一、实验要求:
1、R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP
2、R3-R5/6/7为MGRE环境,R3为中心站点;
3、整个OSPF环境IP基于172.16.0.0/16划分;
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,加快收敛,保障更新安全;
6、全网可达
二、实验拓补:
三、IP地址划分:
将172.16.0.0/16大致划分为八个区域,剩余的两个区域作为备用区域
area 0——172.16.0.0/19
172.16.0.0/24——P2P的骨干
172.16.0.0/30
172.16.0.4/30
172.16.0.8/30
......
172.16.0.63/30
172.16.1.0/24——MA的骨干
172.16.1.0/29
172.16.1.8/39
172.16.1.16/29
172.16.2.0/24——用户网段
......
172.16.31.0/24
area 1——172.16.32.0/19
172.16.32.0/24——P2P的骨干
172.16.32.0/30
172.16.32.4/30
172.16.32.8/30
172.16.33.0/24——MA的骨干
172.16.33.0/29
172.16.33.8/29
172.16.33.16/29
172.16.34.0/24
......
172.16.63.0/24
area 2——172.16.64.0/19
area 3——172.16.96.0/19
area 4——172.16.128.0/19
RIP——172.16.160.0/19
备用区域:172.16.192.0/19 172.16.224.0/19
四、实验配置:
1.各路由器的IP地址配置:
R1:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.1/29 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.34.1/24 up up(s)
NULL0 unassigned up up(s)
R2:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.2/29 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.35.1/24 up up(s)
NULL0 unassigned up up(s)
R3:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.3/29 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.36.1/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 34.0.0.1/24 up up
Serial4/0/1 unassigned down down
Tunnel0/0/0 172.16.1.4/29 up up
R4:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 47.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 4.4.4.4/24 up up(s)
NULL0 unassigned up up(s)
Serial3/0/0 46.0.0.2/24 up up
Serial3/0/1 unassigned down down
Serial4/0/0 34.0.0.2/24 up up
Serial4/0/1 45.0.0.2/24 up up
R5:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.2.1/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 45.0.0.1/24 up up
Serial4/0/1 unassigned down down
Tunnel0/0/0 172.16.1.1/29 up up
R6:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.64.1/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.3.1/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 46.0.0.1/24 up up
Serial4/0/1 unassigned down down
Tunnel0/0/0 172.16.1.2/29 up up
R7:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 47.0.0.1/24 up up
GigabitEthernet0/0/1 172.16.96.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.3.1/24 up up(s)
NULL0 unassigned up up(s)
Tunnel0/0/0 172.16.1.3/29 up up
R8:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.96.2/30 up up
GigabitEthernet0/0/1 172.16.96.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.98.1/24 up up(s)
NULL0 unassigned up up(s)
R9:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.96.6/30 up up
GigabitEthernet0/0/1 172.16.128.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.130.1/24 up up(s)
NULL0 unassigned up up(s)
R10:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.128.2/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.131.1/24 up up(s)
NULL0 unassigned up up(s)
R11:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.64.2/30 up up
GigabitEthernet0/0/1 172.16.64.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.66.1/24 up up(s)
NULL0 unassigned up up(s)
R12:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.64.6/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.162.1/24 up up(s)
LoopBack1 172.16.163.1/24 up up(s)
NULL0 unassigned up up(s)
2.在R3/R5/R6/R7上配置缺省路由使公网通畅:
[r3]ip route-static 0.0.0.0 0 34.0.0.2
[r5]ip route-static 0.0.0.0 0 45.0.0.2
[r6]ip route-static 0.0.0.0 0 46.0.0.2
[r7]ip route-static 0.0.0.0 0 47.0.0.2
3.ping通测试,确保公网畅通:
4.搭建MGRE环境:
5.查看nhrp邻居表,检查是否无误:
6.将MGRE环境的隧道接口网络类型改为p2mp类型:
7.配置OSPF和RIP
[r1]ospf router-id 1.1.1.1
[r1-ospf-1]a
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]ne
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]ne
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]ne
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.255.255
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]ne
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]ne
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]a
[r6-ospf-1]area 0
[r6-ospf-1-area-0.0.0.0]ne
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]ne
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]ne
[r7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
[r8]ospf router-id 8.8.8.8
[r8-ospf-1]a
[r8-ospf-1]area 3
[r8-ospf-1-area-0.0.0.3]ne
[r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]a
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]ne
[r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9-ospf-1]area 4
[r9-ospf-1-area-0.0.0.4]ne
[r9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.255.255
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]a
[r10-ospf-1]area 4
[r10-ospf-1-area-0.0.0.4]ne
[r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a
[r11-ospf-1]area 2
[r11-ospf-1-area-0.0.0.2]ne
[r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]a
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]ne
[r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[r12]rip
[r12-rip-1]v
[r12-rip-1]verify-source
[r12-rip-1]version 2
[r12-rip-1]ne
[r12-rip-1]network 172.16.0.0
注意:此时rip的宣告因为是按主类宣告,所以也会将172.16.65.10宣告进rip网络
8.将rip和area 4重发布到ospf中:
[r9]ospf 1
[r9-ospf-1]im
[r9-ospf-1]import-route os
[r9-ospf-1]import-route ospf 2
[r12]ospf 1
[r12-ospf-1]im
[r12-ospf-1]import-route rip 1
9.为了使area 4能够到达其他区域,同时为了减少LSA更新量,可以在R10上手工配置一条指向R9的缺省,也可以在R9上下发一条5类缺省:
[r9]ospf 2
[r9-ospf-2]de
[r9-ospf-2]default-route-advertise
10.为减少LSA的更新量area 1、area 2、area 3做特殊区域
汇总可以减少骨干区域收到的路由信息
为了避免线路环回,我们可以配置空接口路由
1)area 1的完全末梢区域
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]stub
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]stub
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]st
[r3-ospf-1-area-0.0.0.1]stub no
[r3-ospf-1-area-0.0.0.1]stub no-summary
2)area 2的完全的非完全末梢区域
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary
[r11]ospf 1
[r11-ospf-1]area 2
[r11-ospf-1-area-0.0.0.2]nssa
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]nssa
3)area 3的完全的非完全末梢区域
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]nssa no-summary
[r8-ospf-1]area 3
[r8-ospf-1-area-0.0.0.3]nssa
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]nssa
11.OSPF路由汇总:
[r3]ospf 1
[r3-ospf-1]a
[r3-ospf-1]ar
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]abr
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[r6]ospf 1
[r6-ospf-1]ar
[r6-ospf-1]ar
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]abr
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[r7]ospf 1
[r7-ospf-1]a
[r7-ospf-1]arp-ping
[r7-ospf-1]asbr-summary
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]abr
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[r12]ospf 1
[r12-ospf-1]asbr
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
查看R5的ospf路由表:
12.域间路由汇总
R3——骨干区域发送路由信息时,将LSA汇总成一条3类LSA
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[R3]ip route-static 172.16.32.0 19 NULL 0 —— 空接口防环
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[R6]ip route-static 172.16.64.0 19 NULL 0
[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[R7]ip route-static 172.16.96.0 19 NULL 0
[R12]ospf 1
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
[R12]ip route-static 172.16.160.0 19 NULL 0
13.加快收敛(可修改hello时间,让死亡时间随hello时间变化而变化)
[r3]int t 0/0/0
[r3-Tunnel0/0/0]ospf timer hello 10
[r5]int t 0/0/0
[r5-Tunnel0/0/0]ospf timer hello 10
[r6]int t 0/0/0
[r6-Tunnel0/0/0]ospf timer hello 10
[r7]int t 0/0/0
[r7-Tunnel0/0/0]ospf timer hello 10
14.配置NET环境,完成所有设备访问R4环回
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-acl-basic-2000]int s 4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]int s 4/0/0
[r6-Serial4/0/0]nat outbound 2000
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7-acl-basic-2000]int g 0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
测试:
15.保证更新安全,全网可达
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r2]ospf 1
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
至此,我们的实验就全部符合要求了!!!