1.实验内容
1)R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间使用公有IP;
2)R3…R5/6/7为MGRE环境,R3为中心站点;
3)整个OSPF环境IP地址为172.16.0.0/16;
4)所有设备均可访问R4的环回;
5)减少LSA的更新值,加快收敛,保障更新安全;
6)全网可达;
2.拓扑
3.IP地址划分
总共6个区域,先划分8个子网
172.16.0.0/19 ----A0
172.16.0.0/25 用于p2p骨干链路划分 172.16.0.0/30 172.16.0.4/31......
172.16.0.128/25 用于MA骨干链路划分 172.16.0.128/29 172.16.0.136/29......
172.16.1.0/25 作为用户网段
172.16.1.128/25...... 172.16.31.128/25
172.16.32.0/19 ----A1
172.16.64.0/19 ----A2
172.16.96.0/19 ----A3
172.16.128.0/19 ----A4
172.16.160.0/19 ----RIP 172.16.160.0/20 172.16.176.0/20
172.16.192.0/19
172.16.224.0/19
4.进行IP配置与环回
缺省
R3 R5 R6 R7
配置缺省路由
[r3]ip route-static 0.0.0.0 34.1.1.2
[r5]ip route-static 0.0.0.0 45.1.1.2
[r6]ip route-static 0.0.0.0 46.1.1.2
[r7]ip route-static 0.0.0.0 47.1.1.2
配置完成后测试无误
以R3为中心点,R3R5R6R7为MGRE环境
[r3]int t
[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 172.16.0.129 29
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source 34.1.1.1
[r3-Tunnel0/0/0]nhrp entry multicast dynamic
[r3-Tunnel0/0/0]nhrp network-id 100
[r5]interface Tunnel 0/0/0
[r5-Tunnel0/0/0]ip add 172.16.0.130 29
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp
[r5-Tunnel0/0/0]source 45.1.1.1
[r5-Tunnel0/0/0]nhrp entry 172.16.0.129 32.1.1.1 register
[r5-Tunnel0/0/0]nhrp network-id 100
R6 R7 同上
配置A1-A4区域地址
5.启动OSPF
.......等(注:R3 R6 R7 R9 需要宣告两个区域 R12开启 rip
6.R3 R5 R6 R7工作方式为broadcast ,且R5R6R7放弃选举
[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf network-type broadcast
[r5]int t0/0/0
[r5-Tunnel0/0/0]ospf network-type broadcast
[r5-Tunnel0/0/0]ospf dr-priority 0
[r6]int t0/0/0
[r6-Tunnel0/0/0]ospf network-type broadcast
[r6-Tunnel0/0/0]ospf dr-priority 0
[r7]int t0/0/0
[r7-Tunnel0/0/0]ospf network-type broadcast
[r7-Tunnel0/0/0]ospf dr-priority 0
7.设置ACL和NAT
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-acl-basic-2000]int g 0/0/1
[r3-GigabitEthernet0/0/1]nat outbound 2000
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]int g0/0/0
[r6-GigabitEthernet0/0/2]nat outbound 2000
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7-acl-basic-2000]int g0/0/0
[r7-GigabitEthernet0/0/2]nat outbound 2000
8.重发布
9.减少LSA的更新值(区域1为完全末梢,区域3区域2为nssa)
结果
10.NULL 0
[r3]ip route-static 172.16.32.0 19 NULL 0
[r6]ip route-static 172.16.64.0 19 NULL 0
[r7]ip route-static 172.16.96.0 19 NULL 0
[r9]ip route-static 172.16.128.0 19 NULL 0
[r12]ip route-static 172.16.160.0 19 NULL 0
扫一扫
735
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
