实验拓扑:
1.除了R7 以外的环回,其他环回都配置私有地址:192.168.1.1/24——192.168.6.1/24
2.配置mgre
[R1]int t0/0/0
[R1-Tunnel0/0/0]ip add 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]source 17.1.1.1
[R1-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.1 register
[R1-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.1 register
R2和R3与R1的配置相似,此处省略
3.要想mgre能通,需给R1 R2 R3 各配置一条缺省
[R1]ip route-static 0.0.0.0 0 17.1.1.2
[R2]ip route-static 0.0.0.0 0 27.1.1.2
[R3]ip route-static 0.0.0.0 0 37.1.1.2
测试:
4.配置ospf
在配置之前,将mgre的网络的t0/0/0接口类型改为broadcast
[R1-Tunnel0/0/0]ospf network-type broadcast
[R2-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]ospf network-type broadcast
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]ar 0
[R1-ospf-1-area-0.0.0.0]net 192.168.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 10.1.1.1 0.0.0.0
[R2]ospf 1 rou 2.2.2.2
[R2-ospf-1]ar 0
[R2-ospf-1-area-0.0.0.0]net 192.168.2.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 10.1.1.2 0.0.0.0
[R3]ospf 1 rou 3.3.3.3
[R3-ospf-1]ar 0
[R3-ospf-1-area-0.0.0.0]net 10.1.1.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]ar 1
[R3-ospf-1-area-0.0.0.1]net 192.168.3.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R4]ospf 1 rou 4.4.4.4
[R4-ospf-1]ar 1
[R4-ospf-1-area-0.0.0.1]net 192.168.4.1 0.0.0.0
[R4-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R5]ospf 1 rou 5.5.5.5
[R5-ospf-1]ar 1
[R5-ospf-1-area-0.0.0.1]net 192.168.5.1 0.0.0.0
[R5-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R5-ospf-1]ospf 2
[R5-ospf-2]ar 2
[R5-ospf-2-area-0.0.0.2]net 192.168.0.9 0.0.0.0
[R6]ospf 1 rou 6.6.6.6
[R6-ospf-1]ar 2
[R6-ospf-1-area-0.0.0.2]net 192.168.6.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]net 192.168.0.0 0.0.255.255
5.在R5上做重发布:
[R5]ospf 1
[R5-ospf-1]im
[R5-ospf-1]import-route ospf 2
[R5-ospf-1]ospf 2
[R5-ospf-2]im
[R5-ospf-2]import-route ospf 1
测试:
6.R4-R6正常访问R7的环回
要想正常访问运营商的环回,首先得让R4-R6 的流量能出去,需要在R3的ospf协议上做缺省,出去的流量也还得回来,需要R3做nat,特别注意的是,在R5上做了重发布后,需要在两个不同的协议里都做缺省才行
[R3]ospf 1
[R3-ospf-1]default-route-advertise
[R5]ospf 2
[R5-ospf-2]default-route-advertise
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R3-acl-basic-2000]q
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000
测试:
7.R1 telent R3 公有IP实际登录到R6
首先在R6 上开启 telent
[R6]aaa
[R6-aaa]local-user huawei privilege level 15 password cipher huawei
Info: Add a new user.
[R6-aaa]local-user huawei service-type telnet
[R6-aaa]q
[R6]user-interface vty 0 4
[R6-ui-vty0-4]authentication-mode aaa
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 23 inside 192.168.6.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
测试:
实验完成!!!