback0
ip address 32.32.32.32 255.255.255.255
interface Ethernet0/2
ip address 32.30.0.32 255.255.255.0
interface Ethernet0/3
ip address 32.102.0.32 255.255.255.0
router bgp 3
bgp router-id 32.32.32.32
network 32.30.0.0 mask 255.255.255.0
network 32.32.32.32 mask 255.255.255.255
network 32.102.0.0 mask 255.255.255.0
neighbor 32.30.0.30 remote-as 30
neighbor 32.102.0.102 remote-as 102
R33
interface Loopback0
ip address 33.33.33.33 255.255.255.255
interface Ethernet0/2
ip address 33.201.0.33 255.255.255.0
Vrouter bgp 3
network 33.33.33.33 mask 255.255.255.255
network 33.201.0.0 mask 255.255.255.0
neighbor 33.201.0.201 remote-as 201
R34
interface Loopback0
ip address 34.34.34.34 255.255.255.255
interface Ethernet0/2
ip address 34.30.0.34 255.255.255.0
interface Ethernet0/3
ip address 34.202.0.34 255.255.255.0
router bgp 3
network 34.30.0.0 mask 255.255.255.0
network 34.34.34.34 mask 255.255.255.255
network 34.202.0.0 mask 255.255.255.0
neighbor 34.30.0.30 remote-as 30
neighbor 34.202.0.202 remote-as 202
R41
interface Loopback0
ip address 41.41.41.41 255.255.255.255
interface Ethernet0/2
ip address 41.103.0.41 255.255.255.0
router bgp 4
network 41.41.41.41 mask 255.255.255.255
network 41.103.0.0 mask 255.255.255.0
neighbor 41.103.0.103 remote-as 103
R42
interface Loopback0
ip address 42.42.42.42 255.255.255.255
interface Ethernet0/2
ip address 42.203.0.42 255.255.255.0
router bgp 4
network 42.42.42.42 mask 255.255.255.255
network 42.203.0.0 mask 255.255.255.0
neighbor 42.203.0.203 remote-as 203
R43
interface Loopback0
ip address 43.43.43.43 255.255.255.255
interface Ethernet0/2
ip address 43.203.0.43 255.255.255.0
router bgp 4
network 43.43.43.43 mask 255.255.255.255
network 43.203.0.0 mask 255.255.255.0
neighbor 43.203.0.203 remote-as 203
R51
interface Loopback0
ip address 51.51.51.51 255.255.255.255
interface Ethernet0/0
ip address 51.201.0.51 255.255.255.0
router bgp 5
network 51.51.51.51 mask 255.255.255.255
network 51.201.0.0 mask 255.255.255.0
neighbor 51.201.0.201 remote-as 201
R52
interface Loopback0
ip address 52.52.52.52 255.255.255.255
interface Serial2/0
ip address 52.201.0.52 255.255.255.0
interface Serial2/1
ip address 52.202.0.52 255.255.255.0
router bgp 5
network 52.52.52.52 mask 255.255.255.255
network 52.201.0.0 mask 255.255.255.0
network 52.202.0.0 mask 255.255.255.0
neighbor 52.201.0.201 remote-as 201
neighbor 52.202.0.202 remote-as 202
R53
interface Loopback0
ip address 53.53.53.53 255.255.255.255
interface Ethernet0/0
ip address 53.202.0.53 255.255.255.0
router bgp 5
network 53.53.53.53 mask 255.255.255.255
network 53.202.0.0 mask 255.255.255.0
neighbor 53.202.0.202 remote-as 202
R61
interface Loopback0
ip address 61.61.61.61 255.255.255.255
interface Serial2/0
ip address 61.203.0.61 255.255.255.0
router bgp 6
bgp router-id 61.61.61.61
network 61.61.61.61 mask 255.255.255.255
network 61.203.0.0 mask 255.255.255.0
neighbor 61.203.0.203 remote-as 203
R62
interface Loopback0
ip address 62.62.62.62 255.255.255.255
interface Serial2/0
ip address 62.203.0.62 255.255.255.0
router bgp 6
bgp log-neighbor-changes
network 62.62.62.62 mask 255.255.255.255
network 62.203.0.0 mask 255.255.255.0
neighbor 62.203.0.203 remote-as 203
IPS-1 到7 配置地址,与对端路由器建立BGP邻居关系,宣告网络。
2.查看路由
IPS-7#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 54, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 30.103.0.103 0 103 101 i
* 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 2.2.2.2/32 30.103.0.103 0 103 102 i
* 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
*> 3.3.3.3/32 30.103.0.103 0 0 103 i
* 32.30.0.32 0 3 102 103 i
* 30.102.0.102 0 102 103 i
* 4.4.4.4/32 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 5.5.5.5/32 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
*> 6.6.6.6/32 30.203.0.203 0 0 203 i
*> 7.7.7.7/32 0.0.0.0 0 32768 i
* 11.11.11.11/32 30.103.0.103 0 103 102 2 1 i
* 32.30.0.32 0 3 102 2 1 i
*> 30.102.0.102 0 102 2 1 i
* 11.21.0.0/24 30.103.0.103 0 103 101 2 i
* 32.30.0.32 0 3 102 101 2 i
*> 30.102.0.102 0 102 101 2 i
* 11.22.0.0/24 30.103.0.103 0 103 102 2 i
* 32.30.0.32 0 3 102 2 i
*> 30.102.0.102 0 102 2 i
* 21.21.21.21/32 30.103.0.103 0 103 101 2 i
* 32.30.0.32 0 3 102 101 2 i
*> 30.102.0.102 0 102 101 2 i
* 21.101.0.0/24 30.103.0.103 0 103 101 i
* 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 22.22.22.22/32 30.103.0.103 0 103 102 2 i
* 32.30.0.32 0 3 102 2 i
*> 30.102.0.102 0 102 2 i
* 22.102.0.0/24 30.103.0.103 0 103 102 i
* 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
* 25.25.25.25/32 34.30.0.34 0 3 202 201 2 i
*> 30.202.0.202 0 202 201 2 i
* 25.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 26.26.26.26/32 34.30.0.34 0 3 202 2 i
*> 30.202.0.202 0 202 2 i
* 26.202.0.0/24 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
* 30.102.0.0/24 30.103.0.103 0 103 102 i
* 32.30.0.32 0 3 102 i
* 30.102.0.102 0 0 102 i
*> 0.0.0.0 0 32768 i
* 30.103.0.0/24 30.103.0.103 0 0 103 i
* 30.102.0.102 0 102 103 i
*> 0.0.0.0 0 32768 i
* 30.202.0.0/24 34.30.0.34 0 3 202 i
* 30.202.0.202 0 0 202 i
*> 0.0.0.0 0 32768 i
* 30.203.0.0/24 30.203.0.203 0 0 203 i
*> 0.0.0.0 0 32768 i
* 31.31.31.31/32 30.103.0.103 0 103 101 3 i
*> 30.102.0.102 0 102 101 3 i
* 31.101.0.0/24 30.103.0.103 0 103 101 i
* 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 32.30.0.0/24 32.30.0.32 0 0 3 i
* 30.102.0.102 0 102 3 i
*> 0.0.0.0 0 32768 i
* 32.32.32.32/32 30.103.0.103 0 103 102 3 i
*> 32.30.0.32 0 0 3 i
* 30.102.0.102 0 102 3 i
* 32.102.0.0/24 30.103.0.103 0 103 102 i
* 32.30.0.32 0 0 3 i
*> 30.102.0.102 0 0 102 i
*> 33.33.33.33/32 30.202.0.202 0 202 201 3 i
* 33.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 34.30.0.0/24 34.30.0.34 0 0 3 i
* 30.202.0.202 0 202 3 i
*> 0.0.0.0 0 32768 i
*> 34.34.34.34/32 34.30.0.34 0 0 3 i
* 30.202.0.202 0 202 3 i
* 34.202.0.0/24 34.30.0.34 0 0 3 i
*> 30.202.0.202 0 0 202 i
*> 41.41.41.41/32 30.103.0.103 0 103 4 i
* 32.30.0.32 0 3 102 103 4 i
* 30.102.0.102 0 102 103 4 i
*> 41.103.0.0/24 30.103.0.103 0 0 103 i
* 32.30.0.32 0 3 102 103 i
* 30.102.0.102 0 102 103 i
*> 42.42.42.42/32 30.203.0.203 0 203 4 i
*> 42.203.0.0/24 30.203.0.203 0 0 203 i
*> 43.43.43.43/32 30.203.0.203 0 203 4 i
*> 43.203.0.0/24 30.203.0.203 0 0 203 i
* 51.51.51.51/32 34.30.0.34 0 3 202 201 5 i
*> 30.202.0.202 0 202 201 5 i
* 51.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 52.52.52.52/32 34.30.0.34 0 3 202 5 i
*> 30.202.0.202 0 202 5 i
* 52.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 52.202.0.0/24 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
* 53.53.53.53/32 34.30.0.34 0 3 202 5 i
*> 30.202.0.202 0 202 5 i
* 53.202.0.0/24 34.30.0.34 0 3 202 5 i
*> 30.202.0.202 0 202 5 i
*> 61.61.61.61/32 30.203.0.203 0 203 6 i
*> 61.203.0.0/24 30.203.0.203 0 0 203 i
*> 62.62.62.62/32 30.203.0.203 0 203 6 i
*> 62.203.0.0/24 30.203.0.203 0 0 203 i
* 101.102.0.0/24 30.103.0.103 0 103 101 i
* 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
*> 101.103.0.0/24 30.103.0.103 0 0 103 i
* 32.30.0.32 0 3 102 101 i
* 30.102.0.102 0 102 101 i
* 102.103.0.0/24 30.103.0.103 0 0 103 i
* 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
* 201.202.0.0 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: MVPNv4 Unicast
IPS-7#
三、OSPF配置
1.配置
R21、R22、R23、R24、R25、R26、R27之前启用OSPF协议
R21
interface Ethernet0/0
ip address 21.22.0.21 255.255.255.0
interface Ethernet0/1
ip address 21.23.0.21 255.255.255.0
router ospf 2
router-id 21.21.21.21
network 21.21.21.21 0.0.0.0 area 0
network 21.22.0.0 0.0.0.255 area 0
network 21.23.0.0 0.0.0.255 area 0
R22
interface Ethernet0/0
ip address 21.22.0.22 255.255.255.0
interface Ethernet0/1
ip address 22.24.0.22 255.255.255.0
router ospf 2
router-id 22.22.22.22
network 21.22.0.0 0.0.0.255 area 0
network 22.22.22.22 0.0.0.0 area 0
network 22.24.0.0 0.0.0.255 area 0
R23
interface Loopback0
ip address 23.23.23.23 255.255.255.255
interface Ethernet0/0
ip address 27.23.0.23 255.255.255.0
interface Ethernet0/1
ip address 23.25.0.23 255.255.255.0
interface Ethernet0/2
ip address 21.23.0.23 255.255.255.0
router ospf 2
router-id 23.23.23.23
network 21.23.0.0 0.0.0.255 area 0
network 23.23.23.23 0.0.0.0 area 0
network 23.25.0.0 0.0.0.255 area 0
network 27.23.0.0 0.0.0.255 area 0
R24
interface Loopback0
ip address 24.24.24.24 255.255.255.255
interface Ethernet0/0
ip address 27.24.0.24 255.255.255.0
interface Ethernet0/1
ip address 24.26.0.24 255.255.255.0
interface Ethernet0/2
ip address 22.24.0.24 255.255.255.0
router ospf 2
router-id 24.24.24.24
network 22.24.0.0 0.0.0.255 area 0
network 24.24.24.24 0.0.0.0 area 0
network 24.26.0.0 0.0.0.255 area 0
network 27.24.0.0 0.0.0.255 area 0
R25
interface Ethernet0/0
ip address 25.26.0.25 255.255.255.0
interface Ethernet0/1
ip address 23.25.0.25 255.255.255.0
router ospf 2
router-id 25.25.25.25
network 23.25.0.0 0.0.0.255 area 0
network 25.25.25.25 0.0.0.0 area 0
network 25.26.0.0 0.0.0.255 area 0
R26
interface Ethernet0/0
ip address 25.26.0.26 255.255.255.0
interface Ethernet0/1
ip address 24.26.0.26 255.255.255.0
router ospf 2
router-id 26.26.26.26
network 24.26.0.0 0.0.0.255 area 0
network 25.26.0.0 0.0.0.255 area 0
network 26.26.26.26 0.0.0.0 area 0
R27
interface Loopback0
ip address 27.27.27.27 255.255.255.255
interface Ethernet0/0
ip address 27.23.0.27 255.255.255.0
interface Ethernet0/1
ip address 27.24.0.27 255.255.255.0
router ospf 2
router-id 27.27.27.27
network 27.23.0.0 0.0.0.255 area 0
network 27.24.0.0 0.0.0.255 area 0
network 27.27.27.27 0.0.0.0 area 0
2.查看邻居
R27# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
24.24.24.24 1 FULL/BDR 00:00:35 27.24.0.24 Ethernet0/1
23.23.23.23 1 FULL/BDR 00:00:37 27.23.0.23 Ethernet0/0
3.查看路由
R27#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
21.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 21.21.21.21/32 [110/21] via 27.23.0.23, 00:10:10, Ethernet0/0
O 21.22.0.0/24 [110/30] via 27.24.0.24, 00:10:10, Ethernet0/1
[110/30] via 27.23.0.23, 00:10:10, Ethernet0/0
O 21.23.0.0/24 [110/20] via 27.23.0.23, 00:10:10, Ethernet0/0
22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 22.22.22.22/32 [110/21] via 27.24.0.24, 00:10:10, Ethernet0/1
O 22.24.0.0/24 [110/20] via 27.24.0.24, 00:10:10, Ethernet0/1
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 23.23.23.23/32 [110/11] via 27.23.0.23, 00:10:10, Ethernet0/0
O 23.25.0.0/24 [110/20] via 27.23.0.23, 00:10:10, Ethernet0/0
24.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 24.24.24.24/32 [110/11] via 27.24.0.24, 00:10:10, Ethernet0/1
O 24.26.0.0/24 [110/20] via 27.24.0.24, 00:10:10, Ethernet0/1
25.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 25.25.25.25/32 [110/21] via 27.23.0.23, 00:10:10, Ethernet0/0
O 25.26.0.0/24 [110/30] via 27.24.0.24, 00:10:00, Ethernet0/1
[110/30] via 27.23.0.23, 00:10:00, Ethernet0/0
26.0.0.0/32 is subnetted, 1 subnets
O 26.26.26.26 [110/21] via 27.24.0.24, 00:10:00, Ethernet0/1
四、EIGRP配置
1.配置
R31、R32、R33、R43之间启用EIGRP协议
R31
interface Ethernet0/0
ip address 31.32.0.31 255.255.255.0
interface Ethernet0/1
ip address 31.33.0.31 255.255.255.0
router eigrp 3
network 31.31.31.31 0.0.0.0
network 31.32.0.0 0.0.0.255
network 31.33.0.0 0.0.0.255
R32
interface Ethernet0/0
ip address 31.32.0.32 255.255.255.0
interface Ethernet0/1
ip address 32.34.0.32 255.255.255.0
router eigrp 3
network 31.32.0.0 0.0.0.255
network 32.32.32.32 0.0.0.0
network 32.34.0.0 0.0.0.255
R33
interface Ethernet0/0
ip address 33.34.0.33 255.255.255.0
interface Ethernet0/1
ip address 31.33.0.33 255.255.255.0
router eigrp 3
network 31.33.0.0 0.0.0.255
network 33.33.33.33 0.0.0.0
network 33.34.0.0 0.0.0.255
R34
interface Ethernet0/0
ip address 33.34.0.34 255.255.255.0
interface Ethernet0/1
ip address 32.34.0.34 255.255.255.0
router eigrp 3
network 32.34.0.0 0.0.0.255
network 33.34.0.0 0.0.0.255
network 34.34.34.34 0.0.0.0
2.查看邻居
R31#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(3)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 31.33.0.33 Et0/1 10 00:04:54 1599 5000 0 7
0 31.32.0.32 Et0/0 13 00:04:54 1 100 0 8
3.查看路由
R31#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
32.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 32.32.32.32/32 [90/409600] via 31.32.0.32, 00:05:11, Ethernet0/0
D 32.34.0.0/24 [90/307200] via 31.32.0.32, 00:05:14, Ethernet0/0
33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 33.33.33.33/32 [90/409600] via 31.33.0.33, 00:05:13, Ethernet0/1
D 33.34.0.0/24 [90/307200] via 31.33.0.33, 00:05:15, Ethernet0/1
34.0.0.0/32 is subnetted, 1 subnets
D 34.34.34.34 [90/435200] via 31.33.0.33, 00:05:14, Ethernet0/1
[90/435200] via 31.32.0.32, 00:05:14, Ethernet0/0
五、引入路由
1.BGP引入OSPF
R21、R22、R25、R26
router bgp 2
redistribute ospf 2
2.BGP引入EIGRP
R31、R32、R33、R34
router bgp 3
redistribute eigrp 3
3.OSPF引入BGP
R21
router ospf 2
redistribute bgp 2 metric-type 1 subnets tag 101
R22
router ospf 2
redistribute bgp 2 metric-type 1 subnets tag 102
R25
router ospf 2
redistribute bgp 2 metric-type 1 subnets tag 201
R26
router ospf 2
redistribute bgp 2 metric-type 1 subnets tag 201
4.EIGRP 引入BGP
router eigrp 3
redistribute bgp 3 metric 10000 1000 255 1 1500
5.查看路由
IPS-7
IPS-7#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 77, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 30.103.0.103 0 103 101 i
* 2.2.2.2/32 32.30.0.32 0 3 102 i
* 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
* 3.3.3.3/32 32.30.0.32 0 3 102 103 i
* 30.102.0.102 0 102 103 i
*> 30.103.0.103 0 0 103 i
* 4.4.4.4/32 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 5.5.5.5/32 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
Network Next Hop Metric LocPrf Weight Path
*> 6.6.6.6/32 30.203.0.203 0 0 203 i
*> 7.7.7.7/32 0.0.0.0 0 32768 i
* 11.11.11.11/32 32.30.0.32 0 3 102 2 1 i
*> 30.102.0.102 0 102 2 1 i
* 30.103.0.103 0 103 101 2 1 i
* 11.21.0.0/24 32.30.0.32 0 3 102 101 2 i
* 30.102.0.102 0 102 101 2 i
*> 30.103.0.103 0 103 101 2 i
* 11.22.0.0/24 32.30.0.32 0 3 102 2 i
*> 30.102.0.102 0 102 2 i
* 30.103.0.103 0 103 102 2 i
* 21.21.21.21/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 i
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 21.22.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 21.23.0.0/24 32.30.0.32 0 3 102 2 ?
Network Next Hop Metric LocPrf Weight Path
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 21.101.0.0/24 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 30.103.0.103 0 103 101 i
* 22.22.22.22/32 32.30.0.32 0 3 102 2 i
*> 30.102.0.102 0 102 2 i
* 30.103.0.103 0 103 102 2 i
* 34.30.0.34 0 3 202 2 ?
* 30.202.0.202 0 202 2 ?
* 22.24.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 22.102.0.0/24 32.30.0.32 0 3 102 i
* 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
* 23.23.23.23/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
Network Next Hop Metric LocPrf Weight Path
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 23.25.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 24.24.24.24/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 24.26.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 25.25.25.25/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
Network Next Hop Metric LocPrf Weight Path
*> 30.202.0.202 0 202 2 ?
* 25.26.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 25.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 26.26.26.26/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 i
*> 30.202.0.202 0 202 2 i
* 26.202.0.0/24 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
* 27.23.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 27.24.0.0/24 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
Network Next Hop Metric LocPrf Weight Path
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 27.27.27.27/32 32.30.0.32 0 3 102 2 ?
* 30.102.0.102 0 102 2 ?
* 30.103.0.103 0 103 101 2 ?
* 34.30.0.34 0 3 202 2 ?
*> 30.202.0.202 0 202 2 ?
* 30.102.0.0/24 32.30.0.32 0 3 102 i
* 30.103.0.103 0 103 102 i
* 30.102.0.102 0 0 102 i
*> 0.0.0.0 0 32768 i
* 30.103.0.0/24 30.102.0.102 0 102 103 i
* 30.103.0.103 0 0 103 i
*> 0.0.0.0 0 32768 i
* 30.202.0.0/24 30.202.0.202 0 0 202 i
*> 0.0.0.0 0 32768 i
* 30.203.0.0/24 30.203.0.203 0 0 203 i
*> 0.0.0.0 0 32768 i
* 31.31.31.31/32 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
*> 32.30.0.32 409600 0 3 ?
Network Next Hop Metric LocPrf Weight Path
* 30.103.0.103 0 103 101 3 i
* 34.30.0.34 435200 0 3 ?
* 31.32.0.0/24 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
*> 32.30.0.32 0 0 3 ?
* 30.103.0.103 0 103 101 3 ?
* 34.30.0.34 307200 0 3 ?
* 31.33.0.0/24 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
*> 32.30.0.32 307200 0 3 ?
* 30.103.0.103 0 103 101 3 ?
* 34.30.0.34 307200 0 3 ?
* 31.101.0.0/24 32.30.0.32 0 3 102 101 i
*> 30.102.0.102 0 102 101 i
* 30.103.0.103 0 103 101 i
* 32.30.0.0/24 30.102.0.102 0 102 3 i
* 32.30.0.32 0 0 3 i
*> 0.0.0.0 0 32768 i
* 32.32.32.32/32 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 i
*> 32.30.0.32 0 0 3 i
* 30.103.0.103 0 103 102 3 i
Network Next Hop Metric LocPrf Weight Path
* 34.30.0.34 409600 0 3 ?
* 32.34.0.0/24 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
*> 32.30.0.32 0 0 3 ?
* 30.103.0.103 0 103 101 3 ?
* 34.30.0.34 0 0 3 ?
* 32.102.0.0/24 30.103.0.103 0 103 102 i
*> 30.102.0.102 0 0 102 i
* 32.30.0.32 0 0 3 i
* 33.33.33.33/32 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
* 32.30.0.32 435200 0 3 ?
* 30.103.0.103 0 103 101 3 ?
*> 34.30.0.34 409600 0 3 ?
* 33.34.0.0/24 30.202.0.202 0 202 3 ?
* 30.102.0.102 0 102 3 ?
* 32.30.0.32 307200 0 3 ?
* 30.103.0.103 0 103 101 3 ?
*> 34.30.0.34 0 0 3 ?
* 33.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 34.30.0.0/24 34.30.0.34 0 0 3 i
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0 32768 i
* 34.34.34.34/32 30.202.0.202 0 202 3 i
* 30.102.0.102 0 102 3 ?
* 32.30.0.32 409600 0 3 ?
*> 34.30.0.34 0 0 3 i
* 34.202.0.0/24 30.202.0.202 0 0 202 i
*> 34.30.0.34 0 0 3 i
* 41.41.41.41/32 32.30.0.32 0 3 102 103 4 i
* 30.102.0.102 0 102 103 4 i
*> 30.103.0.103 0 103 4 i
* 41.42.0.0/24 32.30.0.32 0 3 102 103 4 ?
* 30.203.0.203 0 203 4 ?
* 30.102.0.102 0 102 103 4 ?
*> 30.103.0.103 0 103 4 ?
* 41.43.0.0/24 32.30.0.32 0 3 102 103 4 ?
* 30.203.0.203 0 203 4 ?
* 30.102.0.102 0 102 103 4 ?
*> 30.103.0.103 0 103 4 ?
* 41.103.0.0/24 32.30.0.32 0 3 102 103 i
* 30.102.0.102 0 102 103 i
*> 30.103.0.103 0 0 103 i
*> 42.42.42.42/32 30.203.0.203 0 203 4 i
Network Next Hop Metric LocPrf Weight Path
* 30.102.0.102 0 102 103 4 ?
* 30.103.0.103 0 103 4 ?
* 42.43.0.0/24 32.30.0.32 0 3 102 103 4 ?
* 30.203.0.203 0 203 4 ?
* 30.102.0.102 0 102 103 4 ?
*> 30.103.0.103 0 103 4 ?
*> 42.203.0.0/24 30.203.0.203 0 0 203 i
*> 43.43.43.43/32 30.203.0.203 0 203 4 i
* 30.102.0.102 0 102 103 4 ?
* 30.103.0.103 0 103 4 ?
*> 43.203.0.0/24 30.203.0.203 0 0 203 i
* 51.51.51.51/32 34.30.0.34 0 3 202 201 5 i
*> 30.202.0.202 0 202 201 5 i
* 51.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 52.52.52.52/32 34.30.0.34 0 3 202 5 i
*> 30.202.0.202 0 202 5 i
* 52.201.0.0/24 34.30.0.34 0 3 202 201 i
*> 30.202.0.202 0 202 201 i
* 52.202.0.0/24 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
* 53.53.53.53/32 34.30.0.34 0 3 202 5 i
Network Next Hop Metric LocPrf Weight Path
*> 30.202.0.202 0 202 5 i
* 53.202.0.0/24 34.30.0.34 0 3 202 5 i
*> 30.202.0.202 0 202 5 i
*> 61.61.61.61/32 30.203.0.203 0 203 6 i
*> 61.203.0.0/24 30.203.0.203 0 0 203 i
*> 62.62.62.62/32 30.203.0.203 0 203 6 i
*> 62.203.0.0/24 30.203.0.203 0 0 203 i
* 101.102.0.0/24 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
* 30.103.0.103 0 103 101 i
* 101.103.0.0/24 32.30.0.32 0 3 102 101 i
* 30.102.0.102 0 102 101 i
*> 30.103.0.103 0 0 103 i
* 102.103.0.0/24 32.30.0.32 0 3 102 i
*> 30.102.0.102 0 0 102 i
* 30.103.0.103 0 0 103 i
* 201.202.0.0 34.30.0.34 0 3 202 i
*> 30.202.0.202 0 0 202 i
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: MVPNv4 Unicast
R27
R27#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E1 1.1.1.1 [110/21] via 27.24.0.24, 00:00:26, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:26, Ethernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O E1 2.2.2.2 [110/21] via 27.24.0.24, 00:00:26, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:26, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O E1 3.3.3.3 [110/21] via 27.24.0.24, 00:00:26, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:26, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O E1 4.4.4.4 [110/21] via 27.24.0.24, 00:00:26, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:26, Ethernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O E1 5.5.5.5 [110/21] via 27.24.0.24, 00:00:28, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:28, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
O E1 6.6.6.6 [110/21] via 27.24.0.24, 00:00:28, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:28, Ethernet0/0
7.0.0.0/32 is subnetted, 1 subnets
O E1 7.7.7.7 [110/21] via 27.24.0.24, 00:00:28, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:28, Ethernet0/0
11.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E1 11.11.11.11/32 [110/21] via 27.24.0.24, 00:00:22, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:22, Ethernet0/0
O E1 11.21.0.0/24 [110/21] via 27.24.0.24, 00:00:22, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:22, Ethernet0/0
O E1 11.22.0.0/24 [110/21] via 27.24.0.24, 00:00:22, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:22, Ethernet0/0
21.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 21.21.21.21/32 [110/21] via 27.23.0.23, 10:43:44, Ethernet0/0
O 21.22.0.0/24 [110/30] via 27.24.0.24, 10:43:44, Ethernet0/1
[110/30] via 27.23.0.23, 10:43:44, Ethernet0/0
O 21.23.0.0/24 [110/20] via 27.23.0.23, 10:43:44, Ethernet0/0
O E1 21.101.0.0/24 [110/21] via 27.24.0.24, 00:00:28, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:28, Ethernet0/0
22.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 22.22.22.22/32 [110/21] via 27.24.0.24, 10:43:45, Ethernet0/1
O 22.24.0.0/24 [110/20] via 27.24.0.24, 10:43:55, Ethernet0/1
O E1 22.102.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 23.23.23.23/32 [110/11] via 27.23.0.23, 10:43:45, Ethernet0/0
O 23.25.0.0/24 [110/20] via 27.23.0.23, 00:08:34, Ethernet0/0
24.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 24.24.24.24/32 [110/11] via 27.24.0.24, 10:43:55, Ethernet0/1
O 24.26.0.0/24 [110/20] via 27.24.0.24, 00:08:34, Ethernet0/1
25.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 25.25.25.25/32 [110/21] via 27.23.0.23, 00:08:34, Ethernet0/0
O 25.26.0.0/24 [110/30] via 27.24.0.24, 00:08:34, Ethernet0/1
[110/30] via 27.23.0.23, 00:08:34, Ethernet0/0
O E1 25.201.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
26.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 26.26.26.26/32 [110/21] via 27.24.0.24, 00:08:34, Ethernet0/1
O E1 26.202.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
30.0.0.0/24 is subnetted, 4 subnets
O E1 30.102.0.0 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 30.103.0.0 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 30.202.0.0 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 30.203.0.0 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
31.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O E1 31.31.31.31/32 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 31.32.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 31.33.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 31.101.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
32.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O E1 32.30.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 32.32.32.32/32 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 32.34.0.0/24 [110/21] via 27.24.0.24, 00:00:29, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:29, Ethernet0/0
O E1 32.102.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
33.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E1 33.33.33.33/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 33.34.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 33.201.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
34.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E1 34.30.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 34.34.34.34/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 34.202.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
41.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O E1 41.41.41.41/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 41.42.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 41.43.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 41.103.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
42.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E1 42.42.42.42/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 42.43.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 42.203.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
43.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 43.43.43.43/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 43.203.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
51.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 51.51.51.51/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 51.201.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
52.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E1 52.52.52.52/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 52.201.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 52.202.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
53.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 53.53.53.53/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 53.202.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
61.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 61.61.61.61/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 61.203.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
62.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 62.62.62.62/32 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 62.203.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
101.0.0.0/24 is subnetted, 2 subnets
O E1 101.102.0.0 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 101.103.0.0 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
102.0.0.0/24 is subnetted, 1 subnets
O E1 102.103.0.0 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
O E1 201.202.0.0/24 [110/21] via 27.24.0.24, 00:00:30, Ethernet0/1
[110/21] via 27.23.0.23, 00:00:30, Ethernet0/0
R31
R31#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
32.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
D 32.32.32.32/32 [90/409600] via 31.32.0.32, 00:05:41, Ethernet0/0
D 32.34.0.0/24 [90/307200] via 31.32.0.32, 00:05:41, Ethernet0/0
33.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 33.33.33.33/32 [90/409600] via 31.33.0.33, 00:05:53, Ethernet0/1
D 33.34.0.0/24 [90/307200] via 31.33.0.33, 00:05:41, Ethernet0/1
34.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 34.34.34.34/32 [90/435200] via 31.33.0.33, 00:05:41, Ethernet0/1
[90/435200] via 31.32.0.32, 00:05:41, Ethernet0/0
D EX 34.202.0.0/24 [170/537600] via 31.33.0.33, 00:02:08, Ethernet0/1
六、NAT配置
1.配置
指定NAT的入接口和出接口
使用ACL访问控制列表进行匹配
使用端口复用方式进行NAT转发
虚拟PC配置:
PC11 : 10.11.0.12 255.255.255.0 gateway 10.11.0.11
PC12 : 10.12.0.12 255.255.255.0 gateway 10.12.0.11
路由器配置:
R11
interface Ethernet0/0
ip nat outside
interface Ethernet0/3
ip nat outside
interface Ethernet0/1
ip address 10.11.0.11 255.255.255.0
ip nat inside
interface Ethernet0/2
ip address 10.12.0.11 255.255.255.0
ip nat inside
access-list 1 permit 10.12.0.0 0.0.0.255
access-list 1 permit 10.11.0.0 0.0.0.255
access-list 2 permit 10.12.0.0 0.0.0.255
access-list 2 permit 10.11.0.0 0.0.0.255
ip nat inside source list 1 interface Ethernet0/3 overload
ip nat inside source list 2 interface Ethernet0/0 overload
虚拟PC配置:
PC51 : 10.21.0.21 255.255.255.0 gateway 10.21.0.51
路由器配置:
R51
interface Ethernet0/0
ip nat outside
interface Ethernet0/1
ip address 10.21.0.51 255.255.255.0
ip nat inside
access-list 1 permit 10.21.0.0 0.0.0.255
ip nat inside source list 1 interface Ethernet0/0 overload
虚拟PC配置:
PC52 : 10.22.0.22 255.255.255.0 gateway 10.22.0.52
路由器配置:
R52
interface Serial2/0
ip nat outside
interface Serial2/1
ip nat outside
access-list 1 permit 10.22.0.0 0.0.0.255
access-list 2 permit 10.22.0.0 0.0.0.255
ip nat inside source list 1 interface Serial2/0 overload
ip nat inside source list 2 interface Serial2/1 overload
虚拟PC配置:
PC53 : 10.23.0.23 255.255.255.0 gateway 10.23.0.53
路由器配置:
R53
interface Ethernet0/0
ip nat outside
interface Ethernet0/1
ip address 10.23.0.53 255.255.255.0
ip nat inside
access-list 1 permit 10.23.0.0 0.0.0.255
ip nat inside source list 1 interface Ethernet0/0 overload
虚拟PC配置:
PC31 : 10.31.0.31 255.255.255.0 gateway 10.31.0.61
路由器配置:
R61
interface Serial2/0
ip nat outside
interface Ethernet0/0
ip address 10.31.0.61 255.255.255.0
ip nat inside
access-list 100 deny ip 10.31.0.0 0.0.0.255 10.32.0.0 0.0.0.255
access-list 100 permit ip any any
ip nat inside source list 100 interface Serial2/0 overload
虚拟PC配置:
PC32 : 10.32.0.32 255.255.255.0 gateway 10.32.0.62
路由器配置:
R62
interface Serial2/0
ip nat outside
interface Ethernet0/0
ip address 10.32.0.62 255.255.255.0
ip nat inside
access-list 100 deny ip 10.32.0.0 0.0.0.255 10.31.0.0 0.0.0.255
access-list 100 permit ip any any
ip nat inside source list 100 interface Serial2/0 overload
2.查看
检测到IPS-7通讯情况
PC11> ping 7.7.7.7
84 bytes from 7.7.7.7 icmp_seq=1 ttl=252 time=0.960 ms
84 bytes from 7.7.7.7 icmp_seq=2 ttl=252 time=1.158 ms
84 bytes from 7.7.7.7 icmp_seq=3 ttl=252 time=1.122 ms
84 bytes from 7.7.7.7 icmp_seq=4 ttl=252 time=0.828 ms
84 bytes from 7.7.7.7 icmp_seq=5 ttl=252 time=1.110 ms
PC11> trace 7.7.7.7
trace to 7.7.7.7, 8 hops max, press Ctrl+C to stop
1 10.11.0.11 0.385 ms 0.285 ms 0.101 ms
2 11.22.0.22 0.482 ms 0.358 ms 0.590 ms
3 22.102.0.102 0.697 ms 0.863 ms 0.508 ms
4 *30.102.0.30 0.822 ms (ICMP type:3, code:3, Destination port unreachable) *
七、DMVPN配置
1.配置
R11作为HUB 与SPOKE R51、R52、R53建立DMVPN
注意事项:
必须保证路由器之间是连通的
EIGRP的防环机制,Tunnel水平分割关闭
都属于同一个网络ID
EIGRP添加路由时,禁止把公网添加进路由
R11
interface Tunnel0
ip address 10.0.0.11 255.255.255.0
no ip redirects
no ip split-horizon eigrp 10
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp redirect
tunnel source 11.21.0.11
tunnel mode gre multipoint
router eigrp 10
network 10.0.0.0 0.0.0.255
network 10.11.0.0 0.0.0.255
network 10.12.0.0 0.0.0.255
network 11.11.11.11 0.0.0.0
R51
interface Tunnel0
ip address 10.0.0.51 255.255.255.0
no ip redirects
ip nhrp map 10.0.0.11 11.21.0.11
ip nhrp map multicast 11.21.0.11
ip nhrp network-id 10
ip nhrp nhs 10.0.0.11
ip nhrp shortcut
tunnel source 51.201.0.51
tunnel mode gre multipoint
router eigrp 10
network 10.0.0.0 0.0.0.255
network 10.21.0.0 0.0.0.255
network 51.51.51.51 0.0.0.0
R52
interface Tunnel0
ip address 10.0.0.52 255.255.255.0
no ip redirects
ip nhrp map 10.0.0.11 11.21.0.11
ip nhrp map multicast 11.21.0.11
ip nhrp network-id 10
ip nhrp nhs 10.0.0.11
ip nhrp shortcut
tunnel source 52.202.0.52
tunnel mode gre multipoint
router eigrp 10
network 10.0.0.0 0.0.0.255
network 10.22.0.0 0.0.0.255
network 52.52.52.52 0.0.0.0
R53
interface Tunnel0
ip address 10.0.0.53 255.255.255.0
no ip redirects
ip nhrp map 10.0.0.11 11.21.0.11
ip nhrp map multicast 11.21.0.11
ip nhrp network-id 10
ip nhrp nhs 10.0.0.11
ip nhrp shortcut
tunnel source 53.202.0.53
tunnel mode gre multipoint
router eigrp 10
network 10.0.0.0 0.0.0.255
network 10.23.0.0 0.0.0.255
network 53.53.53.53 0.0.0.0
2.查看
邻居关系
R11#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 10.0.0.51 Tu0 13 00:15:22 5 1434 0 5
1 10.0.0.53 Tu0 11 00:15:30 5 1434 0 5
0 10.0.0.52 Tu0 14 00:15:32 18 1434 0 5
路由表
R11#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
D 10.21.0.0/24 [90/26905600] via 10.0.0.51, 00:15:42, Tunnel0
D 10.22.0.0/24 [90/26905600] via 10.0.0.52, 00:15:22, Tunnel0
D 10.23.0.0/24 [90/26905600] via 10.0.0.53, 00:15:30, Tunnel0
检测路由
PC11> ping 10.21.0.21
84 bytes from 10.21.0.21 icmp_seq=1 ttl=62 time=6.120 ms
84 bytes from 10.21.0.21 icmp_seq=2 ttl=62 time=2.262 ms
84 bytes from 10.21.0.21 icmp_seq=3 ttl=62 time=2.298 ms
84 bytes from 10.21.0.21 icmp_seq=4 ttl=62 time=7.167 ms
84 bytes from 10.21.0.21 icmp_seq=5 ttl=62 time=2.863 ms
PC11> trace 10.21.0.21
trace to 10.21.0.21, 8 hops max, press Ctrl+C to stop
1 10.11.0.11 0.293 ms 0.180 ms 0.224 ms
2 10.0.0.51 2.634 ms 1.896 ms 2.144 ms
3 *10.21.0.21 2.180 ms (ICMP type:3, code:3, Destination port unreachable)
八、IPSec VPN配置
1. 配置
R61和R62之间启用IPSec VPN
使PC31和PC32之间可以相互访问
注意事项:
R61与R62之间是可以相互访问
必须在本地添加一条对端内网的路由到公网
R61
access-list 101 permit ip 10.31.0.0 0.0.0.255 10.32.0.0 0.0.0.255
crypto isakmp policy 60
encr aes
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key 6 PASS address 62.203.0.62
crypto ipsec transform-set TS esp-aes esp-md5-hmac
mode tunnel
crypto map IPSEC-MAP 60 ipsec-isakmp
set peer 62.203.0.62
set transform-set TS
match address 101
interface Serial2/0
crypto map IPSEC-MAP
ip route 10.32.0.0 255.255.255.0 61.203.0.203
R62
access-list 101 permit ip 10.32.0.0 0.0.0.255 10.31.0.0 0.0.0.255
crypto isakmp policy 60
encr aes
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key 6 PASS address 61.203.0.61
crypto ipsec transform-set TS esp-aes esp-md5-hmac
mode tunnel
crypto map IPSEC-MAP 60 ipsec-isakmp
set peer 61.203.0.61
set transform-set TS
match address 101
interface Serial2/0
crypto map IPSEC-MAP
ip route 10.31.0.0 255.255.255.0 62.203.0.203
2.查看
R61#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
62.203.0.62 61.203.0.61 QM_IDLE 1001 ACTIVE
IPv6 Crypto ISAKMP SA
检测
PC31> ping 10.32.0.32
84 bytes from 10.32.0.32 icmp_seq=1 ttl=62 time=20.870 ms
84 bytes from 10.32.0.32 icmp_seq=2 ttl=62 time=18.499 ms
84 bytes from 10.32.0.32 icmp_seq=3 ttl=62 time=18.473 ms
84 bytes from 10.32.0.32 icmp_seq=4 ttl=62 time=19.329 ms
84 bytes from 10.32.0.32 icmp_seq=5 ttl=62 time=19.133 ms
PC31> trace 10.32.0.32
trace to 10.32.0.32, 8 hops max, press Ctrl+C to stop
1 10.31.0.61 0.480 ms 0.293 ms 0.160 ms
2 * * *
3 *10.32.0.32 15.966 ms (ICMP type:3, code:3, Destination port unreachable)
九、PPP端口验证配置
1.配置PAP
发送的是对端的用户名和密码进行验证
IPS-4、IPS-5作为PAP验证的服务器与R52进行验证
IPS-4与R52采用双向认证
IPS-5与R52采用单向认证
IPS-4
username IPS-4-NAME password 0 IPS-4-PASS
interface Serial2/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R52-NAME password 0 R52-PASS
R52
username R52-NAME password 0 R52-PASS
interface Serial2/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username IPS-4-NAME password 0 IPS-4-PASS
interface Serial2/1
encapsulation ppp
ppp pap sent-username IPS-5-NAME password 0 IPS-5-PASS
IPS-5
username IPS-5-NAME password 0 IPS-5-PASS
interface Serial2/0
encapsulation ppp
ppp authentication pap
2.CHAP配置
双向认证的密码必须相同,在端口中可以不验证密码。
单向认证需要指定对端的用户名和密码
IPS-6作为CHAP验证服务器
与R61双向认证
与R62单向认证
IPS-6
username IPS-6-NAME password 0 IPS-6-PASS
interface Serial2/0
encapsulation ppp
ppp authentication chap
interface Serial2/1
encapsulation ppp
ppp authentication chap
ppp chap hostname R61-NAME
ppp chap password 0 IPS-6-PASS
R61
username R61-NAME password 0 IPS-6-PASS
interface Serial2/0
encapsulation ppp
ppp authentication chap
ppp chap hostname IPS-6-NAME
R62
interface Serial2/0
encapsulation ppp
ppp chap hostname IPS-6-NAME
ppp chap password 0 IPS-6-PASS
2.查看状态
查看R52
R52#show ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Se2/1 LCP+ CHAP+ IPCP+ CDP> LocalT 52.202.0.202 R52-NAME
Se2/0 LCP+ CHAP+ IPCP+ CDP> LocalT 52.201.0.201 R52-NAME
R52#show ppp summary
Current Peak
--------- ---------
Non-MLP Sessions 2 2
MLP Sessions 0 0
--------------------- --------- ---------
Total Sessions 2 2
Current Peak
--------- ---------
Non-MLP Links 2 2
MLP Links 0 0
--------------------- --------- ---------
Total Links 2 2
PPP Stage (links&bundles) All Types non-MLP MLP
------------------------- --------- --------- ---------
LCP Negotiation 0 0 0
Unauthenticated Name 0 0 0
Authenticated Name 0 0 0
No Authentication 0 0 0
Post Authentication 0 0 0
Forwarded 0 0 0
Local Termination 2 2 0
------------------------- --------- --------- ---------
Total Curent 2 2 0
ACK ACK REQ Stop- Clos- Stop- Clos- Start-
Name Total Open sent rcvd sent ping ing ped ed ing Initial
-------- ------ ------ ----- ----- ----- ----- ----- ----- ----- ----- -----
LCP 2 2 0 0 0 0 0 0 0 0 0
IPCP 2 2 0 0 0 0 0 0 0 0 0
CDPCP 2 2 0 0 0 0 0 0 0 0 0
查看IPS-6
IPS-6#show ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Se2/1 LCP+ CHAP+ IPCP+ CDP> LocalT 61.203.0.61 IPS-6-NAME
Se2/0 LCP+ CHAP+ IPCP+ CDP> LocalT 62.203.0.62 IPS-6-NAME
IPS-6#show ppp summary
Current Peak
--------- ---------
Non-MLP Sessions 2 2
MLP Sessions 0 0
--------------------- --------- ---------
Total Sessions 2 2
Current Peak
--------- ---------
Non-MLP Links 2 2
MLP Links 0 0
--------------------- --------- ---------
Total Links 2 2
PPP Stage (links&bundles) All Types non-MLP MLP
------------------------- --------- --------- ---------
LCP Negotiation 0 0 0
Unauthenticated Name 0 0 0
Authenticated Name 0 0 0
No Authentication 0 0 0
Post Authentication 0 0 0
Forwarded 0 0 0
Local Termination 2 2 0
------------------------- --------- --------- ---------
Total Curent 2 2 0
ACK ACK REQ Stop- Clos- Stop- Clos- Start-
Name Total Open sent rcvd sent ping ing ped ed ing Initial
-------- ------ ------ ----- ----- ----- ----- ----- ----- ----- ----- -----
LCP 2 2 0 0 0 0 0 0 0 0 0
IPCP 2 2 0 0 0 0 0 0 0 0 0
CDPCP 2 2 0 0 0 0 0 0 0 0 0
十、组播
1.IPS1-7配置
ip multicast-routing
interface Loopback0
ip pim sparse-mode
ip igmp join-group 239.0.0.1
所有连接路由器的接口都要配置
ip pim sparse-mode
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
2.路由器配置
ip multicast-routing
interface Loopback0
ip pim sparse-mode
ip igmp join-group 239.0.0.1
所有连接路由器的接口都要配置
ip pim sparse-mode
3.查看状态
测试
IPS-7#ping 239.0.0.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.0.0.1, timeout is 2 seconds:
Reply to request 0 from 34.34.34.34, 10 ms
Reply to request 0 from 21.21.21.21, 105 ms
Reply to request 0 from 25.25.25.25, 102 ms
Reply to request 0 from 51.51.51.51, 94 ms
Reply to request 0 from 1.1.1.1, 83 ms
Reply to request 0 from 21.21.21.21, 83 ms
Reply to request 0 from 4.4.4.4, 77 ms
Reply to request 0 from 25.25.25.25, 77 ms
Reply to request 0 from 31.31.31.31, 68 ms
Reply to request 0 from 27.27.27.27, 67 ms
Reply to request 0 from 51.51.51.51, 67 ms
Reply to request 0 from 27.27.27.27, 67 ms
Reply to request 0 from 1.1.1.1, 59 ms
Reply to request 0 from 33.33.33.33, 58 ms
Reply to request 0 from 4.4.4.4, 57 ms
Reply to request 0 from 42.42.42.42, 57 ms
Reply to request 0 from 42.42.42.42, 52 ms
Reply to request 0 from 24.24.24.24, 48 ms
Reply to request 0 from 24.24.24.24, 48 ms
Reply to request 0 from 41.41.41.41, 44 ms
Reply to request 0 from 41.41.41.41, 44 ms
Reply to request 0 from 32.32.32.32, 41 ms
Reply to request 0 from 31.31.31.31, 41 ms
Reply to request 0 from 26.26.26.26, 39 ms
Reply to request 0 from 26.26.26.26, 39 ms
Reply to request 0 from 53.53.53.53, 39 ms
Reply to request 0 from 5.5.5.5, 38 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 43.43.43.43, 36 ms
Reply to request 0 from 33.33.33.33, 35 ms
Reply to request 0 from 34.34.34.34, 34 ms
Reply to request 0 from 22.22.22.22, 34 ms
Reply to request 0 from 22.22.22.22, 34 ms
Reply to request 0 from 6.6.6.6, 27 ms
Reply to request 0 from 3.3.3.3, 26 ms
Reply to request 0 from 3.3.3.3, 26 ms
Reply to request 0 from 6.6.6.6, 26 ms
Reply to request 0 from 42.42.42.42, 26 ms
Reply to request 0 from 42.42.42.42, 26 ms
Reply to request 0 from 42.42.42.42, 26 ms
Reply to request 0 from 42.42.42.42, 26 ms
Reply to request 0 from 42.42.42.42, 26 ms
Reply to request 0 from 2.2.2.2, 25 ms
Reply to request 0 from 2.2.2.2, 25 ms
Reply to request 0 from 53.53.53.53, 17 ms
Reply to request 0 from 6.6.6.6, 16 ms
Reply to request 0 from 5.5.5.5, 16 ms
Reply to request 0 from 6.6.6.6, 16 ms
Reply to request 0 from 7.7.7.7, 16 ms
Reply to request 0 from 6.6.6.6, 16 ms
Reply to request 0 from 32.32.32.32, 15 ms
Reply to request 0 from 6.6.6.6, 11 ms
Reply to request 0 from 6.6.6.6, 10 ms
查看组播路由
IPS-7#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.0.0.1), 00:19:44/00:03:29, RP 6.6.6.6, flags: SJCL
Incoming interface: Ethernet0/3, RPF nbr 30.203.0.203
Outgoing interface list:
Loopback0, Forward/Sparse, 00:17:38/00:02:46
Ethernet0/2, Forward/Sparse, 00:17:43/00:02:31
Ethernet1/1, Forward/Sparse, 00:17:44/00:03:29
Ethernet0/1, Forward/Sparse, 00:17:46/00:03:27
Ethernet0/0, Forward/Sparse, 00:17:49/00:02:45
Ethernet1/0, Forward/Sparse, 00:19:44/00:03:28
(*, 224.0.1.40), 00:28:14/00:02:55, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Loopback0, Forward/Sparse, 00:28:13/00:02:55
查看当前RP
IPS-7#show ip pim rp mapping in-use
PIM Group-to-RP Mappings
This system is a candidate RP (v2)
This system is the Bootstrap Router (v2)
Group(s) 224.0.0.0/4
RP 6.6.6.6 (?), v2
Info source: 6.6.6.6 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:28:05, expires: 00:02:22
RP 4.4.4.4 (?), v2
Info source: 4.4.4.4 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:28:24, expires: 00:02:01
RP 2.2.2.2 (?), v2
Info source: 2.2.2.2 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:28:42, expires: 00:01:43
RP 7.7.7.7 (?), v2
Info source: 7.7.7.7 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:30:05, expires: 00:02:21
RP 5.5.5.5 (?), v2
Info source: 5.5.5.5 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:29:18, expires: 00:02:06
RP 3.3.3.3 (?), v2
Info source: 3.3.3.3 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:29:38, expires: 00:01:49
RP 1.1.1.1 (?), v2
Info source: 1.1.1.1 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:29:54, expires: 00:01:31
Dynamic (Auto-RP or BSR) RPs in cache that are in use:
Group(s): 224.0.0.0/4, RP: 6.6.6.6, expires: 00:00:56
查看邻居
IPS-7#show ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
30.102.0.102 Ethernet0/0 00:34:37/00:01:31 v2 1 / DR S P G
30.103.0.103 Ethernet0/1 00:34:38/00:01:30 v2 1 / DR S P G
30.202.0.202 Ethernet0/2 00:34:10/00:01:31 v2 1 / DR S P G
30.203.0.203 Ethernet0/3 00:34:10/00:01:31 v2 1 / DR S P G
32.30.0.32 Ethernet1/0 00:34:10/00:01:33 v2 1 / DR S P G
34.30.0.34 Ethernet1/1 00:34:10/00:01:32 v2 1 / DR S P G
十一、DHCP Sever
R11作为服务器为R51下的设备分配地址
R11
ip dhcp pool 21
network 10.21.0.0 255.255.255.0
default-router 10.21.0.51
dns-server 8.8.8.8 114.114.114.114
R51
interface Ethernet0/1
ip helper-address 11.11.11.11
VP21> ip dhcp
DORA IP 10.21.0.1/24 GW 10.21.0.51
验证
服务器
R11#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.21.0.1 0100.5079.6668.1e Jan 10 2021 06:11 AM Automatic
客户端
VP21> show ip
NAME : VP21[1]
IP/MASK : 10.21.0.1/24
GATEWAY : 10.21.0.51
DNS : 8.8.8.8 114.114.114.114
DHCP SERVER : 11.21.0.11
DHCP LEASE : 86314, 86400/43200/75600
MAC : 00:50:79:66:68:1e
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
十二、DNS Sever
IPS-7DNS服务器
R11DNS中继服务器
R51 R52 R53主DNS R11 备用DNS R7
其他路由器配置DNS解析
IPS-7
ip domain lookup
ip dns server
ip host ips-1 1.1.1.1
ip host ips-2 2.2.2.2
ip host ips-3 3.3.3.3
ip host ips-4 4.4.4.4
ip host ips-5 5.5.5.5
ip host ips-6 6.6.6.6
ip host ips-7 7.7.7.7
中继服务器
中继服务器这三条都需要,本身就是服务器,dns server要启动,
domain lookup 开启域名功能,当本地查找不到时指向下一个服务器
R11
ip domain lookup
ip dns server
ip name-server 7.7.7.7
R51 R52 R53
ip name-server 11.11.11.11
ip name-server 7.7.7.7
其他路由器
ip name-server 7.7.7.7
测试
R11#show ip dns view
DNS View default parameters:
Logging is off
DNS Resolver settings:
Domain lookup is enabled
Default domain name:
Domain search list:
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
7.7.7.7
DNS Server settings:
Forwarding of queries is enabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:
ips-7 与ips-1之间
IPS-7#ping ips-1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
IPS-1#ping ips-7
Translating "ips-7"...domain server (7.7.7.7) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 32.30.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R51测试
R51#ping ips-7
Translating "ips-7"...domain server (11.11.11.11) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.102.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
当R11DNS 服务挂掉以后
R51#ping ips-7
Translating "ips-7"...domain server (11.11.11.11) (7.7.7.7) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.30.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R51#
R51#
R51#ping ips-7
Translating "ips-7"...domain server (7.7.7.7) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.30.0.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
十三、NTP Sever
IPS-7作为NTP服务
IPS-7#clock set 1:17:00 july 30 2022
IPS-7(config)#clock timezone UTC 8 //加8小时
IPS-7(config)#ntp master //服务设置
时间域名服务
IPS-7(config)# interface loopback 1
IPS-7(config-if) ip address 8.8.8.8 255.255.255.255
IPS-7(config)# ip host time.ntp 8.8.8.8
IPS-7(config)# router bgp 30
IPS-7(config-router)# network 8.8.8.8 mask 255.255.255.255
查看状态
IPS-7# show clock
09:17:58.699 UTC Sat Jul 30 2022
IPS-7#show ntp status
Clock is synchronized, stratum 8, reference is 127.127.1.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 60600 (1/100 of seconds), resolution is 4000
reference time is E68F055C.BCAC0A38 (09:18:20.737 UTC Sat Jul 30 2022)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 189.77 msec, peer dispersion is 188.67 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 16, last update was 8 sec ago.
IPS-7# show ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.1.1 .LOCL. 7 3 16 177 0.000 0.000 63.693
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
客户端设置,余下路由器配置一样
配置IPS-2
IPS-2(config)# clock timezone UTC 8 0
IPS-2(config)# ntp source Loopback 0
IPS-2(config)# ntp server time.ntp
Translating "time.ntp"...domain server (7.7.7.7) [OK]
查看状态
IPS-2#show ntp status
Clock is synchronized, stratum 9, reference is 8.8.8.8
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 136000 (1/100 of seconds), resolution is 4000
reference time is E68F07FB.D3F7D120 (09:29:31.828 UTC Sat Jul 30 2022)
clock offset is -557063.0000 msec, root delay is 2.00 msec
root dispersion is 565004.74 msec, peer dispersion is 7938.47 msec
loopfilter state is 'SPIK' (Spike), drift is -0.000000002 s/s
system poll interval is 64, last update was 7 sec ago.
IPS-2#show ntp associations
address ref clock st when poll reach delay offset disp
*~8.8.8.8 127.127.1.1 8 19 64 1 2.000 -557063 7938.4
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
IPS-2#show clock
.09:30:46.683 UTC Sat Jul 30 2022
Authentication 配置
IPS-7
IPS-7(config)# ntp authenticate
IPS-7(config)# ntp authentication-key 7 md5 IPS-7-KEY
IPS-7(config)# ntp trusted-key 7
IPS-3
IPS-3(config)# ntp authenticate
IPS-3(config)# ntp authentication-key 7 md5 IPS-7-KEY
IPS-3(config)# ntp trusted-key 7
IPS-3(config)# ntp server time.ntp key 7
Translating "time.ntp"...domain server (7.7.7.7) [OK]
查看状态
IPS-3# show ntp associations detail
8.8.8.8 configured, ipv4, authenticated, our_master, sane, valid, stratum 8
ref ID 127.127.1.1 , time E6918078.439581C0 (06:28:08.264 UTC Mon Aug 1 2022)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 2.33, reach 1, sync dist 193.23
delay 0.00 msec, offset 0.0000 msec, dispersion 189.51, jitter 0.97 msec
precision 2**10, version 4
assoc id 51480, assoc name time.ntp
assoc in packets 6, assoc out packets 6, assoc error packets 0
org time 00000000.00000000 (08:00:00.000 UTC Mon Jan 1 1900)
rec time E6918083.FBE76F40 (06:28:19.984 UTC Mon Aug 1 2022)
xmt time E6918083.FBE76F40 (06:28:19.984 UTC Mon Aug 1 2022)
filtdelay = 5.00 2.00 1.00 1.00 0.00 3.00 0.00 0.00
filtoffset = 1.50 0.00 -0.50 0.50 0.00 0.50 0.00 0.00
filterror = 1.95 1.98 2.01 2.04 2.07 2.10 16000.0 16000.0
minpoll = 6, maxpoll = 10
调试排错
IPS-7#debug ntp all
NTP events debugging is on
NTP core messages debugging is on
NTP clock adjustments debugging is on
NTP reference clocks debugging is on
NTP packets debugging is on
authentication在IPS-7配置完成以后,目的为了客户端验证服务端,并不影响(IPS-2)其他没有验证的NTP同步。
Key number 与Authentation key 两个参数IPS-7与IPS-3保持一致。